vendredi 20 septembre 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Atlassian SourceTree up to 3.0.9 on Windows URI Remote Code Execution

A vulnerability, which was classified as critical, has been found in Atlassian SourceTree up to 3.0.9 on Windows. This issue affects some functionality of the component URI Handler. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

Atlassian SourceTree up to 3.0.14 on Windows Mercurial Repository Filename Remote Code Execution

A vulnerability classified as critical was found in Atlassian SourceTree up to 3.0.14 on Windows. This vulnerability affects the functionality of the component Mercurial Repository Handler. The manipulation as part of a Filename leads to a...
Auteur: VulDB

Atlassian SourceTree up to 3.1.0 on MacOS Mercurial Repository Filename Remote Code Execution

A vulnerability classified as critical has been found in Atlassian SourceTree up to 3.1.0 on MacOS. This affects an unknown function of the component Mercurial Repository Handler. The manipulation as part of a Filename leads to a privilege...
Auteur: VulDB

Botan up to 2.8.x ECC Key Generation Side-Channel weak encryption

A vulnerability was found in Botan up to 2.8.x. It has been rated as critical. Affected by this issue is some processing of the component ECC Key Generation. The manipulation with an unknown input leads to a weak encryption vulnerability...
Auteur: VulDB

Apache Solr up to 7.6 shards Server-Side Request Forgery

A vulnerability was found in Apache Solr up to 7.6. It has been declared as critical. Affected by this vulnerability is a code block. The manipulation of the argument shards as part of a HTTP GET Request leads to a privilege escalation...
Auteur: VulDB

GNOME glib 2.59.2 GTask gio/gsocketclient.c g_socket_client_connected_callback denial of service

A vulnerability, which was classified as problematic, has been found in GNOME glib 2.59.2. Affected by this issue is the function g_socket_client_connected_callback of the file gio/gsocketclient.c of the component GTask Handler. The manipulation...
Auteur: VulDB

ESAFENET CDG V3/V5 download.jsp fileName information disclosure

A vulnerability classified as problematic was found in ESAFENET CDG V3/V5. Affected by this vulnerability is the functionality of the file download.jsp. The manipulation of the argument fileName as part of a Parameter leads to a information...
Auteur: VulDB

poppler 0.74.0 CairoRescaleBox.cc downsample_row_box_filter memory corruption

A vulnerability classified as critical has been found in poppler 0.74.0 (Document Reader Software). Affected is the function downsample_row_box_filter of the file CairoRescaleBox.cc. The manipulation with an unknown input leads to a memory...
Auteur: VulDB

CyberArk Endpoint Privilege Manager up to 10.6 Kernel Driver CybKernelTracker.sys Long Path memory corruption

A vulnerability was found in CyberArk Endpoint Privilege Manager up to 10.6. It has been rated as critical. This issue affects some processing in the library CybKernelTracker.sys of the component Kernel Driver. The manipulation as part of a Long...
Auteur: VulDB

UltraVNC up to 1203 VNC Client Out-of-Bounds memory corruption

A vulnerability was found in UltraVNC up to 1203. It has been classified as critical. This affects code of the component VNC Client. The manipulation with an unknown input leads to a memory corruption vulnerability (Out-of-Bounds). CWE is...
Auteur: VulDB

UltraVNC up to 1211 VNC Server Memory Leak memory corruption

A vulnerability was found in UltraVNC up to 1211 and classified as critical. Affected by this issue is a part of the component VNC Server. The manipulation with an unknown input leads to a memory corruption vulnerability (Memory Leak). Using CWE...
Auteur: VulDB

UltraVNC up to 1211 VNC Server Request Stack-based memory corruption

A vulnerability has been found in UltraVNC up to 1211 and classified as critical. Affected by this vulnerability is a functionality of the component VNC Server. The manipulation as part of a Request leads to a memory corruption vulnerability...
Auteur: VulDB

UltraVNC up to 1211 VNC Server memory corruption

A vulnerability, which was classified as critical, was found in UltraVNC up to 1211. Affected is a function of the component VNC Server. The manipulation with an unknown input leads to a memory corruption vulnerability. CWE is classifying the...
Auteur: VulDB

