mercredi 23 janvier 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Apple Releases Multiple Security Updates

Original release date: January 22, 2019 Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.The National...
Auteur: US Cert

Adobe Releases Security Updates

Original release date: January 22, 2019 Adobe has released security updates to address vulnerabilities in Adobe Experience Manager. An attacker could exploit these vulnerabilities to obtain sensitive information.The National Cybersecurity...
Auteur: US Cert

CERTFR-2019-ALE-001 : Vulnérabilité dans le gestionnaire de paquets APT (22 janvier 2019)

Le 22 janvier 2019, Debian a publié un avis de sécurité indiquant que leur gestionnaire de paquets était vulnérable à une injection de code. Par défaut, les mises à jour sont récupérées en HTTP. Toutefois des vérifications sont effectuées en...
Auteur: Cert FR

CERTFR-2019-AVI-030 : Vulnérabilité dans le gestionnaire de paquets APT (22 janvier 2019)

Une vulnérabilité a été découverte dans le gestionnaire de paquets APT . Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Auteur: Cert FR

Data Privacy Day

Original release date: January 22, 2019 January 28 is Data Privacy Day (DPD), an annual effort to promote data privacy awareness and education. This year’s DPD events, sponsored by the National Cyber Security Alliance (NCSA), focus around...
Auteur: US Cert

creditease-sec insight up to 2018-09-11 srcpm/app/admin/views.py user_delete cross site request forgery

A vulnerability, which was classified as problematic, has been found in creditease-sec insight up to 2018-09-11. Affected by this issue is the function user_delete of the file srcpm/app/admin/views.py. The manipulation with an unknown input...
Auteur: VulDB

creditease-sec insight up to 2018-09-11 srcpm/app/admin/views.py depart_delete cross site request forgery

A vulnerability classified as problematic was found in creditease-sec insight up to 2018-09-11. Affected by this vulnerability is the function depart_delete of the file srcpm/app/admin/views.py. The manipulation with an unknown input leads to a...
Auteur: VulDB

creditease-sec insight up to 2018-09-11 srcpm/app/admin/views.py role_perm_delete cross site request forgery

A vulnerability classified as problematic has been found in creditease-sec insight up to 2018-09-11. Affected is the function role_perm_delete of the file srcpm/app/admin/views.py. The manipulation with an unknown input leads to a cross site...
Auteur: VulDB

creditease-sec insight up to 2018-09-11 srcpm/app/admin/views.py login_user_delete cross site request forgery

A vulnerability was found in creditease-sec insight up to 2018-09-11. It has been rated as problematic. This issue affects the function login_user_delete of the file srcpm/app/admin/views.py. The manipulation with an unknown input leads to a...
Auteur: VulDB

Chatopera Cosin 3.10.0 Deserialization TemplateController.java toObject File privilege escalation

A vulnerability was found in Chatopera Cosin 3.10.0 (Web Browser). It has been declared as critical. This vulnerability affects the function toObject of the file TemplateController.java of the component Deserialization. The manipulation as part...
Auteur: VulDB

OpenSC 0.19.0 ctx.c sc_context_create denial of service

A vulnerability was found in OpenSC 0.19.0. It has been classified as problematic. This affects the function sc_context_create of the file ctx.c. The manipulation with an unknown input leads to a denial of service vulnerability (Memory Leak)....
Auteur: VulDB

Drupal up to 7.61/8.5.8/8.6.5 Phar Stream Wrapper Code Execution

A vulnerability was found in Drupal up to 7.61/8.5.8/8.6.5 (Content Management System) and classified as critical. Affected by this issue is a part of the component Phar Stream Wrapper. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

Drupal up to 7.61/8.5.8/8.6.5 PEAR Archive_Tar privilege escalation

A vulnerability has been found in Drupal up to 7.61/8.5.8/8.6.5 (Content Management System) and classified as critical. Affected by this vulnerability is a functionality of the component PEAR Archive_Tar. The manipulation with an unknown input...
Auteur: VulDB

Jenkins up to 2.158 Authentication AuthenticationProcessingFilter2.java privilege escalation

A vulnerability, which was classified as critical, was found in Jenkins up to 2.158 (Continuous Integration Software). Affected is a function of the file core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java of the component...
Auteur: VulDB

