lundi 22 octobre 2018    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Leanote 2.6.1 Blog Basic Setting Title cross site scripting

A vulnerability was found in Leanote 2.6.1. It has been classified as problematic. This affects an unknown function of the component Blog Basic Setting Title. The manipulation with an unknown input leads to a cross site scripting vulnerability....
Auteur: VulDB

ThinkPHP 3.2.4 Driver.class.php parseOrder key sql injection

A vulnerability has been found in ThinkPHP 3.2.4 and classified as critical. Affected by this vulnerability is the function parseOrder of the file Library/Think/Db/Driver.class.php. The manipulation of the argument key as part of a Parameter...
Auteur: VulDB

Fiyo CMS 2.0.7 edit_user.php name cross site scripting

A vulnerability, which was classified as problematic, was found in Fiyo CMS 2.0.7. Affected is an unknown function of the file dapur\apps\app_user\edit_user.php. The manipulation of the argument name as part of a Parameter leads to a cross site...
Auteur: VulDB

ImageMagick 7.0.8-13 Q16 coders/msl.c WriteMSLImage denial of service

A vulnerability, which was classified as problematic, has been found in ImageMagick 7.0.8-13 Q16. This issue affects the function WriteMSLImage of the file coders/msl.c. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

ServersCheck Monitoring Software up to 14.3.3 sql injection [CVE-2018-18550]

A vulnerability was found in ServersCheck Monitoring Software up to 14.3.3 and classified as critical. Affected by this issue is an unknown function. The manipulation with an unknown input leads to a sql injection vulnerability. Using CWE to...
Auteur: VulDB

NCSC Releases 2018 Annual Review

Original release date: October 19, 2018 The United Kingdom's (UK) National Cyber Security Centre (NCSC) has released its Annual Review for 2018, which provides a snapshot of their work from September 1, 2017, to August 31, 2018. NCSC...
Auteur: US Cert

TeaKKi 2.7 Picture URL onerror cross site scripting

A vulnerability classified as problematic has been found in TeaKKi 2.7. This affects an unknown function of the component Picture URL Handler. The manipulation of the argument onerror as part of a Attribute leads to a cross site scripting...
Auteur: VulDB

Teeworlds up to 0.6.4 Connection Packet spoofing

A vulnerability classified as critical was found in Teeworlds up to 0.6.4. This vulnerability affects an unknown function of the component Connection Packet Handler. The manipulation with an unknown input leads to a spoofing vulnerability. The...
Auteur: VulDB

libssh Releases Security Updates

Original release date: October 19, 2018 libssh has released security updates addressing a vulnerability affecting libssh versions 0.6 and above. A remote attacker could exploit this vulnerability to take control of an affected system.NCCIC...
Auteur: US Cert

Microsoft Releases Security Update for Yammer

Original release date: October 19, 2018 Microsoft has released a security update to address a vulnerability in the Yammer desktop application. A remote attacker could exploit this vulnerability to take control of an affected system.NCCIC...
Auteur: US Cert

Multiple Vulnerabilities in Oracle Products (CERT-EU Security Advisory 2018-027)

On 16th of October 2018, Oracle released a critical patch bundle that addresses several security vulnerabilities. The patch contains 301 new fixes since the last patch. The addressed vulnerabilities affect many Oracle products including among...
Auteur: Cert EU

CERTFR-2018-AVI-505 : Multiples vulnérabilités dans le noyau Linux de SUSE (19 octobre 2018)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE . Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire et un déni de...
Auteur: Cert FR

CERTFR-2018-AVI-504 : Vulnérabilité dans Aruba BLE Radio (19 octobre 2018)

Une vulnérabilité a été découverte dans Aruba BLE Radio. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Auteur: Cert FR

CERTFR-2018-AVI-503 : Vulnérabilité dans Blueimp jQuery-File-Upload (19 octobre 2018)

Une vulnérabilité a été découverte dans Blueimp jQuery-File-Upload. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de sécurité.

