mardi 16 juillet 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Google Releases Security Updates for Chrome

Original release date: July 15, 2019Google has released Chrome 75.0.3770.142 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker can exploit to take control of an affected system. The Cybersecurity and...
Auteur: US Cert

OpenModelica OMCompiler OPENMODELICAHOME Code Execution memory corruption

A vulnerability classified as critical was found in OpenModelica OMCompiler (affected version unknown). Affected by this vulnerability is an unknown code. The manipulation of the argument OPENMODELICAHOME as part of a Environment Variable leads...
Auteur: VulDB

Deepwoods WebLibrarian up to 3.5.2 on WordPress admin.php AllBarCodes sql injection

A vulnerability classified as critical has been found in Deepwoods WebLibrarian up to 3.5.2 on WordPress (WordPress Plugin). Affected is the function AllBarCodes of the file...
Auteur: VulDB

Fitbit Activity Tracker Bluetooth Low Energy PDF Document Anonymity information disclosure

A vulnerability was found in Fitbit Activity Tracker (unknown version). It has been rated as problematic. This issue affects some unknown functionality of the component Bluetooth Low Energy. The manipulation as part of a PDF Document leads to a...
Auteur: VulDB

VU#129209: LLVMs Arm stack protection feature can be rendered ineffective

The Stack Protection feature provided in the LLVM Arm backend protects against buffer overflows by adding a cookie value between local variables and the stack frame return address. The compiler stores this value in memory and checks the cookie...
Auteur: US Cert

CERTFR-2019-AVI-333 : Multiples vulnérabilités dans Foxit Reader et PhantomPDF (15 juillet 2019)

De multiples vulnérabilités ont été découvertes dans Foxit Reader et PhantomPDF. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et un déni de service à distance.

Auteur: Cert FR

CERTFR-2019-AVI-332 : Multiples vulnérabilités dans Squid (15 juillet 2019)

De multiples vulnérabilités ont été découvertes dans Squid. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2019-AVI-331 : Vulnérabilité dans IBM QRadar (15 juillet 2019)

Une vulnérabilité a été découverte dans IBM QRadar. Elle permet à un attaquant de provoquer un déni de service à distance.

Auteur: Cert FR

VideoLAN VLC Media Player up to 3.0.7.1 modules/demux/mp4/mp4.c MP4_EIA608_Convert() MP4 File memory corruption

A vulnerability was found in VideoLAN VLC Media Player up to 3.0.7.1 (Multimedia Player Software). It has been declared as critical. This vulnerability affects the function MP4_EIA608_Convert() of the file modules/demux/mp4/mp4.c. The...
Auteur: VulDB

Vera Edge Home Controller 1.7.4452 LuaUPnP /port_3480/data_request code privilege escalation

A vulnerability was found in Vera Edge Home Controller 1.7.4452. It has been classified as critical. This affects an unknown function of the file /port_3480/data_request of the component LuaUPnP. The manipulation of the argument code as part of...
Auteur: VulDB

Sahi Pro 8.0.0 Launcher Player_setScriptFile _execute() Command privilege escalation

A vulnerability was found in Sahi Pro 8.0.0 and classified as critical. Affected by this issue is the function _execute() of the file _s_/sprm/_s_/dyn/Player_setScriptFile of the component Launcher. The manipulation as part of a Command leads to...
Auteur: VulDB

Mirumee Saleor 2.7.0 CSRF Protection POST Request cross site request forgery

A vulnerability has been found in Mirumee Saleor 2.7.0 and classified as problematic. Affected by this vulnerability is an unknown code block of the component CSRF Protection. The manipulation as part of a POST Request leads to a cross site...
Auteur: VulDB

SoX 14.4.2 formats_i.c lsx_readbuf denial of service

A vulnerability, which was classified as problematic, was found in SoX 14.4.2. Affected is the function lsx_readbuf of the file formats_i.c. The manipulation with an unknown input leads to a denial of service vulnerability (NULL Pointer...
Auteur: VulDB

paranoid2 Gem 1.1.6 on Ruby Backdoor privilege escalation

A vulnerability, which was classified as critical, has been found in paranoid2 Gem 1.1.6 on Ruby (Ruby Gem). This issue affects an unknown part of the component Backdoor. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

PHP Scripts Mall School College Portal with ERP Script up to 2.6.1 cross site scripting

A vulnerability classified as problematic has been found in PHP Scripts Mall School College Portal with ERP Script up to 2.6.1 (Enterprise Resource Planning Software). This affects an unknown functionality of the file...
Auteur: VulDB

