vendredi 14 décembre 2018    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Katello up to 3.9 API SQL Query sql injection

A vulnerability, which was classified as critical, was found in Katello up to 3.9. Affected is an unknown function of the component API. The manipulation as part of a SQL Query leads to a sql injection vulnerability. CWE is classifying the issue...
Auteur: VulDB

Intel QuickAssist Technology for Linux Hardware Access denial of service

A vulnerability was found in Intel QuickAssist Technology for Linux (unknown version) and classified as problematic. This issue affects an unknown function of the component Hardware Access Handler. The manipulation with an unknown input leads to...
Auteur: VulDB

McAfee Agent up to 5.0.6/5.5.1 Code Execution [CVE-2018-6707]

A vulnerability was found in McAfee Agent up to 5.0.6/5.5.1. It has been declared as critical. This vulnerability affects an unknown function. The manipulation with an unknown input leads to a privilege escalation vulnerability (Code Execution)....
Auteur: VulDB

Intel System Defense Utility Permission privilege escalation

A vulnerability was found in Intel System Defense Utility (affected version not known) and classified as critical. Affected by this issue is an unknown function of the component Permission. The manipulation with an unknown input leads to a...
Auteur: VulDB

Intel Parallel Studio XE prior 2019 Gold Permission privilege escalation

A vulnerability has been found in Intel Parallel Studio XE and classified as critical. Affected by this vulnerability is an unknown function of the component Permission. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

Intel Solid State Drive Toolbox up to 3.5.6 Directory Permission privilege escalation

A vulnerability, which was classified as critical, has been found in Intel Solid State Drive Toolbox up to 3.5.6. This issue affects an unknown function of the component Directory Permission. The manipulation with an unknown input leads to a...
Auteur: VulDB

Intel QuickAssist Technology for Linux denial of service [CVE-2018-18096]

A vulnerability classified as problematic was found in Intel QuickAssist Technology for Linux (the affected version is unknown). This vulnerability affects an unknown function. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

Intel VTune Amplifier up to 2018 Update 3 File Permission privilege escalation

A vulnerability classified as critical has been found in Intel VTune Amplifier up to 2018 Update 3. This affects an unknown function of the component File Permission. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

Bomb Threats Emailed Around the World

Original release date: December 13, 2018 The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Agency (CISA), is aware of a worldwide email campaign targeting businesses and...
Auteur: US Cert

WordPress Releases Security Update

Original release date: December 13, 2018 WordPress 5.0 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected system.The National Cybersecurity...
Auteur: US Cert

VU#756913: Pixars Tractor contains a stored cross-site scripting vulnerability

CWE-79:Improper Neutralization of Input During Web Page Generation - CVE-2018-5411 Pixar's Tractor software,versions 2.2 and earlier,contain a stored cross-site scripting vulnerability in the field that allows a user to add a note to an existing...
Auteur: US Cert

CERTFR-2018-AVI-601 : Multiples vulnérabilités dans Moxa NPort (13 décembre 2018)

De multiples vulnérabilités ont été découvertes dans Moxa NPort. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Auteur: Cert FR

CERTFR-2018-AVI-600 : Multiples vulnérabilités dans WordPress (13 décembre 2018)

De multiples vulnérabilités ont été découvertes dans WordPress . Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à l'intégrité des données et une atteinte à la...
Auteur: Cert FR

CERTFR-2018-AVI-599 : Vulnérabilité dans Google Chrome (13 décembre 2018)

Une vulnérabilité a été découverte dans Google Chrome. Elle permet à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Auteur: Cert FR

DeDeCMS 5.7 SP2 select_images_post.php Double Extension privilege escalation

A vulnerability, which was classified as critical, has been found in DeDeCMS 5.7 SP2. Affected by this issue is an unknown function of the file uploads/include/dialog/select_images_post.php. The manipulation as part of a Double Extension leads...
Auteur: VulDB

UsualToolCMS 8.0 cmsadmin\a_sqlback.php backname[] directory traversal

A vulnerability classified as critical was found in UsualToolCMS 8.0. Affected by this vulnerability is the function backname[] of the file cmsadmin\a_sqlback.php. The manipulation with an unknown input leads to a directory traversal...
Auteur: VulDB

zzzphp CMS 1.5.8 /admin/save.php del_file denial of service

A vulnerability classified as problematic has been found in zzzphp CMS 1.5.8. Affected is the function del_file of the file /admin/save.php. The manipulation with an unknown input leads to a denial of service vulnerability. CWE is classifying...
Auteur: VulDB

