jeudi 18 juillet 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Citrix SD-WAN/Netscaler SD-WAN command injection [CVE-2019-12985]

A vulnerability was found in Citrix SD-WAN and Netscaler SD-WAN (Network Management Software) (the affected version unknown). It has been classified as very critical. This affects an unknown function. The manipulation with an unknown input...
Auteur: VulDB

HT2 Labs Learning Locker 3.15.1 dashboards/ PATH_INFO cross site scripting

A vulnerability was found in HT2 Labs Learning Locker 3.15.1 and classified as problematic. Affected by this issue is some unknown processing of the file dashboards/. The manipulation of the argument PATH_INFO with an unknown input leads to a...
Auteur: VulDB

Microstrategy Web up to 10.4.5 Stored cross site scripting

A vulnerability has been found in Microstrategy Web up to 10.4.5 and classified as problematic. Affected by this vulnerability is an unknown code block. The manipulation with an unknown input leads to a cross site scripting vulnerability...
Auteur: VulDB

Zeek Network Security Monitor up to 2.6.1 Kerberos Protocol Parser NULL Pointer Dereference denial of service

A vulnerability, which was classified as problematic, was found in Zeek Network Security Monitor up to 2.6.1. Affected is an unknown code of the component Kerberos Protocol Parser. The manipulation with an unknown input leads to a denial of...
Auteur: VulDB

Jenkins up to LTS 2.176.1/2.185 Stapler Web Framework information disclosure

A vulnerability, which was classified as problematic, has been found in Jenkins up to LTS 2.176.1/2.185 (Continuous Integration Software). This issue affects an unknown part of the component Stapler Web Framework. The manipulation with an...
Auteur: VulDB

Jenkins up to LTS 2.176.1/2.185 CSRF Protection Expired privilege escalation

A vulnerability classified as problematic was found in Jenkins up to LTS 2.176.1/2.185 (Continuous Integration Software). This vulnerability affects some unknown functionality of the component CSRF Protection. The manipulation with an unknown...
Auteur: VulDB

Jenkins up to LTS 2.176.1/2.185 FileParameterValue.java Parameter directory traversal

A vulnerability classified as critical has been found in Jenkins up to LTS 2.176.1/2.185 (Continuous Integration Software). This affects an unknown functionality of the file core/src/main/java/hudson/model/FileParameterValue.java. The...
Auteur: VulDB

Knot Resolver up to 4.0.x DNS Resolver Downgrade privilege escalation

A vulnerability was found in Knot Resolver up to 4.0.x. It has been rated as critical. Affected by this issue is an unknown function of the component DNS Resolver. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

Knot Resolver up to 4.0.x DNS Resolver DNSSEC privilege escalation

A vulnerability was found in Knot Resolver up to 4.0.x. It has been declared as critical. Affected by this vulnerability is some unknown processing of the component DNS Resolver. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

Linaro OP-TEE up to 3.3.x optee_os memory corruption

A vulnerability was found in Linaro OP-TEE up to 3.3.x. It has been classified as critical. Affected is an unknown code block of the component optee_os. The manipulation with an unknown input leads to a memory corruption vulnerability. CWE is...
Auteur: VulDB

Mikrobi Babel on MODX redirect.php newurl Open Redirect

A vulnerability was found in Mikrobi Babel on MODX (unknown version) and classified as problematic. This issue affects an unknown code of the file redirect.php. The manipulation of the argument newurl as part of a Parameter leads to a privilege...
Auteur: VulDB

TinyMCE 4.7.11 Media Element cross site scripting

A vulnerability has been found in TinyMCE 4.7.11 and classified as problematic. This vulnerability affects an unknown part of the component Media Element Handler. The manipulation with an unknown input leads to a cross site scripting...
Auteur: VulDB

Dancer::Plugin::SimpleCRUD up to 1.14 Access Control _ensure_auth privilege escalation

A vulnerability, which was classified as critical, was found in Dancer::Plugin::SimpleCRUD up to 1.14. This affects the function _ensure_auth of the component Access Control. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

Pallets Flask up to 0.x JSON Data denial of service

A vulnerability, which was classified as problematic, has been found in Pallets Flask up to 0.x. Affected by this issue is an unknown functionality. The manipulation as part of a JSON Data leads to a denial of service vulnerability. Using CWE to...
Auteur: VulDB

Quake3e prior 5ed740d Argument Code Execution memory corruption

A vulnerability classified as critical has been found in Quake3e. Affected is some unknown processing. The manipulation as part of a Argument leads to a memory corruption vulnerability (Code Execution). CWE is classifying the issue as CWE-119....
Auteur: VulDB

