jeudi 18 juillet 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

PHP Scripts Mall Website Seller Script up to 2.0.3 user_submit.php cross site scripting

A vulnerability classified as problematic was found in PHP Scripts Mall Website Seller Script up to 2.0.3 (Programming Language Software). This vulnerability affects some unknown functionality of the file user_submit.php?upd=2. The manipulation ...
Auteur: VulDB

La CNIL lance une consultation publique auprès des chercheurs sur les traitements de données à des fins de recherche scientifique

Pour permettre une meilleure compréhension des traitements de données personnelles dans la recherche scientifique, clarifier le cadre juridique applicable et concevoir des fiches pratiques adaptées, la CNIL lance une consultation publique à...
Auteur: Cnil

Python up to 3.7.2 Domain Validator Lib/http/cookiejar.py http.cookiejar.DefaultPolicy.domain_return_ok Hostname privilege escalation

A vulnerability was found in Python up to 3.7.2 (Programming Language Software) and classified as critical. Affected by this issue is the function http.cookiejar.DefaultPolicy.domain_return_ok in the library Lib/http/cookiejar.py of the component...
Auteur: VulDB

Digium Asterisk Open Source up to 13.27.0/14.x/15.7.2/16.4.0 SDP chan_sip denial of service

A vulnerability has been found in Digium Asterisk Open Source up to 13.27.0/14.x/15.7.2/16.4.0 (Communications System) and classified as problematic. Affected by this vulnerability is the function chan_sip of the component SDP Handler. The...
Auteur: VulDB

Digium Asterisk up to 13.21-cert3/13.27.0/15.7.2/16.4.0 res_pjsip_messaging SIP Message memory corruption

A vulnerability, which was classified as critical, was found in Digium Asterisk up to 13.21-cert3/13.27.0/15.7.2/16.4.0 (Communications System). Affected is the function res_pjsip_messaging. The manipulation as part of a SIP Message leads to a...
Auteur: VulDB

Cohesity DataPlatform up to 5.x/6.1.1b vCenter TLS Certificate Man-in-the-Middle weak authentication

A vulnerability, which was classified as critical, has been found in Cohesity DataPlatform up to 5.x/6.1.1b. This issue affects some unknown processing of the component vCenter. The manipulation as part of a TLS Certificate leads to a weak...
Auteur: VulDB

GLPI 9.3.1 Reminder Description Phishing privilege escalation

A vulnerability was found in GLPI 9.3.1 (Asset Management Software). It has been rated as critical. Affected by this issue is an unknown part of the component Reminder Description Handler. The manipulation with an unknown input leads to a...
Auteur: VulDB

NCSC Releases Advisory on Ongoing DNS Hijacking Campaign

Original release date: July 12, 2019The United Kingdom’s National Cyber Security Centre (NCSC) has released an advisory about an ongoing Domain Name System (DNS) hijacking campaign. The advisory details risks and mitigations for organizations to...
Auteur: US Cert

BlackBerry QNX Software Development Platform up to 6.5.0 SP1 procfs Service /proc information disclosure

A vulnerability was found in BlackBerry QNX Software Development Platform up to 6.5.0 SP1 (Operating System). It has been classified as problematic. Affected is an unknown functionality of the file /proc of the component procfs Service. The...
Auteur: VulDB

Realization Concerto Critical Chain Planner 5.10.8071 taskdetails.aspx projectname sql injection

A vulnerability was found in Realization Concerto Critical Chain Planner 5.10.8071 and classified as critical. This issue affects an unknown function of the file taskupdt/taskdetails.aspx. The manipulation of the argument projectname as part of...
Auteur: VulDB

Snapview Mikogo up to 5.10.1 on Windows privilege escalation

A vulnerability has been found in Snapview Mikogo up to 5.10.1 on Windows and classified as critical. This vulnerability affects some unknown processing. The manipulation with an unknown input leads to a privilege escalation vulnerability. The...
Auteur: VulDB

NetFilter 1.8.2 iptables-restore xshared.c add_param_to_argv memory corruption

A vulnerability, which was classified as critical, was found in NetFilter 1.8.2. This affects the function add_param_to_argv of the file xshared.c of the component iptables-restore. The manipulation with an unknown input leads to a memory...
Auteur: VulDB

CERTFR-2019-AVI-330 : Multiples vulnérabilités dans le noyau Linux de SUSE (12 juillet 2019)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2019-AVI-329 : Multiples vulnérabilités dans Asterisk (12 juillet 2019)

De multiples vulnérabilités ont été découvertes dans Asterisk. Elles permettent à un attaquant de provoquer un déni de service à distance.

Auteur: Cert FR

CERTFR-2019-AVI-328 : Multiples vulnérabilités dans Mozilla Thunderbird (12 juillet 2019)

De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la...
Auteur: Cert FR

BroadLearning eClass up to ip.2.5.10.2.0 URL download_attachment.php weak authentication

A vulnerability, which was classified as problematic, has been found in BroadLearning eClass up to ip.2.5.10.2.0. Affected by this issue is an unknown code of the file download_attachment.php of the component URL Handler. The manipulation with...
Auteur: VulDB

Alarm.com ADC-V522IR 0100b9 Access Control privilege escalation

A vulnerability classified as critical was found in Alarm.com ADC-V522IR 0100b9. Affected by this vulnerability is an unknown part of the component Access Control. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

Avaya Control Manager up to 7.x/8.0.3.x sql injection [CVE-2019-7003]

A vulnerability classified as critical has been found in Avaya Control Manager up to 7.x/8.0.3.x. Affected is some unknown functionality. The manipulation with an unknown input leads to a sql injection vulnerability. CWE is classifying the issue...
Auteur: VulDB

VMware ESXi 6.5 hostd denial of service

A vulnerability was found in VMware ESXi 6.5 (Virtualization Software). It has been rated as problematic. This issue affects an unknown functionality of the component hostd. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

IBM Content Navigator 3.0CD Configuration File information disclosure

A vulnerability was found in IBM Content Navigator 3.0CD. It has been declared as problematic. This vulnerability affects an unknown function of the component Configuration File Handler. The manipulation with an unknown input leads to a...
Auteur: VulDB

IBM Jazz for Service Management 1.1.3/1.1.3.2 URL information disclosure

A vulnerability was found in IBM Jazz for Service Management 1.1.3/1.1.3.2. It has been classified as problematic. This affects some unknown processing of the component URL Handler. The manipulation with an unknown input leads to a information...
Auteur: VulDB

IBM Application Performance Management 8.1.4 DNS Lookup Server-Side Request Forgery

A vulnerability was found in IBM Application Performance Management 8.1.4 and classified as critical. Affected by this issue is an unknown code block of the component DNS Lookup Handler. The manipulation with an unknown input leads to a...
Auteur: VulDB

IBM Multicloud Manager 3.1.0/3.1.1/3.1.2 ibm-mcm-chart information disclosure

A vulnerability has been found in IBM Multicloud Manager 3.1.0/3.1.1/3.1.2 (Cloud Software) and classified as problematic. Affected by this vulnerability is an unknown code of the component ibm-mcm-chart. The manipulation with an unknown input...
Auteur: VulDB

Openshift Container Platform Reflected cross site scripting [CVE-2019-3889]

A vulnerability, which was classified as problematic, was found in Openshift Container Platform (Virtualization Software) (version unknown). Affected is an unknown part. The manipulation with an unknown input leads to a cross site scripting...
Auteur: VulDB

ZTE MW NR8000V2.4.4.03/NR8000V2.4.4.04 directory traversal [CVE-2019-3415]

A vulnerability classified as problematic was found in ZTE MW NR8000V2.4.4.03/NR8000V2.4.4.04. This vulnerability affects an unknown functionality. The manipulation with an unknown input leads to a directory traversal vulnerability. The CWE...
Auteur: VulDB
First567891011121314Last

Événements SSI

BLACK HAT

Événement majeur mondial sur la sécurité de l'information la conférence Black Hat USA a lieu du 3 au 8 août 2019 à Las Vegas (Mandalay Bay). Organisé par UBM.


Présentation par l'organisateur

Now in its 22nd year, Black Hat USA is the world's leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2019 opens with four days of technical Trainings (August 3-6) followed by the two-day main conference (August 7-8) featuring Briefings, Arsenal, Business Hall, and more.

 Plus d'infos sur le site dédié à l'événement.

LES ASSISES

Grand rendez-vous annuel des RSSI, les Assises de la sécurité des systèmes d'information se tiennent à Monaco (Grimaldi Forum) du 9 au 12 octobre 2019. Organisées par DG Consultants.

Présentation par l'organisateur



Retour sur Les Assises 2018

La 18ème édition des Assises de la Sécurité à Monaco, c’est terminé ! Encore merci aux 2800 participants dont les 160 partenaires qui pendant trois jours se sont retrouvés pour faire vivre cet événement unique en France. Conférences, one-to-one, tables-rondes, ateliers, moments de networking… Par leur contenu, par la qualité des visiteurs et par la richesse des échanges, les Assises se positionnent plus que jamais comme le rendez-vous incontournable de tous les professionnels de la cybersécurité. A l’image du marché qui ne cesse d’évoluer, les Assises savent adapter leur offre afin de répondre au mieux aux attentes du secteur. Ainsi cette édition a-t-elle voulu mettre en avant les grands enjeux du moment en multipliant les prises de parole, les démonstrations et les retours d’expérience.

Rendez-vous maintenant pour la prochaine édition qui aura lieu du 9 au 12 octobre 2019

Plus d'informations sur le site dédié à l'événement.

RSS