dimanche 19 mai 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

CERTFR-2019-AVI-213 : Multiples vulnérabilités dans le noyau Linux de RedHat (15 mai 2019)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de RedHat. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à l'intégrité des données.

Auteur: Cert FR

CERTFR-2019-AVI-214 : Vulnérabilité dans Tenable Nessus Agent (15 mai 2019)

Une vulnérabilité a été découverte dans Tenable Nessus Agent. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2019-AVI-212 : Multiples vulnérabilités dans le noyau Linux d’Ubuntu (15 mai 2019)

De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2019-AVI-211 : Multiples vulnérabilités dans le noyau Linux de SUSE (15 mai 2019)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un déni de service et une atteinte à la confidentialité des données.

Auteur: Cert FR

Siemens SIMATIC PCS 7/SIMATIC WinCC privilege escalation [CVE-2019-10922]

A vulnerability has been found in Siemens SIMATIC PCS 7 and SIMATIC WinCC (affected version unknown) and classified as critical. Affected by this vulnerability is a functionality. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

Siemens LOGO!8 BM Service Port 10005 privilege escalation [CVE-2019-10919]

A vulnerability classified as critical was found in Siemens LOGO!8 BM (the affected version is unknown). This vulnerability affects the functionality of the component Service Port 10005. The manipulation with an unknown input leads to a...
Auteur: VulDB

Siemens SIMATIC PCS 7/SIMATIC WinCC DCOM Interface privilege escalation

A vulnerability classified as critical has been found in Siemens SIMATIC PCS 7 and SIMATIC WinCC (the affected version unknown). This affects an unknown function of the component DCOM Interface. The manipulation with an unknown input leads to a...
Auteur: VulDB

Siemens SIMATIC PCS 7/SIMATIC WinCC Project File denial of service

A vulnerability was found in Siemens SIMATIC PCS 7 and SIMATIC WinCC (affected version not known). It has been rated as problematic. Affected by this issue is some processing. The manipulation as part of a Project File leads to a denial of...
Auteur: VulDB

Siemens SIMATIC PCS 7/SIMATIC WinCC Project File privilege escalation

A vulnerability was found in Siemens SIMATIC PCS 7 and SIMATIC WinCC (affected version unknown). It has been declared as critical. Affected by this vulnerability is a code block of the component Project File Handler. The manipulation with an...
Auteur: VulDB

SAP Identity Management REST Interface Request privilege escalation

A vulnerability was found in SAP Identity Management (version unknown). It has been classified as critical. Affected is code of the component REST Interface. The manipulation as part of a Request leads to a privilege escalation vulnerability....
Auteur: VulDB

SAP E-Commerce 7.30/7.31/7.32/7.33/7.54 cross site scripting

A vulnerability was found in SAP E-Commerce 7.30/7.31/7.32/7.33/7.54 (E-Commerce Management Software) and classified as problematic. This issue affects a part. The manipulation with an unknown input leads to a cross site scripting vulnerability....
Auteur: VulDB

SAP Solution Manager Authorization privilege escalation [CVE-2019-0293]

A vulnerability has been found in SAP Solution Manager (the affected version is unknown) and classified as critical. This vulnerability affects a functionality of the component Authorization. The manipulation with an unknown input leads to a...
Auteur: VulDB

SAP Solution Manager 7.2 privilege escalation [CVE-2019-0291]

A vulnerability, which was classified as critical, was found in SAP Solution Manager 7.2. This affects a function. The manipulation with an unknown input leads to a privilege escalation vulnerability. CWE is classifying the issue as CWE-269....
Auteur: VulDB

SAP Business Intelligence Platform 4.2/4.3 privilege escalation

A vulnerability, which was classified as critical, has been found in SAP Business Intelligence Platform 4.2/4.3 (Business Process Management Software). Affected by this issue is some functionality. The manipulation with an unknown input leads to...
Auteur: VulDB

SAP Business Intelligence Platform 4.2/4.3 privilege escalation

A vulnerability classified as critical was found in SAP Business Intelligence Platform 4.2/4.3 (Business Process Management Software). Affected by this vulnerability is the functionality. The manipulation with an unknown input leads to a...
Auteur: VulDB

SAP Treasury and Risk Management Authorization privilege escalation

A vulnerability classified as critical has been found in SAP Treasury and Risk Management (Risk Management System) (version unknown). Affected is an unknown function of the component Authorization. The manipulation with an unknown input leads...
Auteur: VulDB

Enghouse Cloud Contact Center Platform 7.2.5 XML Data ClientServiceConfigController.cs XML External Entity

