mercredi 22 mai 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Cybozu Garoon up to 4.6.3 Installer privilege escalation

A vulnerability classified as critical was found in Cybozu Garoon up to 4.6.3 (Groupware Software). This vulnerability affects the functionality of the component Installer. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

Cybozu Garoon up to 4.6.3 Access Restriction privilege escalation

A vulnerability classified as critical has been found in Cybozu Garoon up to 4.6.3 (Groupware Software). This affects an unknown function of the component Access Restriction. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

Cybozu Garoon up to 4.6.3 Memo Application cross site scripting

A vulnerability was found in Cybozu Garoon up to 4.6.3 (Groupware Software). It has been rated as problematic. Affected by this issue is some processing of the component Memo Application. The manipulation with an unknown input leads to a cross...
Auteur: VulDB

Cybozu Garoon up to 4.6.3 Customize Item cross site scripting

A vulnerability was found in Cybozu Garoon up to 4.6.3 (Groupware Software). It has been declared as problematic. Affected by this vulnerability is a code block of the component Customize Item Handler. The manipulation with an unknown input...
Auteur: VulDB

GitLab Community Edition/Enterprise Edition up to 11.3.10/11.4.7/11.5.0 Access Control Comment privilege escalation

A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 11.3.10/11.4.7/11.5.0. It has been classified as critical. Affected is code of the component Access Control. The manipulation as part of a Comment leads to a...
Auteur: VulDB

IBM WebSphere Application Server 8.5/9.0 Serialized Object privilege escalation

A vulnerability was found in IBM WebSphere Application Server 8.5/9.0 (Application Server Software) and classified as critical. This issue affects a part. The manipulation as part of a Serialized Object leads to a privilege escalation...
Auteur: VulDB

IBM Cloud Private Kubernetes API Server 2.1.0/3.1.0/3.1.1/3.1.2 HTTP Proxy unknown vulnerability

A vulnerability has been found in IBM Cloud Private Kubernetes API Server 2.1.0/3.1.0/3.1.1/3.1.2 (Cloud Software) and classified as critical. This vulnerability affects a functionality of the component HTTP Proxy Handler. The impact remains...
Auteur: VulDB

typora 0.9.9.21.1 file: URL HREF Code Execution

A vulnerability, which was classified as critical, was found in typora 0.9.9.21.1. This affects a function of the component file: URL Handler. The manipulation of the argument HREF as part of a Attribute leads to a privilege escalation...
Auteur: VulDB

ATutor up to 2.2.4 upload.php ZIP Archive privilege escalation

A vulnerability, which was classified as critical, has been found in ATutor up to 2.2.4 (Learning Management Software). Affected by this issue is some functionality of the file mods/_core/backups/upload.php. The manipulation as part of a ZIP...
Auteur: VulDB

Four-Faith Wireless Mobile Router F3x24 1.0 Administration Remote Code Execution

A vulnerability classified as critical was found in Four-Faith Wireless Mobile Router F3x24 1.0 (Router Operating System). Affected by this vulnerability is the functionality of the component Administration. The manipulation with an unknown...
Auteur: VulDB

GAT-Ship Web Module up to 1.30 SqlVersion Request information disclosure

A vulnerability classified as problematic has been found in GAT-Ship Web Module up to 1.30. Affected is an unknown function of the file ws/gatshipWs.asmx/SqlVersion. The manipulation with the input value {} leads to a information disclosure...
Auteur: VulDB

WPO webpagetest 19.04 www/runtest.php ValidateURL Encoding Server-Side Request Forgery

A vulnerability was found in WPO webpagetest 19.04. It has been rated as critical. This issue affects the function ValidateURL of the file www/runtest.php. The manipulation as part of a Encoding leads to a privilege escalation vulnerability...
Auteur: VulDB

GoHTTP up to 2017-07-25 sendHeader memory corruption

A vulnerability was found in GoHTTP up to 2017-07-25. It has been declared as critical. This vulnerability affects the function sendHeader. The manipulation with an unknown input leads to a memory corruption vulnerability (Use-After-Free). The...
Auteur: VulDB

GoHTTP up to 2017-07-25 scan Long URL memory corruption

A vulnerability was found in GoHTTP up to 2017-07-25. It has been classified as critical. This affects the function scan. The manipulation as part of a Long URL leads to a memory corruption vulnerability (Stack-based). CWE is classifying the...
Auteur: VulDB

GoHTTP up to 2017-07-25 Extension GetExtension memory corruption

A vulnerability was found in GoHTTP up to 2017-07-25 and classified as critical. Affected by this issue is the function GetExtension of the component Extension Handler. The manipulation with an unknown input leads to a memory corruption...
Auteur: VulDB

