jeudi 18 juillet 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Pagure 5.2 API Key api_key_expire_mail.py information disclosure

A vulnerability, which was classified as problematic, was found in Pagure 5.2. This affects a function of the file files/api_key_expire_mail.py of the component API Key Handler. The manipulation with an unknown input leads to a information...
Auteur: VulDB

Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption

A vulnerability classified as critical has been found in Nginx Unit up to 1.7.0 (Web Server). Affected is an unknown function of the component Router Process. The manipulation as part of a Request leads to a memory corruption vulnerability...
Auteur: VulDB

Kentico 10.0.42 SMTP Configuration Page Cleartext information disclosure [Disputed]

A vulnerability was found in Kentico 10.0.42. It has been rated as problematic. This issue affects some processing of the component SMTP Configuration Page. The manipulation with an unknown input leads to a information disclosure vulnerability...
Auteur: VulDB

gsi-openssh-server 7.9p1 on Fedora /etc/gsissh/sshd_config weak authentication

A vulnerability classified as critical has been found in gsi-openssh-server 7.9p1 on Fedora (Connectivity Software). This affects an unknown function of the file /etc/gsissh/sshd_config. The manipulation with an unknown input leads to a weak...
Auteur: VulDB

Simple DirectMedia Layer up to 1.2.15/2.0.9 video/SDL_pixels.c Map1toN memory corruption

A vulnerability was found in Simple DirectMedia Layer up to 1.2.15/2.0.9. It has been rated as critical. Affected by this issue is the function Map1toN of the file video/SDL_pixels.c. The manipulation with an unknown input leads to a memory...
Auteur: VulDB

Simple DirectMedia Layer up to 1.2.15/2.0.9 video/SDL_surface.c SDL_FillRect memory corruption

A vulnerability was found in Simple DirectMedia Layer up to 1.2.15/2.0.9. It has been declared as critical. Affected by this vulnerability is the function SDL_FillRect of the file video/SDL_surface.c. The manipulation with an unknown input leads...
Auteur: VulDB

Simple DirectMedia Layer up to 1.2.15/2.0.9 video/SDL_pixels.c SDL_GetRGB memory corruption

A vulnerability was found in Simple DirectMedia Layer up to 1.2.15/2.0.9. It has been classified as critical. Affected is the function SDL_GetRGB of the file video/SDL_pixels.c. The manipulation with an unknown input leads to a memory corruption...
Auteur: VulDB

Simple DirectMedia Layer up to 1.2.15/2.0.9 video/SDL_blit_1.c Blit1to4 memory corruption

A vulnerability was found in Simple DirectMedia Layer up to 1.2.15/2.0.9 and classified as critical. This issue affects the function Blit1to4 of the file video/SDL_blit_1.c. The manipulation with an unknown input leads to a memory corruption...
Auteur: VulDB

Cisco Meeting Server up to 2.3.8 Session Initiation Protocol Messages denial of service

A vulnerability, which was classified as problematic, was found in Cisco Meeting Server up to 2.3.8. This affects a function of the component Session Initiation Protocol. The manipulation as part of a Messages leads to a denial of service...
Auteur: VulDB

Cisco Identity Services Engine Web-based Management Interface Parameter cross site scripting

A vulnerability, which was classified as problematic, has been found in Cisco Identity Services Engine (Policy Management Software). Affected by this issue is some functionality of the component Web-based Management Interface. The manipulation ...
Auteur: VulDB

Cisco Web Security Appliance 10.1.x/10.5.x Decryption Policy Default Action privilege escalation

A vulnerability classified as critical was found in Cisco Web Security Appliance 10.1.x/10.5.x (Anti-Malware Software). Affected by this vulnerability is the functionality of the component Decryption Policy Default Action. The manipulation with...
Auteur: VulDB

Fortinet FortiClientWindows up to 6.0.2 NDIS Miniport Driver NULL Pointer Dereference denial of service

A vulnerability classified as problematic has been found in Fortinet FortiClientWindows up to 6.0.2. Affected is an unknown function of the component NDIS Miniport Driver. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

HelpSystems tcpcrypt up to 6.7.1 on Linux memory corruption [CVE-2018-20764]

A vulnerability was found in HelpSystems tcpcrypt up to 6.7.1 on Linux. It has been rated as critical. This issue affects some processing. The manipulation with an unknown input leads to a memory corruption vulnerability. Using CWE to declare...
Auteur: VulDB

Symantec Ghost Solution Suite up to 3.3 DLL privilege escalation

A vulnerability was found in Symantec Ghost Solution Suite up to 3.3 (Operating System). It has been declared as problematic. This vulnerability affects a code block of the component DLL Handler. The manipulation with an unknown input leads to a...
Auteur: VulDB

Fortinet FortiOS 5.6.0 SSH username Format String

A vulnerability was found in Fortinet FortiOS 5.6.0 (Firewall Software). It has been classified as critical. This affects code of the component SSH. The manipulation of the argument username as part of a Variable leads to a format string...
Auteur: VulDB

Emsisoft Anti-Malware 2018.8.1.8923 ACL EPP.sys privilege escalation

A vulnerability was found in Emsisoft Anti-Malware 2018.8.1.8923 (Anti-Malware Software) and classified as critical. This issue affects a part in the library EPP.sys of the component ACL Handler. The manipulation with an unknown input leads to a...
Auteur: VulDB

Hotels_Server up to 2018-11-05 Password Storage controller/fetchpwd.php weak encryption

A vulnerability has been found in Hotels_Server up to 2018-11-05 and classified as critical. This vulnerability affects a functionality of the file controller/fetchpwd.php of the component Password Storage. The manipulation with an unknown input...
Auteur: VulDB

Apple Releases Multiple Security Updates

Original release date: February 07, 2019 Apple has released security updates to address vulnerabilities in multiple products, including the recently discovered FaceTime vulnerability. An attacker could exploit some of these vulnerabilities...
Auteur: US Cert

CERTFR-2019-AVI-046 : Vulnérabilité dans Nagios Core 4 (07 février 2019)

Une vulnérabilité a été découverte dans Nagios Core 4. Elle permet à un attaquant de provoquer une injection de code indirecte à distance (XSS).

Auteur: Cert FR

Pie Chart Panel Plugin up to 2019-01-02 on Grafana Legend Data cross site scripting

A vulnerability was found in Pie Chart Panel Plugin up to 2019-01-02 on Grafana. It has been classified as problematic. Affected is code of the component Legend Data Handler. The manipulation with an unknown input leads to a cross site scripting...
Auteur: VulDB

Apache Hadoop up to 3.0.0 HDFS information disclosure

A vulnerability, which was classified as problematic, has been found in Apache Hadoop up to 3.0.0. Affected by this issue is some functionality of the component HDFS. The manipulation with an unknown input leads to a information disclosure...
Auteur: VulDB

Bo-blog Wind up to 1.6.0-r delBlockedBatch comID sql injection

A vulnerability, which was classified as critical, has been found in Bo-blog Wind up to 1.6.0-r (Blog Software). Affected by this issue is the function delBlockedBatch of the file admin.php/comments/batchdel/. The manipulation of the argument...
Auteur: VulDB

Waimai Super CMS 20150505 PublicAction.class.php param sql injection

A vulnerability classified as critical was found in Waimai Super CMS 20150505 (Content Management System). Affected by this vulnerability is the functionality in the library web/Lib/Action/PublicAction.class.php. The manipulation of the argument...
Auteur: VulDB

libming up to 0.4.8 util/read.c readBytes SWF File memory corruption

A vulnerability classified as critical has been found in libming up to 0.4.8 (Programming Tool Software). Affected is the function readBytes of the file util/read.c. The manipulation as part of a SWF File leads to a memory corruption...
Auteur: VulDB

libming up to 0.4.8 util/parser.c parseSWF_ACTIONRECORD SWF File memory corruption

A vulnerability was found in libming up to 0.4.8 (Programming Tool Software). It has been rated as critical. This issue affects the function parseSWF_ACTIONRECORD of the file util/parser.c. The manipulation as part of a SWF File leads to a...
Auteur: VulDB
First270271272273274275276277278279Last

Événements SSI

BLACK HAT

Événement majeur mondial sur la sécurité de l'information la conférence Black Hat USA a lieu du 3 au 8 août 2019 à Las Vegas (Mandalay Bay). Organisé par UBM.


Présentation par l'organisateur

Now in its 22nd year, Black Hat USA is the world's leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2019 opens with four days of technical Trainings (August 3-6) followed by the two-day main conference (August 7-8) featuring Briefings, Arsenal, Business Hall, and more.

 Plus d'infos sur le site dédié à l'événement.

LES ASSISES

Grand rendez-vous annuel des RSSI, les Assises de la sécurité des systèmes d'information se tiennent à Monaco (Grimaldi Forum) du 9 au 12 octobre 2019. Organisées par DG Consultants.

Présentation par l'organisateur



Retour sur Les Assises 2018

La 18ème édition des Assises de la Sécurité à Monaco, c’est terminé ! Encore merci aux 2800 participants dont les 160 partenaires qui pendant trois jours se sont retrouvés pour faire vivre cet événement unique en France. Conférences, one-to-one, tables-rondes, ateliers, moments de networking… Par leur contenu, par la qualité des visiteurs et par la richesse des échanges, les Assises se positionnent plus que jamais comme le rendez-vous incontournable de tous les professionnels de la cybersécurité. A l’image du marché qui ne cesse d’évoluer, les Assises savent adapter leur offre afin de répondre au mieux aux attentes du secteur. Ainsi cette édition a-t-elle voulu mettre en avant les grands enjeux du moment en multipliant les prises de parole, les démonstrations et les retours d’expérience.

Rendez-vous maintenant pour la prochaine édition qui aura lieu du 9 au 12 octobre 2019

Plus d'informations sur le site dédié à l'événement.

RSS