mardi 11 décembre 2018    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Google Android 9.0 bta_ag_sdp.cc bta_ag_do_disc Parameter memory corruption

A vulnerability was found in Google Android 9.0. It has been classified as critical. This affects the function bta_ag_do_disc of the file bta_ag_sdp.cc. The manipulation as part of a Parameter leads to a memory corruption vulnerability...
Auteur: VulDB

Google Android 9.0 Bluetooth Service hidd_api.cc HID_DevAddRecord memory corruption

A vulnerability was found in Google Android 9.0 and classified as critical. Affected by this issue is the function HID_DevAddRecord of the file hidd_api.cc of the component Bluetooth Service. The manipulation with an unknown input leads to a...
Auteur: VulDB

Google Android 7.0/7.1.1/7.1.2/8.0/8.1 cryptfs.cpp persist_set_key memory corruption

A vulnerability has been found in Google Android 7.0/7.1.1/7.1.2/8.0/8.1 and classified as critical. Affected by this vulnerability is the function persist_set_key of the file cryptfs.cpp. The manipulation with an unknown input leads to a memory...
Auteur: VulDB

Google Android up to 9.0 rw_t2t_ndef.cc rw_t2t_handle_tlv_detect memory corruption

A vulnerability, which was classified as critical, was found in Google Android up to 9.0. Affected is the function rw_t2t_handle_tlv_detect of the file rw_t2t_ndef.cc. The manipulation with an unknown input leads to a memory corruption...
Auteur: VulDB

Google Android 7.0/7.1.1/7.1.2 install.cpp really_install_package memory corruption

A vulnerability, which was classified as critical, has been found in Google Android 7.0/7.1.1/7.1.2. This issue affects the function really_install_package of the file install.cpp. The manipulation with an unknown input leads to a memory...
Auteur: VulDB

Google Android 9.0 payload_metadata.cc ParsePayloadHeader memory corruption

A vulnerability classified as critical was found in Google Android 9.0. This vulnerability affects the function ParsePayloadHeader of the file payload_metadata.cc. The manipulation with an unknown input leads to a memory corruption vulnerability...
Auteur: VulDB

Analyse d’impact : la version 2.0 de l’outil PIA est disponible

Un an après sa sortie, l’outil PIA de la CNIL s’enrichit d’une  nouvelle fonctionnalité permettant notamment de créer des modèles d’analyse. Chaque utilisateur pourra également s’appuyer sur un wiki pour concevoir son analyse d’impact (AIPD).
Auteur: Cnil

CERTFR-2018-AVI-585 : Multiples vulnérabilités dans Google Chrome (05 décembre 2018)

De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et un contournement de la politique de sécurité.

Auteur: Cert FR

CERTFR-2018-AVI-584 : Multiples vulnérabilités dans IBM QRadar SIEM (05 décembre 2018)

De multiples vulnérabilités ont été découvertes dans IBM QRadar SIEM. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et un contournement de la...
Auteur: Cert FR

Hashicorp Vault up to 0.x Server Log privilege escalation

A vulnerability was found in Hashicorp Vault up to 0.x. It has been classified as critical. Affected is an unknown function of the component Server Log. The manipulation with an unknown input leads to a privilege escalation vulnerability. CWE is...
Auteur: VulDB

Adiscon LogAnalyzer up to 4.1.6 Login Button Referer Field login.php cross site scripting

A vulnerability was found in Adiscon LogAnalyzer up to 4.1.6. It has been declared as problematic. This vulnerability affects an unknown function of the file login.php of the component Login Button Referer Field. The manipulation with an unknown...
Auteur: VulDB

Cairo 1.16.0 cairo-ft-font.c cairo_ft_apply_variations() denial of service

A vulnerability was found in Cairo 1.16.0. It has been classified as problematic. This affects the function cairo_ft_apply_variations() of the file cairo-ft-font.c. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

Qt up to 5.7.x/5.8.x/5.9.x/5.10.x/5.11.2 Virtual Keyboard information disclosure

A vulnerability was found in Qt up to 5.7.x/5.8.x/5.9.x/5.10.x/5.11.2 and classified as problematic. Affected by this issue is an unknown function of the component Virtual Keyboard. The manipulation with an unknown input leads to a information...
Auteur: VulDB

OpenRefine up to 3.4 ZIP Archive directory traversal

A vulnerability, which was classified as critical, was found in OpenRefine up to 3.4. Affected is an unknown function. The manipulation as part of a ZIP Archive leads to a directory traversal vulnerability. CWE is classifying the issue as...
Auteur: VulDB

