jeudi 18 juillet 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Cisco Unified Intelligence Center Web-based Management Interface cross site scripting

A vulnerability was found in Cisco Unified Intelligence Center. It has been declared as problematic. Affected by this vulnerability is a code block of the component Web-based Management Interface. The manipulation with an unknown input leads to...
Auteur: VulDB

Cisco TelePresence Management Suite Web-based Management Interface cross site scripting

A vulnerability was found in Cisco TelePresence Management Suite (Unified Communication Software). It has been classified as problematic. Affected is code of the component Web-based Management Interface. The manipulation with an unknown input...
Auteur: VulDB

Cisco TelePresence Management Suite SOAP privilege escalation

A vulnerability was found in Cisco TelePresence Management Suite (Unified Communication Software) and classified as critical. This issue affects a part of the component SOAP. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

IBM DataPower Gateway Message Injection spoofing

A vulnerability has been found in IBM DataPower Gateway and classified as critical. This vulnerability affects a functionality of the component Message Handler. The manipulation with an unknown input leads to a spoofing vulnerability...
Auteur: VulDB

Apache Guacamole prior 1.0.0 Cookie Flag weak encryption

A vulnerability, which was classified as problematic, was found in Apache Guacamole. This affects a function of the component Cookie Handler. The manipulation with an unknown input leads to a weak encryption vulnerability (Flag). CWE is...
Auteur: VulDB

Apple iOS up to 12.1.3 Live Photos in FaceTime unknown vulnerability

A vulnerability classified as problematic was found in Apple iOS up to 12.1.3 (Smartphone Operating System). This vulnerability affects the functionality of the component Live Photos in FaceTime. The impact remains unknown. The weakness was...
Auteur: VulDB

Apple iOS up to 12.1.3 Foundation memory corruption

A vulnerability was found in Apple iOS up to 12.1.3 (Smartphone Operating System). It has been rated as critical. Affected by this issue is some processing of the component Foundation. The manipulation with an unknown input leads to a memory...
Auteur: VulDB

Apple iOS up to 12.1.3 IOKit memory corruption

A vulnerability classified as very critical has been found in Apple iOS up to 12.1.3 (Smartphone Operating System). This affects an unknown function of the component IOKit. The manipulation with an unknown input leads to a memory corruption...
Auteur: VulDB

Microsoft Releases Security Advisory for Exchange Server

Original release date: February 05, 2019 Microsoft has released an advisory to address an elevation of privilege vulnerability in Microsoft Exchange Server. An attacker could exploit this vulnerability to take control of an affected...
Auteur: US Cert

CA Automic Workload Automation 12.0 Automic Web Interface Persistent cross site scripting

A vulnerability, which was classified as problematic, was found in CA Automic Workload Automation 12.0. Affected is a function of the component Automic Web Interface. The manipulation with an unknown input leads to a cross site scripting...
Auteur: VulDB

gnome-shell 3.15.91 Lock Screen privilege escalation

A vulnerability classified as critical has been found in gnome-shell 3.15.91. This affects an unknown function of the component Lock Screen. The manipulation with an unknown input leads to a privilege escalation vulnerability. CWE is classifying...
Auteur: VulDB

rssh up to 2.3.4 Environment Variable privilege escalation

A vulnerability was found in rssh up to 2.3.4 (SSH Server Software). It has been rated as critical. Affected by this issue is some processing. The manipulation as part of a Environment Variable leads to a privilege escalation vulnerability....
Auteur: VulDB

rssh up to 2.3.4 rsync Argument privilege escalation

A vulnerability was found in rssh up to 2.3.4 (SSH Server Software). It has been declared as critical. Affected by this vulnerability is a code block of the component rsync Handler. The manipulation as part of a Argument leads to a privilege...
Auteur: VulDB

Warnings Next Generation Plugin up to 1.0.1 on Jenkins DetailsTableModel.java cross site scripting

A vulnerability was found in Warnings Next Generation Plugin up to 1.0.1 on Jenkins. It has been classified as problematic. Affected is code of the file src/main/java/io/jenkins/plugins/analysis/core/model/DetailsTableModel.java. The manipulation...
Auteur: VulDB

Monitoring plugin up to 1.74.0 on Jenkins PluginImpl.java denial of service

A vulnerability was found in Monitoring plugin up to 1.74.0 on Jenkins (Network Encryption Software) and classified as problematic. This issue affects a part of the file PluginImpl.java. The manipulation with an unknown input leads to a denial...
Auteur: VulDB

OpenId Connect Authentication Plugin up to 1.4 on Jenkins config.jelly information disclosure

A vulnerability has been found in OpenId Connect Authentication Plugin up to 1.4 on Jenkins and classified as problematic. This vulnerability affects a functionality of the file OicSecurityRealm/config.jelly. The manipulation with an unknown...
Auteur: VulDB