UltraVNC up to 1211 VNC Server Heap-based memory corruption

A vulnerability, which was classified as critical, has been found in UltraVNC up to 1211. This issue affects some functionality of the component VNC Server. The manipulation with an unknown input leads to a memory corruption vulnerability...
Auteur: VulDB

UltraVNC up to 1211 VNC Server Request Heap-based memory corruption

A vulnerability classified as critical was found in UltraVNC up to 1211. This vulnerability affects the functionality of the component VNC Server. The manipulation as part of a Request leads to a memory corruption vulnerability (Heap-based). The...
Auteur: VulDB

UltraVNC up to 1211 VNC Server Off-By-One memory corruption

A vulnerability classified as critical has been found in UltraVNC up to 1211. This affects an unknown function of the component VNC Server. The manipulation with an unknown input leads to a memory corruption vulnerability (Off-By-One). CWE is...
Auteur: VulDB

UltraVNC up to 1211 VNC Server Heap-based memory corruption

A vulnerability was found in UltraVNC up to 1211. It has been rated as critical. Affected by this issue is some processing of the component VNC Server. The manipulation with an unknown input leads to a memory corruption vulnerability...
Auteur: VulDB

Python up to 2.7.16/3.7.2 Unicode urllib.parse.urlsplit information disclosure

A vulnerability has been found in Python up to 2.7.16/3.7.2 (Programming Language Software) and classified as problematic. This vulnerability affects a functionality in the library urllib.parse.urlsplit of the component Unicode Handler. The...
Auteur: VulDB

Google Go up to 1.12 on Windows DLL Loader LoadLibrary privilege escalation

A vulnerability, which was classified as critical, was found in Google Go up to 1.12 on Windows (Programming Language Software). This affects the function LoadLibrary of the component DLL Loader. The manipulation with an unknown input leads to a...
Auteur: VulDB

Google Releases Security Updates for Chrome

Original release date: March 07, 2019 Google has released Chrome version 72.0.3626.122 for most Chrome OS devices. This version addresses a vulnerability that a remote attacker could exploit to take control of an affected system. This...
Auteur: US Cert

ICSJWG Spring Meeting and Call for Abstracts (Deadline Extended)

Original release date: March 07, 2019 The Industrial Control Systems Joint Working Group (ICSJWG)—a collaborative and coordinating body operating under the Critical Infrastructure Partnership Advisory Council (CIPAC) framework—will hold...
Auteur: US Cert

CERTFR-2019-AVI-093 : Multiples vulnérabilités dans PHP (07 mars 2019)

De multiples vulnérabilités ont été découvertes dans PHP. Elles permettent à un attaquant de provoquer

Auteur: Cert FR

CERTFR-2019-AVI-092 : Multiples vulnérabilités dans les produits Cisco (07 mars 2019)

De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à...
Auteur: Cert FR

eBrigade up to 4.5 showfile.php file directory traversal

A vulnerability, which was classified as problematic, was found in eBrigade up to 4.5. Affected is a function of the file showfile.php. The manipulation of the argument file with the input value ../ leads to a directory traversal vulnerability....
Auteur: VulDB

Webmin 1.900 Java File Manager /updown/upload.cgi Remote Code Execution

A vulnerability was found in Webmin 1.900 (Software Management Software) and classified as critical. Affected by this issue is a part of the file /updown/upload.cgi of the component Java File Manager. The manipulation with an unknown input leads...
Auteur: VulDB
First384385386387388389390391392393Last

Événements SSI

LES ASSISES

Grand rendez-vous annuel des RSSI, les Assises de la sécurité des systèmes d'information se tiennent à Monaco (Grimaldi Forum) du 9 au 12 octobre 2019. Organisées par DG Consultants.

BLOCKCHAIN

Conférence et exposition sur les applications d'entreprise de la blockchain à Paris, cité universitaire internationale, les 13 et 14 novembre 2019. Organisés par Corp Agency.

TRUSTECH

Cet événement international dédié aux paiements, à l'identification et à la sécurité est organisé à Cannes (palais des festivals) du 26 au 28 novembre 2019. Organisé par Comexposium.

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS