jeudi 18 juillet 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Mozilla Firefox/Thunderbird/Firefox ESR Inter-Process Communication weak authentication

A vulnerability classified as critical was found in Mozilla Firefox, Thunderbird and Firefox ESR (Web Browser). Affected by this vulnerability is the functionality of the component Inter-Process Communication. The manipulation with an unknown...
Auteur: VulDB

Mozilla Firefox up to 64 Texture Client Out-of-Bounds memory corruption

A vulnerability classified as critical has been found in Mozilla Firefox up to 64 (Web Browser). Affected is an unknown function of the component Texture Client Handler. The manipulation with an unknown input leads to a memory corruption...
Auteur: VulDB

Mozilla Firefox up to 64 Audio Buffer Crash denial of service

A vulnerability was found in Mozilla Firefox up to 64 (Web Browser). It has been rated as problematic. This issue affects some processing of the component Audio Buffer. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

Mozilla Firefox up to 64 memory corruption [CVE-2018-18502]

A vulnerability was found in Mozilla Firefox up to 64 (Web Browser). It has been declared as critical. This vulnerability affects a code block. The manipulation with an unknown input leads to a memory corruption vulnerability. The CWE definition...
Auteur: VulDB

Mozilla Firefox/Thunderbird/Firefox ESR memory corruption [CVE-2018-18501]

A vulnerability was found in Mozilla Firefox, Thunderbird and Firefox ESR (Web Browser). It has been classified as critical. This affects code. The manipulation with an unknown input leads to a memory corruption vulnerability. CWE is classifying...
Auteur: VulDB

Kunbus PR100088 Modbus Gateway up to R02 FTP Service XML information disclosure

A vulnerability was found in Kunbus PR100088 Modbus Gateway up to R02 and classified as problematic. Affected by this issue is a part of the component FTP Service. The manipulation with an unknown input leads to a information disclosure...
Auteur: VulDB

Kunbus PR100088 Modbus Gateway up to R02 HTTP weak encryption

A vulnerability has been found in Kunbus PR100088 Modbus Gateway up to R02 and classified as critical. Affected by this vulnerability is a functionality. The manipulation with an unknown input leads to a weak encryption vulnerability (HTTP). The...
Auteur: VulDB

Kunbus PR100088 Modbus Gateway prior R02 FTP Service Request denial of service

A vulnerability, which was classified as critical, was found in Kunbus PR100088 Modbus Gateway. Affected is a function of the component FTP Service. The manipulation as part of a Request leads to a denial of service vulnerability. CWE is...
Auteur: VulDB

Kunbus PR100088 Modbus Gateway prior R02 Web Interface weak authentication

A vulnerability, which was classified as critical, has been found in Kunbus PR100088 Modbus Gateway. This issue affects some functionality of the component Web Interface. The manipulation with an unknown input leads to a weak authentication...
Auteur: VulDB

Kunbus PR100088 Modbus Gateway prior R02 Password Reset weak authentication

A vulnerability classified as critical was found in Kunbus PR100088 Modbus Gateway. This vulnerability affects the functionality. The manipulation with an unknown input leads to a weak authentication vulnerability (Password Reset). The CWE...
Auteur: VulDB

Contrôle du blocage administratif des sites : première décision rendue sur saisine de la personnalité qualifiée

Sur saisine de M. Alexandre Linden, personnalité qualifiée, désignée par la CNIL, en charge du contrôle du blocage administratif des sites provoquant à des actes de terrorisme ou en faisant l’apologie, ou à caractère pédopornographique, le...
Auteur: Cnil

CERTFR-2019-AVI-043 : Vulnérabilité dans Prim’X Zed! (04 février 2019)

Une vulnérabilité a été découverte dans Prim’X Zed!. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2019-AVI-042 : Multiples vulnérabilités dans le noyau Linux de SUSE (04 février 2019)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un déni de service et un contournement de la politique de sécurité.

Auteur: Cert FR

Live555 prior 2019.02.03 liblivemedia RTSP Stream Use-After-Free memory corruption

A vulnerability classified as critical was found in Live555. Affected by this vulnerability is the functionality of the component liblivemedia. The manipulation as part of a RTSP Stream leads to a memory corruption vulnerability...
Auteur: VulDB

Hex Package Manager up to 0.18.2 Code Execution [CVE-2019-1000012]

A vulnerability, which was classified as critical, was found in Hex Package Manager up to 0.18.2. This affects a function. The manipulation with an unknown input leads to a privilege escalation vulnerability (Code Execution). CWE is classifying...
Auteur: VulDB

