dimanche 21 avril 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Cisco Aironet Access Point 8.8/8.9 CLI information disclosure

A vulnerability classified as problematic has been found in Cisco Aironet Access Point 8.8/8.9 (Wireless LAN Software). Affected is an unknown function of the component CLI. The manipulation with an unknown input leads to a information...
Auteur: VulDB

Cisco Aironet Control and Provisioning Packet denial of service

A vulnerability was found in Cisco Aironet (Wireless LAN Software). It has been rated as problematic. This issue affects some processing of the component Control and Provisioning. The manipulation as part of a Packet leads to a denial of service...
Auteur: VulDB

Cisco Email Security Appliance Email Message Scanner privilege escalation

A vulnerability was found in Cisco Email Security Appliance (Anti-Malware Software). It has been declared as critical. This vulnerability affects a code block of the component Email Message Scanner. The manipulation with an unknown input leads...
Auteur: VulDB

Cisco Wireless LAN Controller LSC Restart denial of service

A vulnerability was found in Cisco Wireless LAN Controller (Wireless LAN Software). It has been classified as problematic. This affects code of the component LSC Handler. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

Cisco Aironet CLI privilege escalation [CVE-2019-1829]

A vulnerability was found in Cisco Aironet (Wireless LAN Software) and classified as critical. Affected by this issue is a part of the component CLI. The manipulation with an unknown input leads to a privilege escalation vulnerability. Using CWE...
Auteur: VulDB

Cisco Aironet QoS Crash denial of service

A vulnerability has been found in Cisco Aironet (Wireless LAN Software) and classified as problematic. Affected by this vulnerability is a functionality of the component QoS. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

Cisco Wireless LAN Controller 8.5(140.0) SSH Access Control privilege escalation

A vulnerability, which was classified as critical, was found in Cisco Wireless LAN Controller 8.5(140.0) (Wireless LAN Software). Affected is a function of the component SSH Access Control. The manipulation with an unknown input leads to a...
Auteur: VulDB

Cisco FirePOWER Management Center 6.2.3/6.3.0/6.4.0 Web-based Management Interface cross site scripting

A vulnerability, which was classified as problematic, has been found in Cisco FirePOWER Management Center 6.2.3/6.3.0/6.4.0 (Firewall Software). This issue affects some functionality of the component Web-based Management Interface. The...
Auteur: VulDB

Cisco Wireless LAN Controller up to 8.2/8.5/8.8 IAPP Message denial of service

A vulnerability classified as problematic was found in Cisco Wireless LAN Controller up to 8.2/8.5/8.8 (Wireless LAN Software). This vulnerability affects the functionality of the component IAPP Message Handler. The manipulation with an unknown...
Auteur: VulDB

Cisco Wireless LAN Controller up to 8.2/8.5/8.8 IAPP Message denial of service

A vulnerability classified as problematic has been found in Cisco Wireless LAN Controller up to 8.2/8.5/8.8 (Wireless LAN Software). This affects an unknown function of the component IAPP Message Handler. The manipulation with an unknown input...
Auteur: VulDB

Cisco Wireless LAN Controller up to 8.3/8.5/8.8 Web-based Management Interface cross site request forgery

A vulnerability was found in Cisco Wireless LAN Controller up to 8.3/8.5/8.8 (Wireless LAN Software). It has been rated as problematic. Affected by this issue is some processing of the component Web-based Management Interface. The manipulation ...
Auteur: VulDB

Cisco Wireless LAN Controller up to 8.2/8.5/8.8 IAPP Message denial of service

A vulnerability was found in Cisco Wireless LAN Controller up to 8.2/8.5/8.8 (Wireless LAN Software). It has been declared as problematic. Affected by this vulnerability is a code block of the component IAPP Message Handler. The manipulation ...
Auteur: VulDB

Cisco Directory Connector Search Path privilege escalation [CVE-2019-1794]

A vulnerability was found in Cisco Directory Connector. It has been classified as problematic. Affected is code. The manipulation as part of a Search Path leads to a privilege escalation vulnerability. CWE is classifying the issue as CWE-269....
Auteur: VulDB

Cisco Umbrella API URL Block Page Parameter cross site scripting

A vulnerability was found in Cisco Umbrella API and classified as problematic. This issue affects a part of the component URL Block Page. The manipulation as part of a Parameter leads to a cross site scripting vulnerability. Using CWE to declare...
Auteur: VulDB

Cisco Registered Envelope Service 5.3.4.x Web-based Interface cross site scripting

A vulnerability has been found in Cisco Registered Envelope Service 5.3.4.x and classified as problematic. This vulnerability affects a functionality of the component Web-based Interface. The manipulation with an unknown input leads to a cross...
Auteur: VulDB

Cisco UCS B-Series Blade Server prior 4.0(2a) Local Management CLI Parameter directory traversal