GNU C Library Thread Address information disclosure

A vulnerability was found in GNU C Library (Software Library) (affected version not known). It has been rated as problematic. Affected by this issue is an unknown function of the component Thread Handler. The manipulation with an unknown input...
Auteur: VulDB

GNU C Library ASLR Stack-based memory corruption

A vulnerability was found in GNU C Library (Software Library) (affected version unknown). It has been declared as critical. Affected by this vulnerability is some unknown processing of the component ASLR. The manipulation with an unknown input...
Auteur: VulDB

GNU C Library ELF File privilege escalation [CVE-2019-1010023]

A vulnerability was found in GNU C Library (Software Library) (version unknown). It has been classified as critical. Affected is an unknown code block of the component ELF File Handler. The manipulation with an unknown input leads to a...
Auteur: VulDB

GNU C Library nptl Stack-based memory corruption

A vulnerability was found in GNU C Library (Software Library) (unknown version) and classified as critical. This issue affects an unknown code of the component nptl. The manipulation with an unknown input leads to a memory corruption...
Auteur: VulDB

libnmap up to 0.6.2 XML Parser Resource Exhaustion denial of service

A vulnerability has been found in libnmap up to 0.6.2 (Security Testing Software) and classified as problematic. This vulnerability affects an unknown part of the component XML Parser. The manipulation with an unknown input leads to a denial of...
Auteur: VulDB

Dolibarr 6.0.4 Link card.php cross site scripting

A vulnerability, which was classified as problematic, was found in Dolibarr 6.0.4 (Enterprise Resource Planning Software). This affects some unknown functionality of the file htdocs/product/stats/card.php of the component Link Handler. The...
Auteur: VulDB

Moinejf abcm2ps 8.13.16 parse.c memory corruption

A vulnerability, which was classified as critical, has been found in Moinejf abcm2ps 8.13.16. Affected by this issue is an unknown functionality of the file parse.c. The manipulation with an unknown input leads to a memory corruption...
Auteur: VulDB

DGLogik DGLux Server IoT API privilege escalation [CVE-2019-1010009]

A vulnerability classified as critical was found in DGLogik DGLux Server (affected version unknown). Affected by this vulnerability is an unknown function of the component IoT API. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

OpenEnergyMonitor EmonCMS 9.8.8 My Account Page Lib/listjs/list.js Name/Location/Bio/Startin Page cross site scripting

A vulnerability classified as problematic has been found in OpenEnergyMonitor EmonCMS 9.8.8. Affected is some unknown processing in the library Lib/listjs/list.js of the component My Account Page. The manipulation of the argument...
Auteur: VulDB

Evince 3.26.0 Backend tiff-document.c PDF File memory corruption

A vulnerability was found in Evince 3.26.0. It has been rated as critical. This issue affects an unknown code block of the file backend/tiff/tiff-document.c of the component Backend. The manipulation as part of a PDF File leads to a memory...
Auteur: VulDB
12345678910Last

Événements SSI

BLACK HAT

Événement majeur mondial sur la sécurité de l'information la conférence Black Hat USA a lieu du 3 au 8 août 2019 à Las Vegas (Mandalay Bay). Organisé par UBM.


Présentation par l'organisateur

Now in its 22nd year, Black Hat USA is the world's leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2019 opens with four days of technical Trainings (August 3-6) followed by the two-day main conference (August 7-8) featuring Briefings, Arsenal, Business Hall, and more.

 Plus d'infos sur le site dédié à l'événement.

LES ASSISES

Grand rendez-vous annuel des RSSI, les Assises de la sécurité des systèmes d'information se tiennent à Monaco (Grimaldi Forum) du 9 au 12 octobre 2019. Organisées par DG Consultants.

Présentation par l'organisateur



Retour sur Les Assises 2018

La 18ème édition des Assises de la Sécurité à Monaco, c’est terminé ! Encore merci aux 2800 participants dont les 160 partenaires qui pendant trois jours se sont retrouvés pour faire vivre cet événement unique en France. Conférences, one-to-one, tables-rondes, ateliers, moments de networking… Par leur contenu, par la qualité des visiteurs et par la richesse des échanges, les Assises se positionnent plus que jamais comme le rendez-vous incontournable de tous les professionnels de la cybersécurité. A l’image du marché qui ne cesse d’évoluer, les Assises savent adapter leur offre afin de répondre au mieux aux attentes du secteur. Ainsi cette édition a-t-elle voulu mettre en avant les grands enjeux du moment en multipliant les prises de parole, les démonstrations et les retours d’expérience.

Rendez-vous maintenant pour la prochaine édition qui aura lieu du 9 au 12 octobre 2019

Plus d'informations sur le site dédié à l'événement.

RSS