Jenkins up to 2.158 Authorization TokenBasedRememberMeServices2.java Cookie privilege escalation

A vulnerability, which was classified as critical, has been found in Jenkins up to 2.158 (Continuous Integration Software). This issue affects some functionality of the file core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java of...
Auteur: VulDB

Pipeline Declarative Plugin up to 1.3.3 Sandbox Converter.groovy Code Execution

A vulnerability classified as critical was found in Pipeline Declarative Plugin up to 1.3.3. This vulnerability affects the functionality of the file...
Auteur: VulDB

Pipeline Groovy Plugin up to 2.61 on Jenkins Sandbox CpsFlowDefinition.java Code Execution

A vulnerability classified as critical has been found in Pipeline Groovy Plugin up to 2.61 on Jenkins. This affects an unknown function of the file src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java of the component Sandbox....
Auteur: VulDB

Script Security Plugin up to 2.49 on Jenkins GroovySandbox.java Code Execution

A vulnerability was found in Script Security Plugin up to 2.49 on Jenkins. It has been rated as critical. Affected by this issue is some processing of the file src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java....
Auteur: VulDB

CA Service Desk Manager 14.1/17 User Interface privilege escalation

A vulnerability has been found in CA Service Desk Manager 14.1/17 and classified as critical. This vulnerability affects a functionality of the component User Interface. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

CA Service Desk Manager 14.1/17 information disclosure [CVE-2018-19634]

A vulnerability, which was classified as problematic, was found in CA Service Desk Manager 14.1/17. This affects a function. The manipulation with an unknown input leads to a information disclosure vulnerability. CWE is classifying the issue as...
Auteur: VulDB

Foreman Smart Class Feature privilege escalation [CVE-2018-14666]

A vulnerability, which was classified as critical, has been found in Foreman (Service Management Software). Affected by this issue is some functionality of the component Smart Class Feature. The manipulation with an unknown input leads to a...
Auteur: VulDB

Fortinet FortiOS up to 5.6.7/6.0.2 Access Control Credentials information disclosure

A vulnerability classified as problematic was found in Fortinet FortiOS up to 5.6.7/6.0.2 (Firewall Software). Affected by this vulnerability is the functionality of the component Access Control. The manipulation with an unknown input leads to a...
Auteur: VulDB

Brocade Network Advisor up to 14.0.2 User Database weak encryption

A vulnerability was found in Brocade Network Advisor up to 14.0.2. It has been declared as critical. Affected by this vulnerability is a code block of the component User Database. The manipulation with an unknown input leads to a weak encryption...
Auteur: VulDB

Brocade Network Advisor up to 14.0.x Remote Code Execution [CVE-2018-6444]

A vulnerability was found in Brocade Network Advisor up to 14.0.x. It has been classified as critical. Affected is code. The manipulation with an unknown input leads to a privilege escalation vulnerability (Code Execution). CWE is classifying...
Auteur: VulDB

Brocade Network Advisor up to 14.3.0 JBoss Administration Interface Default Credentials weak authentication

A vulnerability was found in Brocade Network Advisor up to 14.3.0 and classified as critical. This issue affects a part of the component JBoss Administration Interface. The manipulation with an unknown input leads to a weak authentication...
Auteur: VulDB
12345678910Last

Événements SSI

FIC

Le 11ème Forum International de la Cybersécurité occupe les 22 et 23 janvier 2019 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RENCONTRES AMRAE

Les 27èmes Rencontres de l'AMRAE (Association française des professionnels de la gestion des risques et des assurances) , le congrès annuel de référence des métiers du risque et des assurances, ont lieu du 6 au 8 février 2019 à Deauville (Centre International) sur le thème : "Le risque au coeur de la transformation". Organisées par l'AMRAE.

ACCESSECURITY

AccesSecurity, salon euro-méditerranéen de la sécurité globale, se tient à Marseille (Chanot) les 6 et 7 mars 2019. Organisé par Safim.

IT & IT SECURITY MEETINGS

IT & IT Security Meetings, «salon des réseaux, du cloud, de la mobilité et de la sécurité informatique», se tient à Cannes, Palais des Festivals et des Congrès du 19 au 21 mars 2019. Organisé par Weyou Group.

RSS