mercredi 14 novembre 2018    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Microsoft Releases November 2018 Security Updates

Original release date: November 13, 2018 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.NCCIC...
Auteur: US Cert

Adobe Releases Security Updates

Original release date: November 13, 2018 Adobe has released security updates to address vulnerabilities in Flash Player, Adobe Acrobat and Reader, and Adobe Photoshop CC. An attacker could exploit these vulnerabilities to obtain access to...
Auteur: US Cert

Charles 4.2.7 Import/Export XML External Entity

A vulnerability was found in Charles 4.2.7. It has been rated as critical. This issue affects an unknown function of the component Import/Export. The manipulation with an unknown input leads to a privilege escalation vulnerability (XXE). Using...
Auteur: VulDB

PHP-Proxy 5.1.0 config.php information disclosure

A vulnerability classified as problematic has been found in PHP-Proxy 5.1.0. Affected is an unknown function of the file config.php. The manipulation with an unknown input leads to a information disclosure vulnerability. CWE is classifying the...
Auteur: VulDB

CERTFR-2018-ACT-017 : Bulletin d’actualité CERTFR-2018-ACT-017 (12 novembre 2018)

Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs) Le 5 novembre 2018, deux chercheurs néerlandais (Carlo Meijer et Bernard van Gastel) ont …
Auteur: Cert FR

CERTFR-2018-AVI-542 : Multiples vulnérabilités dans les produits VMware (12 novembre 2018)

De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2018-AVI-541 : Multiples vulnérabilités dans le noyau Linux de SUSE (12 novembre 2018)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité...
Auteur: Cert FR

CERTFR-2018-AVI-540 : Multiples vulnérabilités dans Google Chrome (12 novembre 2018)

De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Auteur: Cert FR

CERTFR-2018-AVI-539 : Multiples vulnérabilités dans les produits IBM (12 novembre 2018)

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique...
Auteur: Cert FR

XiaoCms 20141229 index.php data[content] cross site request forgery

A vulnerability classified as problematic has been found in XiaoCms 20141229. This affects an unknown function of the file admin/index.php?c=content&a=add&catid=3. The manipulation of the argument data[content] as part of a Parameter leads to a...
Auteur: VulDB

libIEC61850 1.3 mms/asn1/ber_encoder.c BerEncoder_encodeOctetString memory corruption

A vulnerability was found in libIEC61850 1.3. It has been rated as critical. Affected by this issue is the function BerEncoder_encodeOctetString of the file mms/asn1/ber_encoder.c. The manipulation with an unknown input leads to a memory...
Auteur: VulDB

Go Ethereum 1.8.17 cmd/evm/runner.go memory corruption

A vulnerability was found in Go Ethereum 1.8.17. It has been declared as critical. Affected by this vulnerability is an unknown function of the file cmd/evm/runner.go. The manipulation with an unknown input leads to a memory corruption...
Auteur: VulDB

ethereumjs-vm 2.4.0 Attribute denial of service

A vulnerability was found in ethereumjs-vm 2.4.0. It has been classified as problematic. Affected is an unknown function. The manipulation as part of a Attribute leads to a denial of service vulnerability. CWE is classifying the issue as...
Auteur: VulDB

Py-EVM 0.2.0-alpha.33 vm.execute_bytecode Smart Contract privilege escalation

A vulnerability was found in Py-EVM 0.2.0-alpha.33 and classified as critical. This issue affects the function vm.execute_bytecode. The manipulation as part of a Smart Contract leads to a privilege escalation vulnerability. Using CWE to declare...
Auteur: VulDB

XiaoCms 20141229 database.php directory traversal

A vulnerability was found in XiaoCms 20141229 and classified as critical. Affected by this issue is an unknown function of the file admin\controller\database.php. The manipulation with an unknown input leads to a directory traversal...
Auteur: VulDB

XiaoCms 20141229 show_product.html cross site scripting

A vulnerability, which was classified as problematic, was found in XiaoCms 20141229. Affected is an unknown function of the file template\default\show_product.html. The manipulation with an unknown input leads to a cross site scripting...
Auteur: VulDB

