mardi 16 juillet 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Docker Plugin up to 1.1.6 on Jenkins Permission Check DockerAPI.DescriptorImpl#doTestConnection privilege escalation

A vulnerability classified as critical was found in Docker Plugin up to 1.1.6 on Jenkins. This vulnerability affects some unknown processing of the file DockerAPI.DescriptorImpl#doTestConnection of the component Permission Check. The manipulation...
Auteur: VulDB

Docker Plugin up to 1.1.6 on Jenkins DockerAPI.DescriptorImpl#doTestConnection cross site request forgery

A vulnerability classified as problematic has been found in Docker Plugin up to 1.1.6 on Jenkins (Virtualization Software). This affects an unknown code block of the file DockerAPI.DescriptorImpl#doTestConnection. The manipulation with an...
Auteur: VulDB

Leanote up to 2.5 cross site scripting [CVE-2019-1010003]

A vulnerability was found in Leanote up to 2.5. It has been rated as problematic. Affected by this issue is an unknown code. The manipulation with an unknown input leads to a cross site scripting vulnerability. Using CWE to declare the problem...
Auteur: VulDB

Cloudera Manager up to 5.15 Access Control privilege escalation

A vulnerability was found in Cloudera Manager up to 5.15 (Cloud Software). It has been declared as critical. Affected by this vulnerability is an unknown part of the component Access Control. The manipulation with an unknown input leads to a...
Auteur: VulDB

EdgeMAX EdgeSwitch up to 1.8.1 command injection [CVE-2019-5446]

A vulnerability was found in EdgeMAX EdgeSwitch up to 1.8.1. It has been classified as critical. Affected is some unknown functionality. The manipulation with an unknown input leads to a privilege escalation vulnerability (Command Injection)....
Auteur: VulDB

EdgeMAX EdgeSwitch up to 1.8.1 SSH CLI Interface Crash denial of service

A vulnerability was found in EdgeMAX EdgeSwitch up to 1.8.1 and classified as problematic. This issue affects an unknown functionality of the component SSH CLI Interface. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

serve-here.js Module 1.1.3 on npm directory traversal [CVE-2019-5444]

A vulnerability has been found in serve-here.js Module 1.1.3 on npm (JavaScript Library) and classified as problematic. This vulnerability affects an unknown function. The manipulation with an unknown input leads to a directory traversal...
Auteur: VulDB

Huawei Mate 20 X Huawei Share directory traversal [CVE-2019-5221]

A vulnerability, which was classified as critical, was found in Huawei Mate 20 X (Smartphone Operating System) (the affected version unknown). This affects some unknown processing of the component Huawei Share. The manipulation with an unknown...
Auteur: VulDB

Huawei Mate 20 X/Mate 20/Honor Magic 2 up to 9.0.0. Factory Reset Protection privilege escalation

A vulnerability, which was classified as critical, has been found in Huawei Mate 20 X, Mate 20 and Honor Magic 2 up to 9.0.0. (Smartphone Operating System). Affected by this issue is an unknown code block of the component Factory Reset...
Auteur: VulDB

Cisco ASA/Firepower Threat Defense Cryptographic Driver SSL Packet denial of service

A vulnerability classified as problematic was found in Cisco ASA and Firepower Threat Defense (Firewall Software) (affected version unknown). Affected by this vulnerability is an unknown code of the component Cryptographic Driver. The...
Auteur: VulDB

Exiv2 up to 0.27.2 mrwimage.cpp readMetadata memory corruption

A vulnerability classified as critical has been found in Exiv2 up to 0.27.2 (Image Processing Software). Affected is the function Exiv2::MrwImage::readMetadata of the file mrwimage.cpp. The manipulation with an unknown input leads to a memory...
Auteur: VulDB

Mongoose 6.15 mongoose.c mq_parse_http memory corruption

A vulnerability was found in Mongoose 6.15. It has been rated as critical. This issue affects the function mq_parse_http of the file mongoose.c. The manipulation with an unknown input leads to a memory corruption vulnerability (Heap-based)....
Auteur: VulDB

Trape up to 2019-05-08 core/db.py data[2] sql injection

A vulnerability was found in Trape up to 2019-05-08. It has been declared as critical. This vulnerability affects an unknown functionality of the file core/db.py. The manipulation of the argument data[2] as part of a Parameter leads to a sql...
Auteur: VulDB

Trape up to 2019-05-08 static/js/trape.js prepend() country/query/refer cross site scripting

A vulnerability was found in Trape up to 2019-05-08. It has been classified as problematic. This affects the function prepend() of the file static/js/trape.js. The manipulation of the argument country/query/refer as part of a Parameter leads to...
Auteur: VulDB

D-Link DIR-818LW 2.06betab01 HNAP1 Type command injection

A vulnerability was found in D-Link DIR-818LW 2.06betab01 (Router Operating System) and classified as critical. Affected by this issue is some unknown processing of the component HNAP1. The manipulation of the argument Type as part of a Shell...
Auteur: VulDB

