jeudi 20 juin 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Linux Kernel 2.6.x lib/idr.c idr_remove_all() memory corruption

A vulnerability was found in Linux Kernel 2.6.x (Operating System). It has been rated as critical. This issue affects the function idr_remove_all() in the library lib/idr.c. The manipulation with an unknown input leads to a memory corruption...
Auteur: VulDB

Samba 4.10.0/4.10.1/4.10.2/4.10.3/4.10.4 AD DC LDAP Server NULL Pointer Dereference denial of service

A vulnerability was found in Samba 4.10.0/4.10.1/4.10.2/4.10.3/4.10.4 (File Transfer Software). It has been declared as problematic. This vulnerability affects an unknown function of the component AD DC LDAP Server. The manipulation with an...
Auteur: VulDB

Samba up to 4.10.4 AD DC DNS Management Server NULL Pointer Dereference denial of service

A vulnerability was found in Samba up to 4.10.4 (File Transfer Software). It has been classified as problematic. This affects some unknown processing of the component AD DC DNS Management Server. The manipulation with an unknown input leads to a...
Auteur: VulDB

Linux Kernel up to 4.4.181/4.9.181/4.14.126/4.19.51/5.1.10 MSS TCP Fragment denial of service

A vulnerability was found in Linux Kernel up to 4.4.181/4.9.181/4.14.126/4.19.51/5.1.10 (Operating System) and classified as problematic. Affected by this issue is an unknown code block of the component MSS. The manipulation as part of a TCP...
Auteur: VulDB

Linux Kernel up to 4.4.181/4.9.181/4.14.126/4.19.51/5.1.10 TCP Retransmission Queue denial of service

A vulnerability has been found in Linux Kernel up to 4.4.181/4.9.181/4.14.126/4.19.51/5.1.10 (Operating System) and classified as problematic. Affected by this vulnerability is an unknown code of the component TCP Retransmission Queue Handler....
Auteur: VulDB

Cloud Foundry BOSH up to 267.13.x/270.1.0 BOSH Director Credentials information disclosure

A vulnerability, which was classified as problematic, was found in Cloud Foundry BOSH up to 267.13.x/270.1.0 (Cloud Software). Affected is an unknown part of the component BOSH Director. The manipulation with an unknown input leads to a...
Auteur: VulDB

GD up to 7.1.29/7.2.18/7.3.5 EXIF Extension exif_read_data() memory corruption

A vulnerability, which was classified as problematic, has been found in GD up to 7.1.29/7.2.18/7.3.5. This issue affects the function exif_read_data() of the component EXIF Extension. The manipulation with an unknown input leads to a memory...
Auteur: VulDB

GD up to 7.1.29/7.2.18/7.3.5 MIME Header iconv_mime_decode_headers() memory corruption

A vulnerability classified as critical was found in GD up to 7.1.29/7.2.18/7.3.5. This vulnerability affects the function iconv_mime_decode_headers() of the component MIME Header Handler. The manipulation with an unknown input leads to a memory...
Auteur: VulDB

GD up to 7.1.29/7.2.17/7.3.5 gdImageCreateFromXbm() memory corruption

A vulnerability classified as critical has been found in GD up to 7.1.29/7.2.17/7.3.5. This affects the function gdImageCreateFromXbm(). The manipulation with an unknown input leads to a memory corruption vulnerability (Uninitialized Memory)....
Auteur: VulDB

Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting

A vulnerability was found in Apache Allura up to 1.10.x. It has been rated as problematic. Affected by this issue is some unknown processing of the component Dropdown Selector Handler. The manipulation with an unknown input leads to a cross site...
Auteur: VulDB

Oracle Releases Security Advisory for WebLogic

Original release date: June 19, 2019 Oracle has released a security alert to address a vulnerability in WebLogic. A remote attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in...
Auteur: US Cert

CERTFR-2019-AVI-282 : Multiples vulnérabilités dans Samba (19 juin 2019)

De multiples vulnérabilités ont été découvertes dans Samba. Elles permettent à un attaquant de provoquer un déni de service.