XiaoCms 20141229 Error Message index.php information disclosure

A vulnerability, which was classified as problematic, has been found in XiaoCms 20141229. This issue affects an unknown function of the file /admin/index.php?c=database of the component Error Message Handler. The manipulation with an unknown...
Auteur: VulDB

XiaoCms 20141229 New News Screen cross site scripting

A vulnerability classified as problematic was found in XiaoCms 20141229. This vulnerability affects an unknown function of the component New News Screen. The manipulation with an unknown input leads to a cross site scripting vulnerability. The...
Auteur: VulDB

XiaoCms 20141229 uploadfile.php type privilege escalation

A vulnerability has been found in XiaoCms 20141229 and classified as critical. Affected by this vulnerability is an unknown function of the file admin\controller\uploadfile.php. The manipulation of the argument type as part of a Parameter leads...
Auteur: VulDB

Netwide Assembler up to 2.14rc16 nasmlib/malloc.c nasm_malloc denial of service

A vulnerability, which was classified as problematic, was found in Netwide Assembler up to 2.14rc16. Affected is the function nasm_malloc in the library nasmlib/malloc.c. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

libwebm up to 2018-10-03 InitWebmParser() denial of service

A vulnerability, which was classified as problematic, has been found in libwebm up to 2018-10-03. This issue affects the function libwebm::Webm2Pes::InitWebmParser(). The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

ncurses 6.1 parse_entry.c _nc_parse_entry denial of service

A vulnerability classified as problematic was found in ncurses 6.1. This vulnerability affects the function _nc_parse_entry of the file parse_entry.c. The manipulation with an unknown input leads to a denial of service vulnerability (NULL...
Auteur: VulDB

LibTIFF 4.0.9 tif_dirwrite.c TIFFWriteDirectorySec denial of service

A vulnerability classified as problematic has been found in LibTIFF 4.0.9. This affects the function TIFFWriteDirectorySec of the file tif_dirwrite.c. The manipulation with an unknown input leads to a denial of service vulnerability (NULL...
Auteur: VulDB

Netwide Assembler 2.14rc15 asm/labels.c find_label denial of service

A vulnerability was found in Netwide Assembler 2.14rc15. It has been rated as problematic. Affected by this issue is the function find_label of the file asm/labels.c. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

libwpd 0.10.2 WP6ContentListener.cpp defineTable denial of service

A vulnerability was found in libwpd 0.10.2. It has been declared as problematic. Affected by this vulnerability is the function WP6ContentListener::defineTable of the file WP6ContentListener.cpp. The manipulation with an unknown input leads to a...
Auteur: VulDB
12345678910Last

Événements SSI

TRUSTECH

Cet événement international dédié aux "technologies de la confiance" qui intègre désormais le salon Cartes Secure Connexions (jusqu'en 2015 celui-ci se tenait à Paris Villepinte) est organisé à Cannes (palais des festivals) du 27 au 29 novembre 2018. Organisé par Comexposium.

 

FIC

Le 11ème Forum International de la Cybersécurité occupe les 22 et 23 janvier 2019 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RENCONTRES AMRAE

Les 27èmes Rencontres de l'AMRAE (Association française des professionnels de la gestion des risques et des assurances) , le congrès annuel de référence des métiers du risque et des assurances, ont lieu du 6 au 8 février 2019 à Deauville (Centre International) sur le thème : "Le risque au coeur de la transformation". Organisées par l'AMRAE.

ACCESSECURITY

AccesSecurity, salon euro-méditerranéen de la sécurité globale, se tient à Marseille (Chanot) les 6 et 7 mars 2019. Organisé par Safim.

IT & IT SECURITY MEETINGS

IT & IT Security Meetings, «salon des réseaux, du cloud, de la mobilité et de la sécurité informatique», se tient à Cannes, Palais des Festivals et des Congrès du 19 au 21 mars 2019. Organisé par Weyou Group.

RSS