IBM QRadar SIEM 7.2/7.3 information disclosure [CVE-2018-2022]

A vulnerability was found in IBM QRadar SIEM 7.2/7.3 (Log Management Software). It has been rated as problematic. This issue affects an unknown code block. The manipulation with an unknown input leads to a information disclosure vulnerability....
Auteur: VulDB

IBM QRadar SIEM 7.2/7.3 Web UI cross site scripting

A vulnerability was found in IBM QRadar SIEM 7.2/7.3 (Log Management Software). It has been declared as problematic. This vulnerability affects an unknown code of the component Web UI. The manipulation with an unknown input leads to a cross site...
Auteur: VulDB

Hyland Perceptive Content Server up to 7.1.4 ImageNow Server Service TCP Connection Crash denial of service

A vulnerability was found in Hyland Perceptive Content Server up to 7.1.4. It has been classified as problematic. This affects an unknown part of the component ImageNow Server Service. The manipulation as part of a TCP Connection leads to a...
Auteur: VulDB

IBM Campaign 9.1.0/9.1.2/10.1/11.0 Web UI cross site scripting

A vulnerability was found in IBM Campaign 9.1.0/9.1.2/10.1/11.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Web UI. The manipulation with an unknown input leads to a cross site scripting...
Auteur: VulDB

Solarwinds Network Performance Monitor 12.3 GetActiveAlerts TriggeringObjectEntityNames sql injection

A vulnerability has been found in Solarwinds Network Performance Monitor 12.3 (Network Management Software) and classified as critical. Affected by this vulnerability is an unknown functionality of the file...
Auteur: VulDB

Drupal Releases Security Update

Original release date: July 17, 2019Drupal has released a security update to address a vulnerability in Drupal Core. An attacker could exploit this vulnerability to take control of an affected website. The Cybersecurity and Infrastructure...
Auteur: US Cert

Cisco Releases Security Updates for Multiple Products

Original release date: July 17, 2019Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity...
Auteur: US Cert

VU#790507: Oracle Solaris vulnerable to arbitrary code execution via /proc/self

The process file system(/proc)in Oracle Solaris 11 and Solaris 10 provides a self/alias that refers to the current executing process's PID subdirectory with state information about the process. Protection mechanisms for/proc in Solaris 11/10 did...
Auteur: US Cert

CERTFR-2019-AVI-344 : Vulnérabilité dans Microsoft PowerShell Core (17 juillet 2019)

Une vulnérabilité a été découverte dans Microsoft PowerShell Core. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Auteur: Cert FR

CERTFR-2019-AVI-343 : Multiples vulnérabilités dans Oracle Virtualization (17 juillet 2019)

De multiples vulnérabilités ont été découvertes dans Oracle Virtualization. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité...
Auteur: Cert FR
12345678910Last

Événements SSI

BLACK HAT

Événement majeur mondial sur la sécurité de l'information la conférence Black Hat USA a lieu du 3 au 8 août 2019 à Las Vegas (Mandalay Bay). Organisé par UBM.


Présentation par l'organisateur

Now in its 22nd year, Black Hat USA is the world's leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2019 opens with four days of technical Trainings (August 3-6) followed by the two-day main conference (August 7-8) featuring Briefings, Arsenal, Business Hall, and more.

 Plus d'infos sur le site dédié à l'événement.

LES ASSISES

Grand rendez-vous annuel des RSSI, les Assises de la sécurité des systèmes d'information se tiennent à Monaco (Grimaldi Forum) du 9 au 12 octobre 2019. Organisées par DG Consultants.

Présentation par l'organisateur



Retour sur Les Assises 2018

La 18ème édition des Assises de la Sécurité à Monaco, c’est terminé ! Encore merci aux 2800 participants dont les 160 partenaires qui pendant trois jours se sont retrouvés pour faire vivre cet événement unique en France. Conférences, one-to-one, tables-rondes, ateliers, moments de networking… Par leur contenu, par la qualité des visiteurs et par la richesse des échanges, les Assises se positionnent plus que jamais comme le rendez-vous incontournable de tous les professionnels de la cybersécurité. A l’image du marché qui ne cesse d’évoluer, les Assises savent adapter leur offre afin de répondre au mieux aux attentes du secteur. Ainsi cette édition a-t-elle voulu mettre en avant les grands enjeux du moment en multipliant les prises de parole, les démonstrations et les retours d’expérience.

Rendez-vous maintenant pour la prochaine édition qui aura lieu du 9 au 12 octobre 2019

Plus d'informations sur le site dédié à l'événement.

RSS