mardi 21 mai 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Cisco NX-OS NX-API Sandbox Interface cross site scripting [CVE-2019-1733]

A vulnerability was found in Cisco NX-OS (Router Operating System) (unknown version) and classified as problematic. This issue affects a part of the component NX-API Sandbox Interface. The manipulation with an unknown input leads to a cross...
Auteur: VulDB

Cisco NX-OS Remote Package Manager TOCTOU privilege escalation

A vulnerability has been found in Cisco NX-OS (Router Operating System) (the affected version is unknown) and classified as critical. This vulnerability affects a functionality of the component Remote Package Manager. The manipulation with an...
Auteur: VulDB

Cisco NX-OS SSH CLI Key Management information disclosure [CVE-2019-1731]

A vulnerability, which was classified as problematic, was found in Cisco NX-OS (Router Operating System) (the affected version unknown). This affects a function of the component SSH CLI Key Management. The manipulation with an unknown input...
Auteur: VulDB

Cisco NX-OS Bash Shell privilege escalation [CVE-2019-1730]

A vulnerability, which was classified as critical, has been found in Cisco NX-OS (Router Operating System) (affected version not known). Affected by this issue is some functionality of the component Bash Shell. The manipulation with an unknown...
Auteur: VulDB

Cisco NX-OS CLI privilege escalation [CVE-2019-1729]

A vulnerability classified as critical was found in Cisco NX-OS (Router Operating System) (affected version unknown). Affected by this vulnerability is the functionality of the component CLI. The manipulation with an unknown input leads to a...
Auteur: VulDB

Cisco NX-OS/FXOS Secure Configuration Validation privilege escalation

A vulnerability classified as critical has been found in Cisco NX-OS and FXOS (Router Operating System) (version unknown). Affected is an unknown function of the component Secure Configuration Validation. The manipulation with an unknown input...
Auteur: VulDB

Cisco NX-OS Python Subsystem Parameter privilege escalation

A vulnerability was found in Cisco NX-OS (Router Operating System) (unknown version). It has been rated as critical. This issue affects some processing of the component Python Subsystem. The manipulation as part of a Parameter leads to a...
Auteur: VulDB

Cisco NX-OS CLI privilege escalation [CVE-2019-1726]

A vulnerability was found in Cisco NX-OS (Router Operating System) (the affected version is unknown). It has been declared as critical. This vulnerability affects a code block of the component CLI. The manipulation with an unknown input leads...
Auteur: VulDB

Cisco Video Surveillance Manager Web-based Management Interface Parameter information disclosure

A vulnerability was found in Cisco Video Surveillance Manager (Video Surveillance Software) (the affected version unknown). It has been classified as problematic. This affects code of the component Web-based Management Interface. The...
Auteur: VulDB

Linux Kernel up to 5.1.2 fs/ext4/extents.c information disclosure

A vulnerability was found in Linux Kernel up to 5.1.2 (Operating System) and classified as problematic. Affected by this issue is a part of the file fs/ext4/extents.c. The manipulation with an unknown input leads to a information disclosure...
Auteur: VulDB

Harman AMX MVP5150 2.87.13 OS Command Injection privilege escalation

A vulnerability has been found in Harman AMX MVP5150 2.87.13 and classified as critical. Affected by this vulnerability is a functionality. The manipulation with an unknown input leads to a privilege escalation vulnerability (OS Command...
Auteur: VulDB

GitLab Community Edition/Enterprise Edition up to 11.7.9/11.8.5/11.9.3 .gitlab-ci.yml refs denial of service

A vulnerability, which was classified as problematic, was found in GitLab Community Edition and Enterprise Edition up to 11.7.9/11.8.5/11.9.3. Affected is a function of the file .gitlab-ci.yml. The manipulation of the argument refs with an...
Auteur: VulDB

nanosvg src/nanosvg.h nsvg__parseColorRGB SVG File memory corruption

A vulnerability, which was classified as critical, has been found in nanosvg (unknown version). This issue affects the function nsvg__parseColorRGB of the file src/nanosvg.h. The manipulation as part of a SVG File leads to a memory corruption...
Auteur: VulDB

Capstone 3.0.4 arch/X86/X86Mapping.c X86_insn_reg_intel memory corruption

A vulnerability classified as critical was found in Capstone 3.0.4. This vulnerability affects the function X86_insn_reg_intel of the file arch/X86/X86Mapping.c. The manipulation with an unknown input leads to a memory corruption vulnerability...
Auteur: VulDB

Red Hat KIE Server/Business Central up to 7.20.x Password Storage Plaintext weak encryption

A vulnerability classified as critical has been found in Red Hat KIE Server and Business Central up to 7.20.x. This affects an unknown function of the component Password Storage. The manipulation with an unknown input leads to a weak encryption...
Auteur: VulDB

TP-LINK Archer CR-700 up to 1.0.6 DHCP Request cross site scripting

A vulnerability was found in TP-LINK Archer CR-700 up to 1.0.6. It has been rated as problematic. Affected by this issue is some processing of the component DHCP Request Handler. The manipulation with an unknown input leads to a cross site...
Auteur: VulDB

Bilboplanet 2.0 signup.php fullname cross site scripting

A vulnerability was found in Bilboplanet 2.0. It has been declared as problematic. Affected by this vulnerability is a code block of the file signup.php. The manipulation of the argument fullname as part of a Parameter leads to a cross site...
Auteur: VulDB

Bilboplanet 2.0 signup.php user_id cross site scripting

A vulnerability was found in Bilboplanet 2.0. It has been classified as problematic. Affected is code of the file signup.php. The manipulation of the argument user_id as part of a Parameter leads to a cross site scripting vulnerability (Stored)....
Auteur: VulDB

Bilboplanet 2.0 user/ tags cross site scripting

A vulnerability was found in Bilboplanet 2.0 and classified as problematic. This issue affects a part of the file user/?page=tribes. The manipulation of the argument tags as part of a Parameter leads to a cross site scripting vulnerability...
Auteur: VulDB

Xstream API up to 1.4.10 Security Framework XML Data Shell privilege escalation

A vulnerability has been found in Xstream API up to 1.4.10 and classified as critical. This vulnerability affects a functionality of the component Security Framework. The manipulation as part of a XML Data leads to a privilege escalation...
Auteur: VulDB

Cisco Releases Security Updates for Multiple Products

Original release date: May 15, 2019 Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.The...
Auteur: US Cert

CERTFR-2019-ALE-007 : Vulnérabilité dans le serveur DHCP de Windows (15 mai 2019)

Le 14 mai 2019, lors de sa mise à jour mensuelle, Microsoft a publié un correctif pour une vulnérabilité identifiée comme CVE-2019-0725 [1]. Cette vulnérabilité permet à un attaquant, non authentifié, d'exécuter du code arbitraire à distance...
Auteur: Cert FR

LibNyoci 0.07.00rc1 Packet coap.c denial of service

A vulnerability, which was classified as problematic, was found in LibNyoci 0.07.00rc1. This affects a function of the file coap.c of the component Packet Handler. The manipulation with an unknown input leads to a denial of service vulnerability...
Auteur: VulDB

CERTFR-2019-AVI-226 : Multiples vulnérabilités dans lemonldap-ng (15 mai 2019)

De multiples vulnérabilités ont été découvertes dans lemonldap-ng. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité.

Auteur: Cert FR

CERTFR-2019-ALE-006 : Vulnérabilité dans Microsoft Remote Desktop Services (15 mai 2019)

Le 14 mai 2019, lors de sa mise à jour mensuelle, Microsoft a publié un correctif pour une vulnérabilité identifiée comme CVE-2019-0708 [1]. Cette vulnérabilité impactant les services de bureau à distance (Remote Desktop Services, RDS) permet...
Auteur: Cert FR
First567891011121314Last

Événements SSI

READY FOR IT

La première édition de Ready For IT se déroule du 20 au 22 mai 2019 à Monaco (Grimaldi Forum) : conférences, keynotes, ateliers et rendez-vous one-to-one. Organisé par DG Consultants.

Présentation de l'événement par l'organisateur

DG Consultants, l’organisateur depuis 18 ans des Assises de la Sécurité, innove en lançant Ready For It, un nouveau rendez-vous business, centré sur la convergence des technologies et l’expérience client.
Pourquoi ce nouvel événement ?
Parce que la demande explose de la part des entreprises qui sont toutes engagées dans la transformation numérique.
Tandis que les fournisseurs font évoluer leurs offres et s’organisent en écosystèmes technologiques afin d’ être au plus proches des besoins de leurs clients.
Entre les impératifs business, les demandes des métiers, les contraintes techniques, les promesses des nouveaux concepts (IA, BlockChain…), les organisations sont en attente de solutions, de conseils et de service.
S’engager dans le Cloud ?
Oui mais comment et avec quel partenaire ?
Structurer les données mais avec quelles technologies et dans quel cadre ? Et quid de la sécurité qui doit désormais être au cœur de tous les processus IT ?
Voilà pourquoi DG Consultants, la référence dans le monde des rencontres d’affaires a conçu Ready For It.
Pour réunir dans un cadre convivial et autour de contenu de qualité tous les acteurs importants de l’IT, mais également les start-ups qui savent apporter l’innovation et la « disruption ».
Rendez-vous du 20 au 22 mai 2019 à Monaco !

Plus d'infos sur le site dédié à l'événement.

 

HACK IN PARIS

Pour sa 9ème édition la conférence Hack In Paris sur la sécurité IT se tient du 16 au 20 juin 2019 à Paris, Maison de la Chimie. Organisée par Sysdream.

RSS