VideoLAN VLC Media Player 3.0.4 CAF Demuxer modules/demux/caf.c ReadKukiChunk() Return Value privilege escalation

A vulnerability, which was classified as critical, has been found in VideoLAN VLC Media Player 3.0.4. This issue affects the function ReadKukiChunk() of the file modules/demux/caf.c of the component CAF Demuxer. The manipulation as part of a...
Auteur: VulDB

Tarantella Enterprise up to 3.10 Access Control Bypass privilege escalation

A vulnerability classified as critical was found in Tarantella Enterprise up to 3.10. This vulnerability affects an unknown function of the component Access Control. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

Tarantella Enterprise up to 3.10 directory traversal [CVE-2018-19753]

A vulnerability classified as critical has been found in Tarantella Enterprise up to 3.10. This affects an unknown function. The manipulation with an unknown input leads to a directory traversal vulnerability. CWE is classifying the issue as...
Auteur: VulDB

Antiy AVL ATool Security Management 1.0.0.22 Kernel Driver IRPFile.sys memory corruption

A vulnerability was found in Antiy AVL ATool Security Management 1.0.0.22. It has been rated as problematic. Affected by this issue is an unknown function in the library IRPFile.sys of the component Kernel Driver. The manipulation with an...
Auteur: VulDB

IBM QRadar SIEM 1.14.0 information disclosure [CVE-2018-1732]

A vulnerability was found in IBM QRadar SIEM 1.14.0 and classified as problematic. This issue affects an unknown function. The manipulation with an unknown input leads to a information disclosure vulnerability. Using CWE to declare the problem...
Auteur: VulDB

IBM QRadar SIEM 7.2/7.3 Web UI cross site scripting

A vulnerability, which was classified as problematic, was found in IBM QRadar SIEM 7.2/7.3. This affects an unknown function of the component Web UI. The manipulation with an unknown input leads to a cross site scripting vulnerability. CWE is...
Auteur: VulDB

Solarwinds SFTP SCP Server up to 2018-09-10 Configuration File XML External Entity

A vulnerability classified as critical was found in Solarwinds SFTP SCP Server up to 2018-09-10. Affected by this vulnerability is an unknown function of the component Configuration File Handler. The manipulation with an unknown input leads to a...
Auteur: VulDB

Solarwinds SFTP SCP Server up to 2018-09-10 Configuration File Password information disclosure

A vulnerability classified as problematic has been found in Solarwinds SFTP SCP Server up to 2018-09-10. Affected is an unknown function of the component Configuration File Handler. The manipulation with an unknown input leads to a information...
Auteur: VulDB

IBM QRadar SIEM 7.2/7.3 Default Credentials weak authentication

A vulnerability was found in IBM QRadar SIEM 7.2/7.3. It has been rated as critical. This issue affects an unknown function. The manipulation with an unknown input leads to a weak authentication vulnerability (Default Credentials). Using CWE to...
Auteur: VulDB

IBM QRadar SIEM 7.2/7.3 weak encryption [CVE-2018-1648]

A vulnerability was found in IBM QRadar SIEM 7.2/7.3. It has been declared as critical. This vulnerability affects an unknown function. The manipulation with an unknown input leads to a weak encryption vulnerability. The CWE definition for the...
Auteur: VulDB

Dell Encryption up to 10.1.0 Folder Access information disclosure

A vulnerability was found in Dell Encryption up to 10.1.0 and classified as problematic. Affected by this issue is an unknown function of the component Folder Access. The manipulation with an unknown input leads to a information disclosure...
Auteur: VulDB
First3456789101112Last

Événements SSI

FIC

Le 11ème Forum International de la Cybersécurité occupe les 22 et 23 janvier 2019 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RENCONTRES AMRAE

Les 27èmes Rencontres de l'AMRAE (Association française des professionnels de la gestion des risques et des assurances) , le congrès annuel de référence des métiers du risque et des assurances, ont lieu du 6 au 8 février 2019 à Deauville (Centre International) sur le thème : "Le risque au coeur de la transformation". Organisées par l'AMRAE.

ACCESSECURITY

AccesSecurity, salon euro-méditerranéen de la sécurité globale, se tient à Marseille (Chanot) les 6 et 7 mars 2019. Organisé par Safim.

IT & IT SECURITY MEETINGS

IT & IT Security Meetings, «salon des réseaux, du cloud, de la mobilité et de la sécurité informatique», se tient à Cannes, Palais des Festivals et des Congrès du 19 au 21 mars 2019. Organisé par Weyou Group.

RSS