mardi 16 juillet 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Cisco Releases Security Updates for Multiple Products

Original release date: July 10, 2019Cisco has released security updates to address a vulnerability in Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software. A remote attacker could exploit this vulnerability to cause a...
Auteur: US Cert

CERTFR-2019-AVI-323 : Multiples vulnérabilités dans les produits Intel (10 juillet 2019)

De multiples vulnérabilités ont été découvertes dans les produits Intel. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à la confidentialité des données et une élévation de privilèges.

Auteur: Cert FR

Mailvelope up to 3.2.x Public Key Import Obscure privilege escalation

A vulnerability has been found in Mailvelope up to 3.2.x and classified as problematic. This vulnerability affects an unknown functionality of the component Public Key Import. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

Mailvelope up to 3.2.x Private Key privilege escalation

A vulnerability, which was classified as critical, was found in Mailvelope up to 3.2.x. This affects an unknown function of the component Private Key Handler. The manipulation with an unknown input leads to a privilege escalation vulnerability....
Auteur: VulDB

Mailvelope up to 3.2.x Key Import Message weak authentication

A vulnerability, which was classified as critical, has been found in Mailvelope up to 3.2.x. Affected by this issue is some unknown processing of the component Key Import. The manipulation as part of a Message leads to a weak authentication...
Auteur: VulDB

Mailvelope up to 3.0.x Settings Page Clickjacking privilege escalation

A vulnerability classified as critical was found in Mailvelope up to 3.0.x. Affected by this vulnerability is an unknown code block of the component Settings Page. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

XAMPP 1.7.0 iart.php cross site scripting

A vulnerability classified as problematic has been found in XAMPP 1.7.0. Affected is an unknown code of the file iart.php. The manipulation with an unknown input leads to a cross site scripting vulnerability. CWE is classifying the issue as...
Auteur: VulDB

Arlo Basestation up to 1.12.0.1_27940 Serial Interface Default Credentials weak authentication

A vulnerability was found in Arlo Basestation up to 1.12.0.1_27940. It has been declared as critical. This vulnerability affects some unknown functionality of the component Serial Interface. The manipulation with an unknown input leads to a weak...
Auteur: VulDB

Arlo Basestation up to 1.12.0.1_27940 Network Interface privilege escalation

A vulnerability was found in Arlo Basestation up to 1.12.0.1_27940. It has been classified as critical. This affects an unknown functionality of the component Network Interface Handler. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

Yoast SEO Plugin up to 11.6-RC4 on WordPress Term Description privilege escalation

A vulnerability was found in Yoast SEO Plugin up to 11.6-RC4 on WordPress (WordPress Plugin) and classified as critical. Affected by this issue is an unknown function of the component Term Description Handler. The manipulation with an unknown...
Auteur: VulDB

MobaXterm 11.1 URI -hideterm/-exitwhendone command injection

A vulnerability has been found in MobaXterm 11.1 (Windowing System Software) and classified as critical. Affected by this vulnerability is some unknown processing of the component URI Handler. The manipulation of the argument...
Auteur: VulDB

PHPWind 9.1.0 index.php c/m cross site scripting

A vulnerability, which was classified as problematic, was found in PHPWind 9.1.0. Affected is an unknown code block of the file index.php. The manipulation of the argument c/m as part of a Parameter leads to a cross site scripting vulnerability....
Auteur: VulDB

MatrixSSL up to 4.2.0 ASN.1 Out-of-Bounds memory corruption

A vulnerability, which was classified as critical, has been found in MatrixSSL up to 4.2.0. This issue affects an unknown code of the component ASN.1 Handler. The manipulation with an unknown input leads to a memory corruption vulnerability...
Auteur: VulDB

OWASP ModSecurity Core Rule Set 3.0.2 PHP Script Upload Rule privilege escalation

A vulnerability classified as critical was found in OWASP ModSecurity Core Rule Set 3.0.2. This vulnerability affects an unknown part of the component PHP Script Upload Rule Handler. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

PrestaShop up to 1.7.6.0 RC1 id_address_delivery/id_address_invoice privilege escalation

A vulnerability classified as critical has been found in PrestaShop up to 1.7.6.0 RC1 (E-Commerce Management Software). This affects some unknown functionality. The manipulation of the argument id_address_delivery/id_address_invoice as part of a...
Auteur: VulDB

KEYNTO Team Password Manager 1.5.0 Online Vault cross site scripting

A vulnerability was found in KEYNTO Team Password Manager 1.5.0. It has been rated as problematic. Affected by this issue is an unknown functionality of the component Online Vault. The manipulation with an unknown input leads to a cross site...
Auteur: VulDB