API Platform up to 2.3.5 Access Control denial of service

A vulnerability, which was classified as problematic, has been found in API Platform up to 2.3.5. Affected by this issue is some functionality of the component Access Control. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

phpipam up to 1.3.2 subnet-scan-telnet.php cross site scripting

A vulnerability classified as problematic was found in phpipam up to 1.3.2. Affected by this vulnerability is the functionality of the file subnet-scan-telnet.php. The manipulation with an unknown input leads to a cross site scripting...
Auteur: VulDB

Helm ChartMuseum up to 0.8.0 HTTP API POST Request directory traversal

A vulnerability classified as critical has been found in Helm ChartMuseum up to 0.8.0. Affected is an unknown function of the component HTTP API. The manipulation as part of a POST Request leads to a directory traversal vulnerability. CWE is...
Auteur: VulDB

Helm up to 2.12.1 Archive File directory traversal

A vulnerability was found in Helm up to 2.12.1. It has been rated as critical. This issue affects some processing. The manipulation as part of a Archive File leads to a directory traversal vulnerability. Using CWE to declare the problem leads to...
Auteur: VulDB

aioxmpp up to 0.10.2 Stanza Parser denial of service

A vulnerability was found in aioxmpp up to 0.10.2 (Messaging Software). It has been declared as problematic. This vulnerability affects a code block of the component Stanza Parser. The manipulation with an unknown input leads to a denial of...
Auteur: VulDB

RIOT RIOT-OS DNS Protocol sock_dns memory corruption

A vulnerability was found in RIOT RIOT-OS. It has been classified as critical. This affects the function sock_dns of the component DNS Protocol Handler. The manipulation with an unknown input leads to a memory corruption vulnerability (Code...
Auteur: VulDB

mPDF up to 7.1.7 Deserialization Image/ImageProcessor getImage() PDF File Code Execution

A vulnerability was found in mPDF up to 7.1.7 and classified as critical. Affected by this issue is the function getImage() of the file Image/ImageProcessor of the component Deserialization. The manipulation as part of a PDF File leads to a...
Auteur: VulDB

yugandhargangu JspMyAdmin2 up to 1.0.6 Stored cross site scripting

A vulnerability has been found in yugandhargangu JspMyAdmin2 up to 1.0.6 and classified as problematic. Affected by this vulnerability is a functionality. The manipulation with an unknown input leads to a cross site scripting vulnerability...
Auteur: VulDB

MapSVG Lite 3.2.3 REST Endpoint admin-ajax.php cross site request forgery

A vulnerability, which was classified as problematic, was found in MapSVG Lite 3.2.3. Affected is a function of the file /wp-admin/admin-ajax.php?action=mapsvg_save of the component REST Endpoint. The manipulation with an unknown input leads to...
Auteur: VulDB

Gitea up to 1.6.2 Access Control privilege escalation

A vulnerability, which was classified as critical, has been found in Gitea up to 1.6.2 (Versioning Software). This issue affects some functionality of the component Access Control. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB
First277278279280281282283284285286Last

Événements SSI

BLACK HAT

Événement majeur mondial sur la sécurité de l'information la conférence Black Hat USA a lieu du 3 au 8 août 2019 à Las Vegas (Mandalay Bay). Organisé par UBM.


Présentation par l'organisateur

Now in its 22nd year, Black Hat USA is the world's leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2019 opens with four days of technical Trainings (August 3-6) followed by the two-day main conference (August 7-8) featuring Briefings, Arsenal, Business Hall, and more.

 Plus d'infos sur le site dédié à l'événement.

LES ASSISES

Grand rendez-vous annuel des RSSI, les Assises de la sécurité des systèmes d'information se tiennent à Monaco (Grimaldi Forum) du 9 au 12 octobre 2019. Organisées par DG Consultants.

Présentation par l'organisateur



Retour sur Les Assises 2018

La 18ème édition des Assises de la Sécurité à Monaco, c’est terminé ! Encore merci aux 2800 participants dont les 160 partenaires qui pendant trois jours se sont retrouvés pour faire vivre cet événement unique en France. Conférences, one-to-one, tables-rondes, ateliers, moments de networking… Par leur contenu, par la qualité des visiteurs et par la richesse des échanges, les Assises se positionnent plus que jamais comme le rendez-vous incontournable de tous les professionnels de la cybersécurité. A l’image du marché qui ne cesse d’évoluer, les Assises savent adapter leur offre afin de répondre au mieux aux attentes du secteur. Ainsi cette édition a-t-elle voulu mettre en avant les grands enjeux du moment en multipliant les prises de parole, les démonstrations et les retours d’expérience.

Rendez-vous maintenant pour la prochaine édition qui aura lieu du 9 au 12 octobre 2019

Plus d'informations sur le site dédié à l'événement.

RSS