mardi 16 juillet 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Openshift Container Platform Reflected cross site scripting [CVE-2019-3889]

A vulnerability, which was classified as problematic, was found in Openshift Container Platform (Virtualization Software) (version unknown). Affected is an unknown part. The manipulation with an unknown input leads to a cross site scripting...
Auteur: VulDB

ZTE MW NR8000V2.4.4.03/NR8000V2.4.4.04 directory traversal [CVE-2019-3415]

A vulnerability classified as problematic was found in ZTE MW NR8000V2.4.4.03/NR8000V2.4.4.04. This vulnerability affects an unknown functionality. The manipulation with an unknown input leads to a directory traversal vulnerability. The CWE...
Auteur: VulDB

MiniMagick up to 4.9.3 lib/mini_magick/image.rb Image.open Image File privilege escalation

A vulnerability classified as critical has been found in MiniMagick up to 4.9.3. This affects the function Image.open in the library lib/mini_magick/image.rb. The manipulation as part of a Image File leads to a privilege escalation...
Auteur: VulDB

Zoom Client up to 4.4.1 on MacOS ZoomOpener Daemon URL Remote Code Execution

A vulnerability was found in Zoom Client up to 4.4.1 on MacOS. It has been rated as critical. Affected by this issue is some unknown processing of the component ZoomOpener Daemon. The manipulation as part of a URL leads to a privilege escalation...
Auteur: VulDB

Ping Identity Agentless Integration Kit up to 1.4 cross site scripting

A vulnerability was found in Ping Identity Agentless Integration Kit up to 1.4. It has been declared as problematic. Affected by this vulnerability is an unknown code block. The manipulation with an unknown input leads to a cross site scripting...
Auteur: VulDB

Castle Rock SNMPc up to 9.0.12.0/10.0.8 Map Object nodeimp.exe Text File memory corruption

A vulnerability was found in Castle Rock SNMPc up to 9.0.12.0/10.0.8. It has been classified as critical. Affected is an unknown code of the file nodeimp.exe of the component Map Object Handler. The manipulation as part of a Text File leads to a...
Auteur: VulDB

REDCap up to 8.10.19/9.1.1 Admin Panel/Survey System Stored cross site scripting

A vulnerability was found in REDCap up to 8.10.19/9.1.1 and classified as problematic. This issue affects an unknown part of the component Admin Panel/Survey System. The manipulation with an unknown input leads to a cross site scripting...
Auteur: VulDB

Symantec Messaging Gateway up to 10.7.0 privilege escalation

A vulnerability has been found in Symantec Messaging Gateway up to 10.7.0 and classified as critical. This vulnerability affects some unknown functionality. The manipulation with an unknown input leads to a privilege escalation vulnerability....
Auteur: VulDB

London Trust Media Private Internet Access v82 on Linux/macOS Shell Metacharacter privilege escalation

A vulnerability, which was classified as critical, was found in London Trust Media Private Internet Access v82 on Linux/macOS. This affects an unknown functionality. The manipulation as part of a Shell Metacharacter leads to a privilege...
Auteur: VulDB

London Trust Media Private Internet Access v82 on Linux openvpn Parameter privilege escalation

A vulnerability, which was classified as critical, has been found in London Trust Media Private Internet Access v82 on Linux. Affected by this issue is an unknown function of the file /opt/pia/openvpn-64/openvpn. The manipulation as part of a...
Auteur: VulDB

London Trust Media Private Internet Access v82 on MacOS /tmp/pia_upscript.sh privilege escalation

A vulnerability classified as critical was found in London Trust Media Private Internet Access v82 on MacOS. Affected by this vulnerability is some unknown processing of the file /tmp/pia_upscript.sh. The manipulation with an unknown input leads...
Auteur: VulDB

London Trust Media Private Internet Access v82 on MacOS openvpn_launcher Environment Variable privilege escalation

A vulnerability classified as critical has been found in London Trust Media Private Internet Access v82 on MacOS. Affected is an unknown code block of the component openvpn_launcher. The manipulation as part of a Environment Variable leads to a...
Auteur: VulDB

London Trust Media Private Internet Access v82 on Linux /opt/pia/ruby/64/ruby privilege escalation

A vulnerability was found in London Trust Media Private Internet Access v82 on Linux. It has been rated as critical. This issue affects an unknown code in the library /tmp/ruby-deploy.old/lib of the file /opt/pia/ruby/64/ruby. The manipulation ...
Auteur: VulDB

London Trust Media Private Internet Access 1.0 on Windows DLL privilege escalation

A vulnerability was found in London Trust Media Private Internet Access 1.0 on Windows. It has been declared as critical. This vulnerability affects an unknown part of the component DLL Handler. The manipulation with an unknown input leads to a...
Auteur: VulDB

London Trust Media Private Internet Access v82 on Linux/macOS Parameter privilege escalation

A vulnerability was found in London Trust Media Private Internet Access v82 on Linux/macOS. It has been classified as critical. This affects some unknown functionality. The manipulation as part of a Parameter leads to a privilege escalation...
Auteur: VulDB