Kanboard Plugin up to 1.5.10 on Jenkins KanboardGlobalConfiguration.java GET Request Server-Side Request Forgery

A vulnerability, which was classified as critical, was found in Kanboard Plugin up to 1.5.10 on Jenkins (Forum Software). This affects a function of the file KanboardGlobalConfiguration.java. The manipulation as part of a GET Request leads to a...
Auteur: VulDB

GitHub Authentication Plugin up to 0.29 on Jenkins GithubSecurityRealm.java weak authentication

A vulnerability, which was classified as critical, has been found in GitHub Authentication Plugin up to 0.29 on Jenkins (Bug Tracking Software). Affected by this issue is some functionality of the file GithubSecurityRealm.java. The manipulation ...
Auteur: VulDB

GitHub Authentication Plugin up to 0.29 on Jenkins config.jelly information disclosure

A vulnerability classified as problematic was found in GitHub Authentication Plugin up to 0.29 on Jenkins (Bug Tracking Software). Affected by this vulnerability is the functionality of the file GithubSecurityRealm/config.jelly. The manipulation...
Auteur: VulDB

Job Import Plugin up to 3.0 on Jenkins JobImportAction.java privilege escalation

A vulnerability classified as critical has been found in Job Import Plugin up to 3.0 on Jenkins. Affected is an unknown function of the file JobImportAction.java. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

Job Import Plugin up to 2.1 on Jenkins JobImportAction.java information disclosure

A vulnerability was found in Job Import Plugin up to 2.1 on Jenkins. It has been rated as problematic. This issue affects some processing of the file src/main/java/org/jenkins/ci/plugins/jobimport/JobImportAction.java. The manipulation with an...
Auteur: VulDB

Job Import Plugin up to 2.1 on Jenkins XML Data RestApiClient.java XML External Entity

A vulnerability was found in Job Import Plugin up to 2.1 on Jenkins. It has been declared as critical. This vulnerability affects a code block of the file src/main/java/org/jenkins/ci/plugins/jobimport/client/RestApiClient.java of the component...
Auteur: VulDB

Config File Provider Plugin up to 3.4.1 on Jenkins configfiles.jelly cross site scripting

A vulnerability was found in Config File Provider Plugin up to 3.4.1 on Jenkins. It has been classified as problematic. This affects code of the file src/main/resources/lib/configfiles/configfiles.jelly. The manipulation with an unknown input...
Auteur: VulDB

Blue Ocean Plugin up to 1.10.1 on Jenkins Export.java cross site scripting

A vulnerability was found in Blue Ocean Plugin up to 1.10.1 on Jenkins and classified as problematic. Affected by this issue is a part of the file blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export.java. The manipulation...
Auteur: VulDB

Blue Ocean Plugin up to 1.10.1 on Jenkins CSRF Protection bundleStartup.js privilege escalation

A vulnerability has been found in Blue Ocean Plugin up to 1.10.1 on Jenkins and classified as critical. Affected by this vulnerability is a functionality of the file blueocean-core-js/src/js/bundleStartup.js of the component CSRF Protection. The...
Auteur: VulDB
First272273274275276277278279280281Last

Événements SSI

BLACK HAT

Événement majeur mondial sur la sécurité de l'information la conférence Black Hat USA a lieu du 3 au 8 août 2019 à Las Vegas (Mandalay Bay). Organisé par UBM.


Présentation par l'organisateur

Now in its 22nd year, Black Hat USA is the world's leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2019 opens with four days of technical Trainings (August 3-6) followed by the two-day main conference (August 7-8) featuring Briefings, Arsenal, Business Hall, and more.

 Plus d'infos sur le site dédié à l'événement.

LES ASSISES

Grand rendez-vous annuel des RSSI, les Assises de la sécurité des systèmes d'information se tiennent à Monaco (Grimaldi Forum) du 9 au 12 octobre 2019. Organisées par DG Consultants.

Présentation par l'organisateur



Retour sur Les Assises 2018

La 18ème édition des Assises de la Sécurité à Monaco, c’est terminé ! Encore merci aux 2800 participants dont les 160 partenaires qui pendant trois jours se sont retrouvés pour faire vivre cet événement unique en France. Conférences, one-to-one, tables-rondes, ateliers, moments de networking… Par leur contenu, par la qualité des visiteurs et par la richesse des échanges, les Assises se positionnent plus que jamais comme le rendez-vous incontournable de tous les professionnels de la cybersécurité. A l’image du marché qui ne cesse d’évoluer, les Assises savent adapter leur offre afin de répondre au mieux aux attentes du secteur. Ainsi cette édition a-t-elle voulu mettre en avant les grands enjeux du moment en multipliant les prises de parole, les démonstrations et les retours d’expérience.

Rendez-vous maintenant pour la prochaine édition qui aura lieu du 9 au 12 octobre 2019

Plus d'informations sur le site dédié à l'événement.

RSS