Auteur: Cert FR

Samba Releases Security Updates

Original release date: June 19, 2019 The Samba Team has released security updates to address vulnerabilities in Samba 4.9 and all versions of Samba from 4.10 onward. An attacker could exploit these vulnerabilities to cause a...
Auteur: US Cert

Intel CPU MDSUM Side-Channel information disclosure

A vulnerability was found in Intel CPU (affected version unknown). It has been declared as critical. Affected by this vulnerability is an unknown code block of the component MDSUM. The manipulation with an unknown input leads to a information...
Auteur: VulDB

Intel CPU MFBDS Side-Channel information disclosure

A vulnerability was found in Intel CPU (version unknown). It has been classified as critical. Affected is an unknown code of the component MFBDS. The manipulation with an unknown input leads to a information disclosure vulnerability...
Auteur: VulDB

Intel CPU MLPDS Side-Channel information disclosure

A vulnerability was found in Intel CPU (unknown version) and classified as critical. This issue affects an unknown part of the component MLPDS. The manipulation with an unknown input leads to a information disclosure vulnerability...
Auteur: VulDB

Intel CPU MSBDS Side-Channel information disclosure

A vulnerability has been found in Intel CPU (the affected version is unknown) and classified as critical. This vulnerability affects some unknown functionality of the component MSBDS. The manipulation with an unknown input leads to a information...
Auteur: VulDB

CERTFR-2019-AVI-281 : Multiples vulnérabilités dans le noyau Linux de SUSE (19 juin 2019)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, un déni de service à distance et une élévation de...
Auteur: Cert FR

CERTFR-2019-AVI-280 : Vulnérabilité dans Mozilla Firefox (19 juin 2019)

Une vulnérabilité a été découverte dans Mozilla Firefox. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.

Auteur: Cert FR

Mozilla Firefox up to 67.0.2 Array.pop denial of service

A vulnerability, which was classified as problematic, was found in Mozilla Firefox up to 67.0.2 (Web Browser). This affects the function Array.pop. The manipulation with an unknown input leads to a denial of service vulnerability (Type...
Auteur: VulDB

Advantech WebAccess/SCADA 8.4.0 RPC Call Stack-based memory corruption

A vulnerability, which was classified as critical, has been found in Advantech WebAccess and SCADA 8.4.0 (SCADA Software). Affected by this issue is an unknown function. The manipulation as part of a RPC Call leads to a memory corruption...
Auteur: VulDB

Linux Kernel 4.15.0 on Ubuntu i915_gem_userptr.c i915_gem_userptr_get_pages IOCTL Call denial of service

A vulnerability classified as problematic was found in Linux Kernel 4.15.0 on Ubuntu (Operating System). Affected by this vulnerability is the function i915_gem_userptr_get_pages of the file drivers/gpu/drm/i915/i915_gem_userptr.c. The...
Auteur: VulDB

Alpine abuild up to 3.4.0 Signing Key privilege escalation

A vulnerability classified as critical has been found in Alpine abuild up to 3.4.0. Affected is an unknown code block of the component Signing Key Handler. The manipulation with an unknown input leads to a privilege escalation vulnerability. CWE...
Auteur: VulDB

VideoLAN VLC Media Player up to 3.0.7 MKV util.cpp memory corruption

A vulnerability was found in VideoLAN VLC Media Player up to 3.0.7 (Multimedia Player Software). It has been rated as critical. This issue affects an unknown code in the library zlib_decompress_extra of the file modules/demux/mkv/util.cpp of the...
Auteur: VulDB

Evernote Web Clipper Extension up to 7.11.0 on Chrome Universal cross site scripting

A vulnerability was found in Evernote Web Clipper Extension up to 7.11.0 on Chrome. It has been declared as problematic. This vulnerability affects an unknown part. The manipulation with an unknown input leads to a cross site scripting...
Auteur: VulDB
12345678910Last

Événements SSI

HACK IN PARIS

Pour sa 9ème édition la conférence Hack In Paris sur la sécurité IT se tient du 16 au 20 juin 2019 à Paris, Maison de la Chimie. Organisée par Sysdream.

LES ASSISES

Grand rendez-vous annuel des RSSI, les Assises de la sécurité des systèmes d'information se tiennent à Monaco (Grimaldi Forum) du 9 au 12 octobre 2019. Organisées par DG Consultants.

Présentation par l'organisateur



Retour sur Les Assises 2018

La 18ème édition des Assises de la Sécurité à Monaco, c’est terminé ! Encore merci aux 2800 participants dont les 160 partenaires qui pendant trois jours se sont retrouvés pour faire vivre cet événement unique en France. Conférences, one-to-one, tables-rondes, ateliers, moments de networking… Par leur contenu, par la qualité des visiteurs et par la richesse des échanges, les Assises se positionnent plus que jamais comme le rendez-vous incontournable de tous les professionnels de la cybersécurité. A l’image du marché qui ne cesse d’évoluer, les Assises savent adapter leur offre afin de répondre au mieux aux attentes du secteur. Ainsi cette édition a-t-elle voulu mettre en avant les grands enjeux du moment en multipliant les prises de parole, les démonstrations et les retours d’expérience.

Rendez-vous maintenant pour la prochaine édition qui aura lieu du 9 au 12 octobre 2019

Plus d'informations sur le site dédié à l'événement.

RSS