IBM DataPower Gateway up to 7.5.0.18/7.5.1.17/7.5.2.17/7.6.0.10/7.7.1.3 Web UI cross site scripting

A vulnerability, which was classified as problematic, was found in IBM DataPower Gateway up to 7.5.0.18/7.5.1.17/7.5.2.17/7.6.0.10/7.7.1.3. This affects an unknown function of the component Web UI. The manipulation with an unknown input leads to...
Auteur: VulDB

IBM DataPower Gateway up to 7.6.0.10/7.5.2.17/7.5.1.17/7.5.0.18/7.7.1.3 weak encryption

A vulnerability, which was classified as critical, has been found in IBM DataPower Gateway up to 7.6.0.10/7.5.2.17/7.5.1.17/7.5.0.18/7.7.1.3. Affected by this issue is an unknown function. The manipulation with an unknown input leads to a weak...
Auteur: VulDB

Siemens SIMATIC S7-410 Service Port 102 Crafted Packet denial of service

A vulnerability classified as critical was found in Siemens SIMATIC S7-400, SIMATIC S7-400 PN-DP V7, SIMATIC S7-400H, SIMATIC S7-400H V6 and SIMATIC S7-410. Affected by this vulnerability is an unknown function of the component Service Port 102....
Auteur: VulDB

Siemens SIMATIC S7-410 Service Port 102 Crafted Packet denial of service

A vulnerability classified as critical has been found in Siemens SIMATIC S7-400, SIMATIC S7-400 PN-DP V7, SIMATIC S7-400H, SIMATIC S7-400H V6 and SIMATIC S7-410. Affected is an unknown function of the component Service Port 102. The manipulation...
Auteur: VulDB

Siemens SCALANCE S602 Integrated Web Server cross site scripting

A vulnerability was found in Siemens SCALANCE S602, SCALANCE S612, SCALANCE S623 and SCALANCE S627-2M (unknown version). It has been rated as problematic. This issue affects an unknown function of the component Integrated Web Server. The...
Auteur: VulDB

IBM Security Access Manager Appliance 9.0.1.0/9.0.2.0/9.0.3.0/9.0.4.0/9.0.5.0 Web UI cross site scripting

A vulnerability was found in IBM Security Access Manager Appliance 9.0.1.0/9.0.2.0/9.0.3.0/9.0.4.0/9.0.5.0. It has been declared as problematic. This vulnerability affects an unknown function of the component Web UI. The manipulation with an...
Auteur: VulDB

Dell EMC iDRAC7/iDRAC8/iDRAC9 Redfish Interface privilege escalation

A vulnerability was found in Dell EMC iDRAC7, iDRAC8 and iDRAC9 (affected version not known) and classified as critical. Affected by this issue is an unknown function of the component Redfish Interface. The manipulation with an unknown input...
Auteur: VulDB

Siemens SIMATIC S7-1200 up to 2.5 Connection Packet denial of service

A vulnerability, which was classified as problematic, has been found in Siemens SIMATIC S7-1200 up to 2.5. This issue affects an unknown function of the component Connection Handler. The manipulation as part of a Packet leads to a denial of...
Auteur: VulDB
12345678910Last

Événements SSI

FIC

Le 11ème Forum International de la Cybersécurité occupe les 22 et 23 janvier 2019 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RENCONTRES AMRAE

Les 27èmes Rencontres de l'AMRAE (Association française des professionnels de la gestion des risques et des assurances) , le congrès annuel de référence des métiers du risque et des assurances, ont lieu du 6 au 8 février 2019 à Deauville (Centre International) sur le thème : "Le risque au coeur de la transformation". Organisées par l'AMRAE.

ACCESSECURITY

AccesSecurity, salon euro-méditerranéen de la sécurité globale, se tient à Marseille (Chanot) les 6 et 7 mars 2019. Organisé par Safim.

IT & IT SECURITY MEETINGS

IT & IT Security Meetings, «salon des réseaux, du cloud, de la mobilité et de la sécurité informatique», se tient à Cannes, Palais des Festivals et des Congrès du 19 au 21 mars 2019. Organisé par Weyou Group.

RSS