Auteur: Cert FR

Drupal Releases Security Updates

Original release date: October 18, 2018 Drupal has released security updates addressing multiple vulnerabilities in Drupal 7.x and 8.x. A remote attacker could exploit some of these vulnerabilities to take control of an affected...
Auteur: US Cert

Splunk Enterprise 6.6.x splunk-launch.conf privilege escalation

A vulnerability was found in Splunk Enterprise 6.6.x and classified as critical. This issue affects an unknown function of the file $SPLUNK_HOME/etc/splunk-launch.conf. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B authLevel privilege escalation

A vulnerability was found in SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B. It has been classified as critical. Affected is an unknown function. The manipulation of the argument authLevel with the input value 255 leads to a privilege...
Auteur: VulDB

LIVE555 RTSP Server 0.92 HTTP Packet Parser Crafted Packet Stack-based memory corruption

A vulnerability was found in LIVE555 RTSP Server 0.92. It has been rated as critical. Affected by this issue is an unknown function of the component HTTP Packet Parser. The manipulation as part of a Crafted Packet leads to a memory corruption...
Auteur: VulDB

kaptcha 2.3.2 Captcha DefaultTextCreator.java Random weak authentication

A vulnerability was found in kaptcha 2.3.2. It has been declared as critical. Affected by this vulnerability is the function Random of the file text/impl/DefaultTextCreator.java of the component Captcha. The manipulation with an unknown input...
Auteur: VulDB

ThinkPHP 5.1.25 Query.php aggregate count sql injection

A vulnerability was found in ThinkPHP 5.1.25. It has been classified as critical. Affected is the function aggregate of the file library/think/db/Query.php. The manipulation of the argument count as part of a Parameter leads to a sql injection...
Auteur: VulDB

ThinkPHP 3.2.4 Mysql.class.php parseKey key sql injection

A vulnerability was found in ThinkPHP 3.2.4 and classified as critical. This issue affects the function parseKey of the file Library/Think/Db/Driver/Mysql.class.php. The manipulation of the argument key as part of a Parameter leads to a sql...
Auteur: VulDB

OwnTicket 2018-05-23 showTicketId/editTicketStatusId sql injection

A vulnerability has been found in OwnTicket 2018-05-23 and classified as critical. This vulnerability affects an unknown function. The manipulation of the argument showTicketId/editTicketStatusId as part of a Parameter leads to a sql injection...
Auteur: VulDB

elfutils 0.174 ELF File arlib.c arlib_add_symbols() denial of service

A vulnerability, which was classified as problematic, was found in elfutils 0.174. This affects the function arlib_add_symbols() of the file arlib.c of the component ELF File Handler. The manipulation with an unknown input leads to a denial of...
Auteur: VulDB

elfutils up to 0.174 libelf size.c elf_end denial of service

A vulnerability, which was classified as problematic, has been found in elfutils up to 0.174. Affected by this issue is the function elf_end of the file size.c of the component libelf. The manipulation with an unknown input leads to a denial of...
Auteur: VulDB

QEMU IOReadHandler Integer Overflow memory corruption

A vulnerability classified as critical was found in QEMU (the affected version is unknown). Affected by this vulnerability is an unknown function of the component IOReadHandler. The manipulation with an unknown input leads to a memory corruption...
Auteur: VulDB
12345678910Last

Événements SSI

TRUSTECH

Cet événement international dédié aux "technologies de la confiance" qui intègre désormais le salon Cartes Secure Connexions (jusqu'en 2015 celui-ci se tenait à Paris Villepinte) est organisé à Cannes (palais des festivals) du 27 au 29 novembre 2018. Organisé par Comexposium.

 

FIC

Le 11ème Forum International de la Cybersécurité occupe les 22 et 23 janvier 2019 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RENCONTRES AMRAE

Les 27èmes Rencontres de l'AMRAE (Association française des professionnels de la gestion des risques et des assurances) , le congrès annuel de référence des métiers du risque et des assurances, ont lieu du 6 au 8 février 2019 à Deauville (Centre International) sur le thème : "Le risque au coeur de la transformation". Organisées par l'AMRAE.

ACCESSECURITY

AccesSecurity, salon euro-méditerranéen de la sécurité globale, se tient à Marseille (Chanot) les 6 et 7 mars 2019. Organisé par Safim.

IT & IT SECURITY MEETINGS

IT & IT Security Meetings, «salon des réseaux, du cloud, de la mobilité et de la sécurité informatique», se tient à Cannes, Palais des Festivals et des Congrès du 19 au 21 mars 2019. Organisé par Weyou Group.

RSS