A vulnerability was found in Enghouse Cloud Contact Center Platform 7.2.5 (Cloud Software). It has been rated as critical. This issue affects some processing of the file ClientServiceConfigController.cs of the component XML Data Handler. The...
Auteur: VulDB

Microstrategy Web Services up to 10.4 HF6/10.10 SOAP Request directory traversal

A vulnerability was found in Microstrategy Web Services up to 10.4 HF6/10.10. It has been declared as critical. This vulnerability affects a code block. The manipulation as part of a SOAP Request leads to a directory traversal vulnerability. The...
Auteur: VulDB

Tubigan Welcome to our Resort 1.0 index.php q sql injection

A vulnerability was found in Tubigan Welcome to our Resort 1.0. It has been classified as critical. This affects code of the file index.php?p=accomodation. The manipulation of the argument q with an unknown input leads to a sql injection...
Auteur: VulDB

Kyocera TASKalfa 4002i/TASKalfa 6002i DoBox_CstmBox_Info.model.htm HTTP Request information disclosure

A vulnerability was found in Kyocera TASKalfa 4002i and TASKalfa 6002i (affected version not known) and classified as problematic. Affected by this issue is a part of the file DoBox_CstmBox_Info.model.htm. The manipulation as part of a HTTP...
Auteur: VulDB

LG N1A1 NAS 3718.510 Parameter memory corruption

A vulnerability has been found in LG N1A1 NAS 3718.510 and classified as critical. Affected by this vulnerability is a functionality. The manipulation as part of a Parameter leads to a memory corruption vulnerability. The CWE definition for the...
Auteur: VulDB

Emerson VE6046 09.0.12 Administrative Interface Default Credentials weak authentication

A vulnerability, which was classified as critical, was found in Emerson VE6046 09.0.12. Affected is a function of the component Administrative Interface. The manipulation with an unknown input leads to a weak authentication vulnerability...
Auteur: VulDB

Ellucian Banner Web Tailor weak authentication [CVE-2019-8978]

A vulnerability, which was classified as critical, has been found in Ellucian Banner Web Tailor and Banner Enterprise Identity Services (affected version not known). Affected by this issue is some functionality. The manipulation with an unknown...
Auteur: VulDB

XAMPP up to 5.6.8 cds-fpdf.php jahr sql injection

A vulnerability classified as critical was found in XAMPP up to 5.6.8. Affected by this vulnerability is the functionality of the file cds-fpdf.php. The manipulation of the argument jahr as part of a Parameter leads to a sql injection...
Auteur: VulDB

Webiness Inventory 2.3 ProductModel privilege escalation

A vulnerability classified as critical has been found in Webiness Inventory 2.3. Affected is an unknown function of the component ProductModel. The manipulation with an unknown input leads to a privilege escalation vulnerability. CWE is...
Auteur: VulDB
First567891011121314Last

Événements SSI

READY FOR IT

La première édition de Ready For IT se déroule du 20 au 22 mai 2019 à Monaco (Grimaldi Forum) : conférences, keynotes, ateliers et rendez-vous one-to-one. Organisé par DG Consultants.

Présentation de l'événement par l'organisateur

DG Consultants, l’organisateur depuis 18 ans des Assises de la Sécurité, innove en lançant Ready For It, un nouveau rendez-vous business, centré sur la convergence des technologies et l’expérience client.
Pourquoi ce nouvel événement ?
Parce que la demande explose de la part des entreprises qui sont toutes engagées dans la transformation numérique.
Tandis que les fournisseurs font évoluer leurs offres et s’organisent en écosystèmes technologiques afin d’ être au plus proches des besoins de leurs clients.
Entre les impératifs business, les demandes des métiers, les contraintes techniques, les promesses des nouveaux concepts (IA, BlockChain…), les organisations sont en attente de solutions, de conseils et de service.
S’engager dans le Cloud ?
Oui mais comment et avec quel partenaire ?
Structurer les données mais avec quelles technologies et dans quel cadre ? Et quid de la sécurité qui doit désormais être au cœur de tous les processus IT ?
Voilà pourquoi DG Consultants, la référence dans le monde des rencontres d’affaires a conçu Ready For It.
Pour réunir dans un cadre convivial et autour de contenu de qualité tous les acteurs importants de l’IT, mais également les start-ups qui savent apporter l’innovation et la « disruption ».
Rendez-vous du 20 au 22 mai 2019 à Monaco !

Plus d'infos sur le site dédié à l'événement.

 

HACK IN PARIS

Pour sa 9ème édition la conférence Hack In Paris sur la sécurité IT se tient du 16 au 20 juin 2019 à Paris, Maison de la Chimie. Organisée par Sysdream.

RSS