jeudi 18 juillet 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

TeamPass up to 2.1.27 Password Storage Side-Channel information disclosure

A vulnerability classified as problematic was found in TeamPass up to 2.1.27. This vulnerability affects the functionality of the component Password Storage. The manipulation with an unknown input leads to a information disclosure vulnerability...
Auteur: VulDB

Recon-ng up to 4.9.4 CSV modules/reporting/csv.py Remote Code Execution

A vulnerability classified as critical has been found in Recon-ng up to 4.9.4. This affects an unknown function of the file modules/reporting/csv.py of the component CSV Handler. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

PoDoFo 0.9.6 PDF Document GetObject denial of service

A vulnerability was found in PoDoFo 0.9.6 (Document Reader Software). It has been rated as problematic. Affected by this issue is the function GetObject of the component PDF Document Handler. The manipulation with an unknown input leads to a...
Auteur: VulDB

IBM Security Identity Manager 7.0.1 XML Data XML External Entity

A vulnerability was found in IBM Security Identity Manager 7.0.1. It has been declared as critical. Affected by this vulnerability is a code block of the component XML Data Handler. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

IBM Security Identity Manager 7.0.1 Logout Session Token weak authentication

A vulnerability was found in IBM Security Identity Manager 7.0.1. It has been classified as critical. Affected is code of the component Logout Handler. The manipulation with an unknown input leads to a weak authentication vulnerability (Session...
Auteur: VulDB

IBM App Connect XML Data XML External Entity [CVE-2018-1801]

A vulnerability was found in IBM App Connect, Integration Bus and WebSphere Message Broker (Application Server Software) and classified as critical. This issue affects a part of the component XML Data Handler. The manipulation with an unknown...
Auteur: VulDB

IBM Tivoli Application Dependency Discovery Manager 7.2.2/7.3 Password Hash Memory information disclosure

A vulnerability has been found in IBM Tivoli Application Dependency Discovery Manager 7.2.2/7.3 (Directory Service Software) and classified as problematic. This vulnerability affects a functionality of the component Password Hash. The...
Auteur: VulDB

Dell OS10 up to 10.4.2.0 CLI unknown vulnerability [CVE-2018-15778]

A vulnerability, which was classified as problematic, was found in Dell OS10 up to 10.4.2.0. This affects a function of the component CLI. The impact remains unknown. The summary by CVE is:Dell OS10 versions prior to 10.4.2.1 contain a...
Auteur: VulDB

PySpark 1.x/2.0.x/2.1.x/2.2.0 to 2.2.2/2.3.0 to 2.3.1 Impersonation spoofing

A vulnerability was found in PySpark 1.x/2.0.x/2.1.x/2.2.0 to 2.2.2/2.3.0 to 2.3.1. It has been classified as critical. This affects code. The manipulation with an unknown input leads to a spoofing vulnerability (Impersonation). CWE is...
Auteur: VulDB

Fastnet SA MailCleaner 2018092601 Web Application search command injection

A vulnerability was found in Fastnet SA MailCleaner 2018092601 and classified as critical. Affected by this issue is a part of the file /admin/managetracing/search/search of the component Web Application. The manipulation with an unknown input...
Auteur: VulDB

FreeBSD CVSWeb 2.x cross site scripting [CVE-2018-1000998]

A vulnerability has been found in FreeBSD CVSWeb 2.x (Operating System) and classified as problematic. Affected by this vulnerability is a functionality. The manipulation with an unknown input leads to a cross site scripting vulnerability. The...
Auteur: VulDB

Audacity 2.1.2 DLL avformat-55.dll privilege escalation

A vulnerability, which was classified as problematic, was found in Audacity 2.1.2. Affected is a function in the library avformat-55.dll of the component DLL Handler. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

DT Register Extension up to 2.8.17/3.1.11 on Joomla index.php sql injection

A vulnerability, which was classified as critical, has been found in DT Register Extension up to 2.8.17/3.1.11 on Joomla. This issue affects some functionality of the file /index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events. The...
Auteur: VulDB

IBM Security Identity Manager up to 6.0/7.0 Code Injection privilege escalation

A vulnerability classified as critical has been found in IBM Security Identity Manager up to 6.0/7.0. Affected is an unknown function. The manipulation with an unknown input leads to a privilege escalation vulnerability (Code Injection). CWE is...
Auteur: VulDB

SPICE up to 0.14.1 Out-of-Bounds memory corruption

A vulnerability was found in SPICE up to 0.14.1. It has been rated as critical. This issue affects some processing. The manipulation with an unknown input leads to a memory corruption vulnerability (Out-of-Bounds). Using CWE to declare the...
Auteur: VulDB

Debian tmpreaper 1.6.13+nmu1 /etc/cron.d/ rename() privilege escalation

A vulnerability was found in Debian tmpreaper 1.6.13+nmu1. It has been declared as critical. This vulnerability affects the function rename() of the file /etc/cron.d/. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