D-Link DIR-818LW 2.06betab01 HNAP1 MTU command injection

A vulnerability has been found in D-Link DIR-818LW 2.06betab01 (Router Operating System) and classified as critical. Affected by this vulnerability is an unknown code block of the component HNAP1. The manipulation of the argument MTU as part of...
Auteur: VulDB

FlightPath 4.x/5.0-x index.php POST Request directory traversal

A vulnerability, which was classified as critical, was found in FlightPath 4.x/5.0-x. Affected is an unknown code of the file index.php?q=system-handle-form-submit. The manipulation as part of a POST Request leads to a directory traversal...
Auteur: VulDB

TRENDnet TEW-827DRU 2.04B03 Setup Wizard Stack-based memory corruption

A vulnerability classified as critical was found in TRENDnet TEW-827DRU 2.04B03. This vulnerability affects some unknown functionality of the component Setup Wizard. The manipulation with an unknown input leads to a memory corruption...
Auteur: VulDB

TRENDnet TEW-827DRU 2.04B03 Setup Wizard command injection

A vulnerability classified as critical has been found in TRENDnet TEW-827DRU 2.04B03. This affects an unknown functionality of the component Setup Wizard. The manipulation with an unknown input leads to a privilege escalation vulnerability...
Auteur: VulDB

TRENDnet TEW-827DRU 2.04B03 ssi Query String Stack-based memory corruption

A vulnerability was found in TRENDnet TEW-827DRU 2.04B03. It has been rated as critical. Affected by this issue is an unknown function of the component ssi. The manipulation as part of a Query String leads to a memory corruption vulnerability...
Auteur: VulDB

GLPI up to 9.4.0 Password Reset privilege escalation

A vulnerability was found in GLPI up to 9.4.0 (Asset Management Software). It has been declared as critical. Affected by this vulnerability is some unknown processing of the component Password Reset. The manipulation with an unknown input leads...
Auteur: VulDB

Oniguruma 6.9.2 regexec.c match_at() Regular Expression denial of service

A vulnerability was found in Oniguruma 6.9.2. It has been classified as problematic. Affected is the function match_at() of the file regexec.c. The manipulation as part of a Regular Expression leads to a denial of service vulnerability (NULL...
Auteur: VulDB

Oniguruma 6.9.2 regext.c onig_new_deluxe() Regular Expression memory corruption

A vulnerability was found in Oniguruma 6.9.2 and classified as critical. This issue affects the function onig_new_deluxe() of the file regext.c. The manipulation as part of a Regular Expression leads to a memory corruption vulnerability...
Auteur: VulDB

ZeroMQ libzmq up to 4.0.8/4.1.6/4.2.x/4.3.1 authentication memory corruption

A vulnerability has been found in ZeroMQ libzmq up to 4.0.8/4.1.6/4.2.x/4.3.1 and classified as critical. This vulnerability affects an unknown part of the file encryption/authentication. The manipulation with an unknown input leads to a memory...
Auteur: VulDB

Patchwork up to 2.0.3/2.1.3 Patch Detail Page templatetags/patch.py msgid cross site scripting

A vulnerability, which was classified as problematic, was found in Patchwork up to 2.0.3/2.1.3. This affects the function msgid of the file templatetags/patch.py of the component Patch Detail Page. The manipulation with an unknown input leads to...
Auteur: VulDB
12345678910Last

Événements SSI

BLACK HAT

Événement majeur mondial sur la sécurité de l'information la conférence Black Hat USA a lieu du 3 au 8 août 2019 à Las Vegas (Mandalay Bay). Organisé par UBM.


Présentation par l'organisateur

Now in its 22nd year, Black Hat USA is the world's leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2019 opens with four days of technical Trainings (August 3-6) followed by the two-day main conference (August 7-8) featuring Briefings, Arsenal, Business Hall, and more.

 Plus d'infos sur le site dédié à l'événement.

LES ASSISES

Grand rendez-vous annuel des RSSI, les Assises de la sécurité des systèmes d'information se tiennent à Monaco (Grimaldi Forum) du 9 au 12 octobre 2019. Organisées par DG Consultants.

Présentation par l'organisateur



Retour sur Les Assises 2018

La 18ème édition des Assises de la Sécurité à Monaco, c’est terminé ! Encore merci aux 2800 participants dont les 160 partenaires qui pendant trois jours se sont retrouvés pour faire vivre cet événement unique en France. Conférences, one-to-one, tables-rondes, ateliers, moments de networking… Par leur contenu, par la qualité des visiteurs et par la richesse des échanges, les Assises se positionnent plus que jamais comme le rendez-vous incontournable de tous les professionnels de la cybersécurité. A l’image du marché qui ne cesse d’évoluer, les Assises savent adapter leur offre afin de répondre au mieux aux attentes du secteur. Ainsi cette édition a-t-elle voulu mettre en avant les grands enjeux du moment en multipliant les prises de parole, les démonstrations et les retours d’expérience.

Rendez-vous maintenant pour la prochaine édition qui aura lieu du 9 au 12 octobre 2019

Plus d'informations sur le site dédié à l'événement.

RSS