London Trust Media Private Internet Access 0.9.8 Beta Build 02099 on MacOS /tmp/pia-watcher.plist privilege escalation

A vulnerability was found in London Trust Media Private Internet Access 0.9.8 Beta Build 02099 on MacOS and classified as critical. Affected by this issue is an unknown functionality of the file /tmp/pia-watcher.plist. The manipulation with an...
Auteur: VulDB

Squid Proxy up to 2.7.STABLE9/3.5.28/4.7 HTTP Header Authorization Header memory corruption

A vulnerability has been found in Squid Proxy up to 2.7.STABLE9/3.5.28/4.7 (Firewall Software) and classified as critical. Affected by this vulnerability is an unknown function of the component HTTP Header Handler. The manipulation as part of a...
Auteur: VulDB

Squid Proxy up to 4.7.0 HttpHeader::getAuth Header memory corruption

A vulnerability, which was classified as critical, was found in Squid Proxy up to 4.7.0. Affected is the function HttpHeader::getAuth. The manipulation as part of a Header leads to a memory corruption vulnerability (Heap-based). CWE is...
Auteur: VulDB

Squid Proxy up to 3.5.28/4.7.0 Header Parser Proxy-Authorization memory corruption

A vulnerability, which was classified as critical, has been found in Squid Proxy up to 3.5.28/4.7.0. This issue affects an unknown code block of the component Header Parser. The manipulation of the argument Proxy-Authorization with an unknown...
Auteur: VulDB

Cloud Foundry UAA up to 73.2.x information disclosure [CVE-2019-11268]

A vulnerability classified as problematic was found in Cloud Foundry UAA up to 73.2.x. This vulnerability affects an unknown code. The manipulation with an unknown input leads to a information disclosure vulnerability. The CWE definition for the...
Auteur: VulDB

Intel Processor Diagnostic Tool up to 4.1.2 Access Control privilege escalation

A vulnerability classified as critical has been found in Intel Processor Diagnostic Tool up to 4.1.2. This affects an unknown part of the component Access Control. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

SUNNET WMPro 5.0/5.1 doajaxfileupload.php" privilege escalation

A vulnerability was found in SUNNET WMPro 5.0/5.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file /teach/course/doajaxfileupload.php". The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

Rockwell Automation PanelView 5510 prior 4.003/5.002 privilege escalation

A vulnerability was found in Rockwell Automation PanelView 5510. It has been declared as very critical. Affected by this vulnerability is an unknown functionality. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

Siemens SIMATIC PCS 7/SIMATIC WinCC File Upload ASPX File Code Execution

A vulnerability was found in Siemens SIMATIC PCS 7 and SIMATIC WinCC (version unknown). It has been classified as critical. Affected is an unknown function of the component File Upload. The manipulation as part of a ASPX File leads to a...
Auteur: VulDB

Siemens Spectrum Power 7 User Interface cross site scripting

A vulnerability was found in Siemens Spectrum Power 3, Spectrum Power 4, Spectrum Power 5 and Spectrum Power 7 (unknown version) and classified as problematic. This issue affects some unknown processing of the component User Interface. The...
Auteur: VulDB
12345678910Last

Événements SSI

BLACK HAT

Événement majeur mondial sur la sécurité de l'information la conférence Black Hat USA a lieu du 3 au 8 août 2019 à Las Vegas (Mandalay Bay). Organisé par UBM.


Présentation par l'organisateur

Now in its 22nd year, Black Hat USA is the world's leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2019 opens with four days of technical Trainings (August 3-6) followed by the two-day main conference (August 7-8) featuring Briefings, Arsenal, Business Hall, and more.

 Plus d'infos sur le site dédié à l'événement.

LES ASSISES

Grand rendez-vous annuel des RSSI, les Assises de la sécurité des systèmes d'information se tiennent à Monaco (Grimaldi Forum) du 9 au 12 octobre 2019. Organisées par DG Consultants.

Présentation par l'organisateur



Retour sur Les Assises 2018

La 18ème édition des Assises de la Sécurité à Monaco, c’est terminé ! Encore merci aux 2800 participants dont les 160 partenaires qui pendant trois jours se sont retrouvés pour faire vivre cet événement unique en France. Conférences, one-to-one, tables-rondes, ateliers, moments de networking… Par leur contenu, par la qualité des visiteurs et par la richesse des échanges, les Assises se positionnent plus que jamais comme le rendez-vous incontournable de tous les professionnels de la cybersécurité. A l’image du marché qui ne cesse d’évoluer, les Assises savent adapter leur offre afin de répondre au mieux aux attentes du secteur. Ainsi cette édition a-t-elle voulu mettre en avant les grands enjeux du moment en multipliant les prises de parole, les démonstrations et les retours d’expérience.

Rendez-vous maintenant pour la prochaine édition qui aura lieu du 9 au 12 octobre 2019

Plus d'informations sur le site dédié à l'événement.

RSS