A vulnerability, which was classified as critical, was found in Cisco UCS B-Series Blade Server (Virtualization Software). This affects a function of the component Local Management CLI. The manipulation as part of a Parameter leads to a...
Auteur: VulDB

Cisco up to X12.5.0 Web-based Management Interface Request cross site request forgery

A vulnerability, which was classified as problematic, has been found in Cisco Expressway and TelePresence Video Communication Server up to X12.5.0 (Unified Communication Software). Affected by this issue is some functionality of the component...
Auteur: VulDB

Cisco up to X12.5.0 Phone Book SIP Message CPU Exhaustion denial of service

A vulnerability classified as problematic was found in Cisco Expressway and TelePresence Video Communication Server up to X12.5.0 (Unified Communication Software). Affected by this vulnerability is the functionality of the component Phone Book....
Auteur: VulDB

Cisco up to X12.5.0 XML API CPU Exhaustion denial of service

A vulnerability classified as problematic has been found in Cisco Expressway and TelePresence Video Communication Server up to X12.5.0 (Unified Communication Software). Affected is an unknown function of the component XML API. The manipulation ...
Auteur: VulDB

Cisco Identity Services Engine 2.1 Web-based Management Interface cross site scripting

A vulnerability was found in Cisco Identity Services Engine 2.1 (Policy Management Software). It has been rated as problematic. This issue affects some processing of the component Web-based Management Interface. The manipulation with an unknown...
Auteur: VulDB

Azure PublisherSettings Credentials Plugin up to 1.2 on Jenkins credentials.xml information disclosure

A vulnerability was found in Azure PublisherSettings Credentials Plugin up to 1.2 on Jenkins (Plugin Software). It has been classified as problematic. This affects code of the file credentials.xml. The manipulation with an unknown input leads to...
Auteur: VulDB

jira-ext Plugin up to 0.8 on Jenkins Global Configuration Credentials information disclosure

A vulnerability was found in jira-ext Plugin up to 0.8 on Jenkins (Plugin Software) and classified as problematic. Affected by this issue is a part of the component Global Configuration. The manipulation with an unknown input leads to a...
Auteur: VulDB

GitLab Plugin up to 1.5.11 on Jenkins Permission Check Credentials privilege escalation

A vulnerability has been found in GitLab Plugin up to 1.5.11 on Jenkins (Plugin Software) and classified as critical. Affected by this vulnerability is a functionality of the component Permission Check. The manipulation as part of a Credentials...
Auteur: VulDB

GitLab Plugin up to 1.5.11 on Jenkins cross site request forgery

A vulnerability, which was classified as problematic, was found in GitLab Plugin up to 1.5.11 on Jenkins (Plugin Software). Affected is a function. The manipulation with an unknown input leads to a cross site request forgery vulnerability. CWE...
Auteur: VulDB

OkHttp up to 3.12 Certificate Pinning CertificatePinner.java weak authentication

A vulnerability, which was classified as critical, has been found in OkHttp up to 3.12. This issue affects some functionality of the file CertificatePinner.java of the component Certificate Pinning. The manipulation with an unknown input leads...
Auteur: VulDB
12345678910Last

Événements SSI

READY FOR IT

La première édition de Ready For IT se déroule du 20 au 22 mai 2019 à Monaco (Grimaldi Forum) : conférences, keynotes, ateliers et rendez-vous one-to-one. Organisé par DG Consultants.

Présentation de l'événement par l'organisateur

DG Consultants, l’organisateur depuis 18 ans des Assises de la Sécurité, innove en lançant Ready For It, un nouveau rendez-vous business, centré sur la convergence des technologies et l’expérience client.
Pourquoi ce nouvel événement ?
Parce que la demande explose de la part des entreprises qui sont toutes engagées dans la transformation numérique.
Tandis que les fournisseurs font évoluer leurs offres et s’organisent en écosystèmes technologiques afin d’ être au plus proches des besoins de leurs clients.
Entre les impératifs business, les demandes des métiers, les contraintes techniques, les promesses des nouveaux concepts (IA, BlockChain…), les organisations sont en attente de solutions, de conseils et de service.
S’engager dans le Cloud ?
Oui mais comment et avec quel partenaire ?
Structurer les données mais avec quelles technologies et dans quel cadre ? Et quid de la sécurité qui doit désormais être au cœur de tous les processus IT ?
Voilà pourquoi DG Consultants, la référence dans le monde des rencontres d’affaires a conçu Ready For It.
Pour réunir dans un cadre convivial et autour de contenu de qualité tous les acteurs importants de l’IT, mais également les start-ups qui savent apporter l’innovation et la « disruption ».
Rendez-vous du 20 au 22 mai 2019 à Monaco !

Plus d'infos sur le site dédié à l'événement.

 

HACK IN PARIS

Pour sa 9ème édition la conférence Hack In Paris sur la sécurité IT se tient du 16 au 20 juin 2019 à Paris, Maison de la Chimie. Organisée par Sysdream.

RSS