WESEEK GROWI up to 3.4.x Password Hash information disclosure

A vulnerability was found in WESEEK GROWI up to 3.4.x. It has been declared as problematic. Affected by this vulnerability is an unknown function of the component Password Hash. The manipulation with an unknown input leads to a information...
Auteur: VulDB

WESEEK GROWI up to 3.4.x access_token weak authentication

A vulnerability was found in WESEEK GROWI up to 3.4.x. It has been classified as critical. Affected is some unknown processing. The manipulation of the argument access_token as part of a Parameter leads to a weak authentication vulnerability....
Auteur: VulDB

TRENDnet TEW-827DRU up to 2.04B03 Ping Stack-based memory corruption

A vulnerability was found in TRENDnet TEW-827DRU up to 2.04B03 and classified as critical. This issue affects an unknown code block of the component Ping Handler. The manipulation with an unknown input leads to a memory corruption vulnerability...
Auteur: VulDB

TRENDnet TEW-827DRU up to 2.04B03 Setup Wizard privilege escalation

A vulnerability has been found in TRENDnet TEW-827DRU up to 2.04B03 and classified as critical. This vulnerability affects an unknown code of the component Setup Wizard. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

field_test Gem 0.3.0 on Ruby privilege escalation [CVE-2019-13146]

A vulnerability, which was classified as critical, was found in field_test Gem 0.3.0 on Ruby (Ruby Gem). This affects an unknown part. The manipulation with an unknown input leads to a privilege escalation vulnerability. CWE is classifying the...
Auteur: VulDB

Razer Surround 1.1.63.0 RzSurroundVADStreamingService.exe) privilege escalation

A vulnerability, which was classified as problematic, has been found in Razer Surround 1.1.63.0. Affected by this issue is some unknown functionality of the file RzSurroundVADStreamingService.exe). The manipulation with an unknown input leads to...
Auteur: VulDB

CyberPower PowerPanel Business Edition 3.4.0 Agent/Center Stored cross site scripting

A vulnerability classified as problematic was found in CyberPower PowerPanel Business Edition 3.4.0. Affected by this vulnerability is an unknown functionality of the component Agent/Center. The manipulation with an unknown input leads to a...
Auteur: VulDB

HPE 3PAR Service Processor 4.1/4.2/4.3/4.4 information disclosure

A vulnerability classified as problematic has been found in HPE 3PAR Service Processor 4.1/4.2/4.3/4.4. Affected is an unknown function. The manipulation with an unknown input leads to a information disclosure vulnerability. CWE is classifying...
Auteur: VulDB

Contao 4.x sql injection [CVE-2019-11512]

A vulnerability was found in Contao 4.x. It has been rated as critical. This issue affects some unknown processing. The manipulation with an unknown input leads to a sql injection vulnerability. Using CWE to declare the problem leads to CWE-89....
Auteur: VulDB
First567891011121314Last

Événements SSI

BLACK HAT

Événement majeur mondial sur la sécurité de l'information la conférence Black Hat USA a lieu du 3 au 8 août 2019 à Las Vegas (Mandalay Bay). Organisé par UBM.


Présentation par l'organisateur

Now in its 22nd year, Black Hat USA is the world's leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2019 opens with four days of technical Trainings (August 3-6) followed by the two-day main conference (August 7-8) featuring Briefings, Arsenal, Business Hall, and more.

 Plus d'infos sur le site dédié à l'événement.

LES ASSISES

Grand rendez-vous annuel des RSSI, les Assises de la sécurité des systèmes d'information se tiennent à Monaco (Grimaldi Forum) du 9 au 12 octobre 2019. Organisées par DG Consultants.

Présentation par l'organisateur



Retour sur Les Assises 2018

La 18ème édition des Assises de la Sécurité à Monaco, c’est terminé ! Encore merci aux 2800 participants dont les 160 partenaires qui pendant trois jours se sont retrouvés pour faire vivre cet événement unique en France. Conférences, one-to-one, tables-rondes, ateliers, moments de networking… Par leur contenu, par la qualité des visiteurs et par la richesse des échanges, les Assises se positionnent plus que jamais comme le rendez-vous incontournable de tous les professionnels de la cybersécurité. A l’image du marché qui ne cesse d’évoluer, les Assises savent adapter leur offre afin de répondre au mieux aux attentes du secteur. Ainsi cette édition a-t-elle voulu mettre en avant les grands enjeux du moment en multipliant les prises de parole, les démonstrations et les retours d’expérience.

Rendez-vous maintenant pour la prochaine édition qui aura lieu du 9 au 12 octobre 2019

Plus d'informations sur le site dédié à l'événement.

RSS