jeudi 20 juin 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Cisco Integrated Management Controller Server Utilities information disclosure

A vulnerability was found in Cisco Integrated Management Controller (the affected version unknown). It has been classified as problematic. This affects an unknown functionality of the component Server Utilities. The manipulation with an unknown...
Auteur: VulDB

Cisco SD-WAN Solution vManage Web-based UI HTTP Requests privilege escalation

A vulnerability was found in Cisco SD-WAN Solution (affected version not known) and classified as critical. Affected by this issue is an unknown function of the component vManage Web-based UI. The manipulation as part of a HTTP Requests leads to...
Auteur: VulDB

Cisco SD-WAN Solution CLI privilege escalation [CVE-2019-1625]

A vulnerability has been found in Cisco SD-WAN Solution (affected version unknown) and classified as critical. Affected by this vulnerability is some unknown processing of the component CLI. The manipulation with an unknown input leads to a...
Auteur: VulDB

Cisco SD-WAN Solution vManage Web-based UI Code Injection privilege escalation

A vulnerability, which was classified as critical, was found in Cisco SD-WAN Solution (version unknown). Affected is an unknown code block of the component vManage Web-based UI. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

Cisco Meeting Server CLI Code Execution [CVE-2019-1623]

A vulnerability, which was classified as critical, has been found in Cisco Meeting Server (unknown version). This issue affects an unknown code of the component CLI. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

Libgcrypt 1.8.4 AES Side-Channel weak encryption

A vulnerability classified as critical was found in Libgcrypt 1.8.4. This vulnerability affects an unknown part of the component AES. The manipulation with an unknown input leads to a weak encryption vulnerability (Side-Channel). The CWE...
Auteur: VulDB

Pydio Cells up to 1.4.x Error Message Name information disclosure

A vulnerability classified as problematic has been found in Pydio Cells up to 1.4.x. This affects some unknown functionality of the component Error Message Handler. The manipulation of the argument Name as part of a Unicode leads to a...
Auteur: VulDB

Pydio Cells up to 1.4.x Cleanup information disclosure

A vulnerability was found in Pydio Cells up to 1.4.x. It has been rated as problematic. Affected by this issue is an unknown functionality of the component Cleanup. The manipulation with an unknown input leads to a information disclosure...
Auteur: VulDB

Pydio Cells up to 1.4.x directory traversal [CVE-2019-12901]

A vulnerability was found in Pydio Cells up to 1.4.x. It has been declared as critical. Affected by this vulnerability is an unknown function. The manipulation with the input value ../ leads to a directory traversal vulnerability. The CWE...
Auteur: VulDB

bzip2 up to 1.0.6 decompress.c BZ2_decompress memory corruption

A vulnerability was found in bzip2 up to 1.0.6. It has been classified as critical. Affected is the function BZ2_decompress of the file decompress.c. The manipulation with an unknown input leads to a memory corruption vulnerability...
Auteur: VulDB

Delta Electronics Electron 2.04 User Mode memory corruption

A vulnerability was found in Delta Electronics Electron 2.04 and classified as critical. This issue affects an unknown code block of the component User Mode. The manipulation with an unknown input leads to a memory corruption vulnerability....
Auteur: VulDB

Delta Electronics DeviceNet Builder 2.04 User Mode memory corruption

A vulnerability has been found in Delta Electronics DeviceNet Builder 2.04 and classified as critical. This vulnerability affects an unknown code of the component User Mode. The manipulation with an unknown input leads to a memory corruption...
Auteur: VulDB

EdrawSoft Edraw Max 7.9.3 Instruction Pointer Clear+0x0000000000000074 memory corruption

A vulnerability, which was classified as critical, was found in EdrawSoft Edraw Max 7.9.3. This affects the function ObjectModule!Paint::Clear+0x0000000000000074 of the component Instruction Pointer. The manipulation with an unknown input leads...
Auteur: VulDB

EdrawSoft Edraw Max 7.9.3 Heap-based memory corruption

A vulnerability, which was classified as critical, has been found in EdrawSoft Edraw Max 7.9.3. Affected by this issue is some unknown functionality. The manipulation with an unknown input leads to a memory corruption vulnerability (Heap-based)....
Auteur: VulDB

Alternate Pic View 2.600 Exception memory corruption

A vulnerability classified as critical was found in Alternate Pic View 2.600. Affected by this vulnerability is an unknown functionality of the component Exception Handler. The manipulation with an unknown input leads to a memory corruption...
Auteur: VulDB

Alternate Pic View 2.600 Instruction Pointer memory corruption

A vulnerability classified as critical has been found in Alternate Pic View 2.600. Affected is an unknown function of the component Instruction Pointer. The manipulation with an unknown input leads to a memory corruption vulnerability. CWE is...
Auteur: VulDB

Alternate Pic View 2.600 User Mode memory corruption

A vulnerability was found in Alternate Pic View 2.600. It has been rated as critical. This issue affects some unknown processing of the component User Mode. The manipulation with an unknown input leads to a memory corruption vulnerability. Using...
Auteur: VulDB

Google Android up to 9.0 llcp_util.cc llcp_util_parse_link_params memory corruption

A vulnerability was found in Google Android up to 9.0 (Smartphone Operating System). It has been declared as critical. This vulnerability affects the function llcp_util_parse_link_params of the file llcp_util.cc. The manipulation with an unknown...
Auteur: VulDB

Google Android up to 9.0 llcp_util.cc llcp_util_parse_cc memory corruption

A vulnerability was found in Google Android up to 9.0 (Smartphone Operating System). It has been classified as critical. This affects the function llcp_util_parse_cc of the file llcp_util.cc. The manipulation with an unknown input leads to a...
Auteur: VulDB

CERTFR-2019-AVI-285 : Vulnérabilité dans Oracle WebLogic (20 juin 2019)

Une vulnérabilité a été découverte dans Oracle WebLogic. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Auteur: Cert FR

CERTFR-2019-AVI-284 : Multiples vulnérabilités dans les produits Cisco (20 juin 2019)

De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique...
Auteur: Cert FR

Google Android up to 9.0 llcp_util.cc llcp_util_parse_connect memory corruption

A vulnerability was found in Google Android up to 9.0 (Smartphone Operating System) and classified as critical. Affected by this issue is the function llcp_util_parse_connect of the file llcp_util.cc. The manipulation with an unknown input leads...
Auteur: VulDB

Forgerock Access Management OAuth 2.0 Authorization Server Request Reflected cross site scripting

A vulnerability has been found in Forgerock Access Management (Access Management Software) (affected version unknown) and classified as problematic. Affected by this vulnerability is some unknown functionality of the component OAuth 2.0...
Auteur: VulDB

Forgerock Access Management OAuth 2.0 Authorization Server redirect_uri Open Redirect

A vulnerability, which was classified as problematic, was found in Forgerock Access Management (Access Management Software) (version unknown). Affected is an unknown functionality of the component OAuth 2.0 Authorization Server. The manipulation...
Auteur: VulDB

CERTFR-2019-AVI-283 : Vulnérabilité dans BIND (20 juin 2019)

Une vulnérabilité a été découverte dans BIND. Elle permet à un attaquant de provoquer un déni de service à distance.

Auteur: Cert FR
12345678910Last

Événements SSI

HACK IN PARIS

Pour sa 9ème édition la conférence Hack In Paris sur la sécurité IT se tient du 16 au 20 juin 2019 à Paris, Maison de la Chimie. Organisée par Sysdream.

LES ASSISES

Grand rendez-vous annuel des RSSI, les Assises de la sécurité des systèmes d'information se tiennent à Monaco (Grimaldi Forum) du 9 au 12 octobre 2019. Organisées par DG Consultants.

Présentation par l'organisateur



Retour sur Les Assises 2018

La 18ème édition des Assises de la Sécurité à Monaco, c’est terminé ! Encore merci aux 2800 participants dont les 160 partenaires qui pendant trois jours se sont retrouvés pour faire vivre cet événement unique en France. Conférences, one-to-one, tables-rondes, ateliers, moments de networking… Par leur contenu, par la qualité des visiteurs et par la richesse des échanges, les Assises se positionnent plus que jamais comme le rendez-vous incontournable de tous les professionnels de la cybersécurité. A l’image du marché qui ne cesse d’évoluer, les Assises savent adapter leur offre afin de répondre au mieux aux attentes du secteur. Ainsi cette édition a-t-elle voulu mettre en avant les grands enjeux du moment en multipliant les prises de parole, les démonstrations et les retours d’expérience.

Rendez-vous maintenant pour la prochaine édition qui aura lieu du 9 au 12 octobre 2019

Plus d'informations sur le site dédié à l'événement.

RSS