FasterXML jackson-databind up to 2.9.8 Default Typing privilege escalation

A vulnerability has been found in FasterXML jackson-databind up to 2.9.8 and classified as critical. Affected by this vulnerability is a functionality of the component Default Typing. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

SimplyBook.me up to 2019-05-11 File Upload Remote Code Execution

A vulnerability, which was classified as critical, was found in SimplyBook.me up to 2019-05-11. Affected is a function of the component File Upload. The manipulation with an unknown input leads to a privilege escalation vulnerability (Code...
Auteur: VulDB

F-Secure SAFE for Windows Installer OLEACC.dll privilege escalation

A vulnerability, which was classified as critical, has been found in F-Secure SAFE for Windows, Internet Security, Anti-Virus, Client Security, PSB Workstation Security and Computer Protection (Anti-Malware Software). This issue affects some...
Auteur: VulDB

Intel Driver & Support Assistant up to 19.3.12.3 denial of service

A vulnerability classified as problematic was found in Intel Driver & Support Assistant up to 19.3.12.3 (Hardware Driver Software). This vulnerability affects the functionality. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

Intel Driver & Support Assistant up to 19.3.12.3 Access Control information disclosure

A vulnerability classified as problematic has been found in Intel Driver & Support Assistant up to 19.3.12.3 (Hardware Driver Software). This affects an unknown function of the component Access Control. The manipulation with an unknown input...
Auteur: VulDB

Intel NUC Kit System Firmware privilege escalation [CVE-2019-11094]

A vulnerability was found in Intel NUC Kit (affected version not known). It has been rated as critical. Affected by this issue is some processing of the component System Firmware. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

Intel SCS Discovery Utility up to 12.0.0.129 privilege escalation

A vulnerability was found in Intel SCS Discovery Utility up to 12.0.0.129. It has been declared as critical. Affected by this vulnerability is a code block. The manipulation with an unknown input leads to a privilege escalation vulnerability....
Auteur: VulDB

Intel i915 Graphics up to 4.x on Linux Kernel Mode Driver privilege escalation

A vulnerability was found in Intel i915 Graphics up to 4.x on Linux. It has been classified as critical. Affected is code of the component Kernel Mode Driver. The manipulation with an unknown input leads to a privilege escalation vulnerability....
Auteur: VulDB

vTiger CRM up to 7.1.0 Hotfix 2 sql injection [CVE-2019-11057]

A vulnerability was found in vTiger CRM up to 7.1.0 Hotfix 2 (Customer Relationship Management System) and classified as critical. This issue affects a part. The manipulation with an unknown input leads to a sql injection vulnerability. Using...
Auteur: VulDB

cockpit-ovirt ansibleVarFileXXXXXX.var information disclosure

A vulnerability has been found in cockpit-ovirt (Virtualization Software) (the affected version is unknown) and classified as problematic. This vulnerability affects a functionality of the file...
Auteur: VulDB
12345678910Last

Événements SSI

READY FOR IT

La première édition de Ready For IT se déroule du 20 au 22 mai 2019 à Monaco (Grimaldi Forum) : conférences, keynotes, ateliers et rendez-vous one-to-one. Organisé par DG Consultants.

Présentation de l'événement par l'organisateur

DG Consultants, l’organisateur depuis 18 ans des Assises de la Sécurité, innove en lançant Ready For It, un nouveau rendez-vous business, centré sur la convergence des technologies et l’expérience client.
Pourquoi ce nouvel événement ?
Parce que la demande explose de la part des entreprises qui sont toutes engagées dans la transformation numérique.
Tandis que les fournisseurs font évoluer leurs offres et s’organisent en écosystèmes technologiques afin d’ être au plus proches des besoins de leurs clients.
Entre les impératifs business, les demandes des métiers, les contraintes techniques, les promesses des nouveaux concepts (IA, BlockChain…), les organisations sont en attente de solutions, de conseils et de service.
S’engager dans le Cloud ?
Oui mais comment et avec quel partenaire ?
Structurer les données mais avec quelles technologies et dans quel cadre ? Et quid de la sécurité qui doit désormais être au cœur de tous les processus IT ?
Voilà pourquoi DG Consultants, la référence dans le monde des rencontres d’affaires a conçu Ready For It.
Pour réunir dans un cadre convivial et autour de contenu de qualité tous les acteurs importants de l’IT, mais également les start-ups qui savent apporter l’innovation et la « disruption ».
Rendez-vous du 20 au 22 mai 2019 à Monaco !

Plus d'infos sur le site dédié à l'événement.

 

HACK IN PARIS

Pour sa 9ème édition la conférence Hack In Paris sur la sécurité IT se tient du 16 au 20 juin 2019 à Paris, Maison de la Chimie. Organisée par Sysdream.

RSS