lundi 19 août 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

CERTFR-2019-AVI-141 : Multiples vulnérabilités dans Apache Httpd (02 avril 2019)

De multiples vulnérabilités ont été découvertes dans Apache Httpd. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et un contournement de la...
Auteur: Cert FR

CERTFR-2019-AVI-140 : Vulnérabilité dans Fortinet FortiClient Mac (02 avril 2019)

Une vulnérabilité a été découverte dans Fortinet FortiClient Mac. Elle permet à un attaquant de provoquer un déni de service à distance.

Auteur: Cert FR

TONGDA Office Anywhere 10.18.190121 work_handle.php run_id sql injection

A vulnerability has been found in TONGDA Office Anywhere 10.18.190121 and classified as critical. This vulnerability affects a functionality of the file general/approve_center/list/input_form/work_handle.php. The manipulation of the argument...
Auteur: VulDB

VMware Workstation/Fusion e1000 Virtual Network Adapte Out-of-Bounds memory corruption

A vulnerability, which was classified as critical, was found in VMware Workstation and Fusion (Virtualization Software). This affects a function of the component e1000 Virtual Network Adapte. The manipulation with an unknown input leads to a...
Auteur: VulDB

VMware Workstation/Fusion Virtual Network Adapter Out-of-Bounds memory corruption

A vulnerability, which was classified as critical, has been found in VMware Workstation and Fusion (Virtualization Software). Affected by this issue is some functionality of the component Virtual Network Adapter. The manipulation with an unknown...
Auteur: VulDB

IBM Tivoli Storage Manager 8.1.7 on Windows Web User Interface privilege escalation

A vulnerability classified as critical was found in IBM Tivoli Storage Manager 8.1.7 on Windows (Backup Software). Affected by this vulnerability is the functionality of the component Web User Interface. The manipulation with an unknown input...
Auteur: VulDB

IBM WebSphere Application Server 7.5/8.0/8.5/9.0 Admin Console CPU Exhaustion denial of service

A vulnerability classified as critical has been found in IBM WebSphere Application Server 7.5/8.0/8.5/9.0 (Application Server Software). Affected is an unknown function of the component Admin Console. The manipulation with an unknown input leads...
Auteur: VulDB

IBM Sterling B2B Integrator Standard Edition 5.2.0/6.0.0.0 XML Data XML External Entity

A vulnerability was found in IBM Sterling B2B Integrator Standard Edition 5.2.0/6.0.0.0 (File Transfer Software). It has been rated as critical. This issue affects some processing of the component XML Data Handler. The manipulation with an...
Auteur: VulDB

ktlint up to 0.29.x Code Execution [CVE-2019-1010260]

A vulnerability was found in ktlint up to 0.29.x. It has been classified as critical. This affects code. The manipulation with an unknown input leads to a privilege escalation vulnerability (Code Execution). CWE is classifying the issue as...
Auteur: VulDB

IBM InfoSphere Information Server 11.3/11.5/11.7 JSP File information disclosure

A vulnerability was found in IBM InfoSphere Information Server 11.3/11.5/11.7 (Reporting Software) and classified as problematic. Affected by this issue is a part of the component JSP File Handler. The manipulation with an unknown input leads to...
Auteur: VulDB

IBM InfoSphere Information Server 11.3/11.5/11.7 HTTP Request unknown vulnerability

A vulnerability has been found in IBM InfoSphere Information Server 11.3/11.5/11.7 (Reporting Software) and classified as problematic. The manipulation as part of a HTTP Request leads to a unknown weakness. The CWE definition for the...
Auteur: VulDB

IBM API Connect up to 5.0.8.5 information disclosure [CVE-2018-1874]

A vulnerability, which was classified as problematic, was found in IBM API Connect up to 5.0.8.5. Affected is a function. The manipulation with an unknown input leads to a information disclosure vulnerability. CWE is classifying the issue as...
Auteur: VulDB

IBM 2.2.1 Password Policy weak authentication

A vulnerability, which was classified as critical, has been found in IBM Security Privileged Identity Manager Virtual Appliance 2.2.1. This issue affects some functionality of the component Password Policy. The manipulation with an unknown input...
Auteur: VulDB

IBM 2.2.1 Request privilege escalation

A vulnerability classified as critical was found in IBM Security Privileged Identity Manager Virtual Appliance 2.2.1. This vulnerability affects the functionality. The manipulation as part of a Request leads to a privilege escalation...
Auteur: VulDB

IBM 2.2.1 Session Fixation weak authentication

A vulnerability classified as critical has been found in IBM Security Privileged Identity Manager Virtual Appliance 2.2.1. This affects an unknown function. The manipulation with an unknown input leads to a weak authentication vulnerability...
Auteur: VulDB

IBM 2.2.1 Error Message information disclosure

A vulnerability was found in IBM Security Privileged Identity Manager Virtual Appliance 2.2.1. It has been rated as problematic. Affected by this issue is some processing of the component Error Message Handler. The manipulation with an unknown...
Auteur: VulDB

IBM 2.2.1 Web Page Storage information disclosure

A vulnerability was found in IBM Security Privileged Identity Manager Virtual Appliance 2.2.1. It has been declared as problematic. Affected by this vulnerability is a code block of the component Web Page Storage. The manipulation with an...
Auteur: VulDB

IBM 2.2.1 cross site request forgery [CVE-2018-1622]

A vulnerability was found in IBM Security Privileged Identity Manager Virtual Appliance 2.2.1. It has been classified as problematic. Affected is code. The manipulation with an unknown input leads to a cross site request forgery vulnerability....
Auteur: VulDB

IBM 2.2.1 Request privilege escalation

A vulnerability was found in IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 and classified as critical. This issue affects a part. The manipulation with the input value /../ leads to a privilege escalation vulnerability. Using...
Auteur: VulDB

CNCF CNI 0.7.4 Network Firewall privilege escalation

A vulnerability was found in CNCF CNI 0.7.4. It has been declared as critical. Affected by this vulnerability is a code block of the component Network Firewall. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

SonicWALL SonicOS/SonicOSv TLS CBC Cipher Plaintext weak encryption

A vulnerability was found in SonicWALL SonicOS and SonicOSv (Firewall Software). It has been classified as critical. Affected is code of the component TLS CBC Cipher. The manipulation with an unknown input leads to a weak encryption...
Auteur: VulDB

SonicWALL SonicOS/SonicOSv Routing Service privilege escalation

A vulnerability was found in SonicWALL SonicOS and SonicOSv (Firewall Software) and classified as critical. This issue affects a part of the component Routing Service. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

SonicWALL SonicOS/SonicOSv Certificate privilege escalation [CVE-2019-7474]

A vulnerability has been found in SonicWALL SonicOS and SonicOSv (Firewall Software) and classified as critical. This vulnerability affects a functionality of the component Certificate Handler. The manipulation with an unknown input leads to a...
Auteur: VulDB

ImageMagick up to 7.0.8-31 MagickCore/locale.c LocaleLowercase memory corruption

A vulnerability, which was classified as critical, has been found in ImageMagick up to 7.0.8-31 (Image Processing Software). Affected by this issue is the function LocaleLowercase of the file MagickCore/locale.c. The manipulation with an unknown...
Auteur: VulDB

S-CMS PHP 1.0 scms.php id sql injection

A vulnerability classified as critical was found in S-CMS PHP 1.0 (Content Management System). Affected by this vulnerability is the functionality of the file 4/js/scms.php?action=unlike. The manipulation of the argument id as part of a...
Auteur: VulDB
First269270271272273274275276277278Last

Événements SSI

LES ASSISES

Grand rendez-vous annuel des RSSI, les Assises de la sécurité des systèmes d'information se tiennent à Monaco (Grimaldi Forum) du 9 au 12 octobre 2019. Organisées par DG Consultants.

Présentation par l'organisateur



Retour sur Les Assises 2018

La 18ème édition des Assises de la Sécurité à Monaco, c’est terminé ! Encore merci aux 2800 participants dont les 160 partenaires qui pendant trois jours se sont retrouvés pour faire vivre cet événement unique en France. Conférences, one-to-one, tables-rondes, ateliers, moments de networking… Par leur contenu, par la qualité des visiteurs et par la richesse des échanges, les Assises se positionnent plus que jamais comme le rendez-vous incontournable de tous les professionnels de la cybersécurité. A l’image du marché qui ne cesse d’évoluer, les Assises savent adapter leur offre afin de répondre au mieux aux attentes du secteur. Ainsi cette édition a-t-elle voulu mettre en avant les grands enjeux du moment en multipliant les prises de parole, les démonstrations et les retours d’expérience.

Rendez-vous maintenant pour la prochaine édition qui aura lieu du 9 au 12 octobre 2019

Plus d'informations sur le site dédié à l'événement.

RSS