OPT NET BV NG-NetMS up to 3.6-2 index.php id/operation cross site scripting

A vulnerability was found in OPT NET BV NG-NetMS up to 3.6-2 (Transport Management Software). It has been classified as problematic. This affects code in the library /js/libs/jstree/demo/filebrowser/index.php. The manipulation of the argument...
Auteur: VulDB

OPT NET BV BV OPTOSS Next Gen Network Management System up to 3.6-2 id/id_access_type/id_attr_access sql injection

A vulnerability was found in OPT NET BV BV OPTOSS Next Gen Network Management System up to 3.6-2 and classified as critical. Affected by this issue is a part. The manipulation of the argument id/id_access_type/id_attr_access as part of a...
Auteur: VulDB

Taoensso Sente up to 1.13.x cross site request forgery [CVE-2019-1000022]

A vulnerability has been found in Taoensso Sente up to 1.13.x and classified as problematic. Affected by this vulnerability is a functionality. The manipulation with an unknown input leads to a cross site request forgery vulnerability. The CWE...
Auteur: VulDB

slixmpp up to 1.4.1 XEP-0223 Plugin privilege escalation

A vulnerability, which was classified as critical, was found in slixmpp up to 1.4.1 (Messaging Software). Affected is a function of the component XEP-0223 Plugin. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

libarchive 2.8.0 archive_read_support_format_iso9660.c read_CE()/parse_rockridge() denial of service

A vulnerability, which was classified as problematic, has been found in libarchive 2.8.0 (Document Reader Software). This issue affects the function read_CE()/parse_rockridge() of the file archive_read_support_format_iso9660.c. The manipulation ...
Auteur: VulDB

libarchive 3.0.2 7zip File archive_read_support_format_7zip.c header_bytes() denial of service

A vulnerability classified as problematic was found in libarchive 3.0.2 (Document Reader Software). This vulnerability affects the function header_bytes() of the file archive_read_support_format_7zip.c of the component 7zip File Handler. The...
Auteur: VulDB

rssh 2.3.4 command injection [CVE-2019-1000018]

A vulnerability classified as critical has been found in rssh 2.3.4 (SSH Server Software). This affects an unknown function. The manipulation with an unknown input leads to a privilege escalation vulnerability (Command Injection). CWE is...
Auteur: VulDB

Chamilo-lms up to 1.11.8 Access Control ticket_id information disclosure

A vulnerability was found in Chamilo-lms up to 1.11.8 (Content Management System). It has been rated as problematic. Affected by this issue is some processing of the component Access Control. The manipulation of the argument ticket_id with an...
Auteur: VulDB

FFmpeg 4.1 libavcodec/cbs_av1.c denial of service

A vulnerability was found in FFmpeg 4.1 (Multimedia Processing Software). It has been declared as problematic. Affected by this vulnerability is a code block of the file libavcodec/cbs_av1.c. The manipulation with an unknown input leads to a...
Auteur: VulDB
First278279280281282283284285286287Last

Événements SSI

BLACK HAT

Événement majeur mondial sur la sécurité de l'information la conférence Black Hat USA a lieu du 3 au 8 août 2019 à Las Vegas (Mandalay Bay). Organisé par UBM.


Présentation par l'organisateur

Now in its 22nd year, Black Hat USA is the world's leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2019 opens with four days of technical Trainings (August 3-6) followed by the two-day main conference (August 7-8) featuring Briefings, Arsenal, Business Hall, and more.

 Plus d'infos sur le site dédié à l'événement.

LES ASSISES

Grand rendez-vous annuel des RSSI, les Assises de la sécurité des systèmes d'information se tiennent à Monaco (Grimaldi Forum) du 9 au 12 octobre 2019. Organisées par DG Consultants.

Présentation par l'organisateur



Retour sur Les Assises 2018

La 18ème édition des Assises de la Sécurité à Monaco, c’est terminé ! Encore merci aux 2800 participants dont les 160 partenaires qui pendant trois jours se sont retrouvés pour faire vivre cet événement unique en France. Conférences, one-to-one, tables-rondes, ateliers, moments de networking… Par leur contenu, par la qualité des visiteurs et par la richesse des échanges, les Assises se positionnent plus que jamais comme le rendez-vous incontournable de tous les professionnels de la cybersécurité. A l’image du marché qui ne cesse d’évoluer, les Assises savent adapter leur offre afin de répondre au mieux aux attentes du secteur. Ainsi cette édition a-t-elle voulu mettre en avant les grands enjeux du moment en multipliant les prises de parole, les démonstrations et les retours d’expérience.

Rendez-vous maintenant pour la prochaine édition qui aura lieu du 9 au 12 octobre 2019

Plus d'informations sur le site dédié à l'événement.

RSS