mardi 23 juillet 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

CERTFR-2019-AVI-357 : Vulnérabilité dans Fortinet FortiOS (23 juillet 2019)

Une vulnérabilité a été découverte dans Fortinet FortiOS. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2019-AVI-356 : Multiples vulnérabilités dans les produits Apple (23 juillet 2019)

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique...
Auteur: Cert FR

CERTFR-2019-AVI-355 : Multiples vulnérabilités dans le noyau Linux d’Ubuntu (23 juillet 2019)

De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à la confidentialité des données.

Auteur: Cert FR

Poppler up to 0.78.0 JPXStream::init Negative Value memory corruption

A vulnerability was found in Poppler up to 0.78.0 (Document Reader Software). It has been declared as critical. Affected by this vulnerability is the function JPXStream::init. The manipulation as part of a Negative Value leads to a memory...
Auteur: VulDB

IBM Spectrum Protect 7.1/8.1 Backup-Archive Client memory corruption

A vulnerability was found in IBM Spectrum Protect 7.1/8.1 (Backup Software). It has been classified as critical. Affected is an unknown code block of the component Backup-Archive Client. The manipulation with an unknown input leads to a memory...
Auteur: VulDB

IBM Spectrum Protect 7.l Client Backup/Archive Operation privilege escalation

A vulnerability was found in IBM Spectrum Protect 7.l (Backup Software) and classified as critical. This issue affects an unknown code of the component Client Backup/Archive Operation. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

ZTE OTCP 1.19.20.02 Security Management Parameter cross site scripting

A vulnerability has been found in ZTE OTCP 1.19.20.02 and classified as problematic. This vulnerability affects an unknown part of the component Security Management. The manipulation as part of a Parameter leads to a cross site scripting...
Auteur: VulDB

Qualcomm Snapdragon Auto WLAN Firmware Out-of-Bounds memory corruption

A vulnerability, which was classified as critical, was found in Qualcomm Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Voice & Music (Chip Software). This affects some unknown functionality...
Auteur: VulDB

Qualcomm Snapdragon Auto Video Driver Out-of-Bounds memory corruption

A vulnerability, which was classified as critical, has been found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music and Snapdragon Wearables (Chip...
Auteur: VulDB

Qualcomm Snapdragon Auto Shared Memory memory corruption [CVE-2019-2279]

A vulnerability classified as critical was found in Qualcomm Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music and Snapdragon Wearables (Chip Software)....
Auteur: VulDB

Qualcomm Snapdragon Auto WLAN Out-of-Bounds memory corruption

A vulnerability classified as critical has been found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Voice & Music (Chip Software). Affected is some unknown...
Auteur: VulDB

Qualcomm Snapdragon Auto Action Frame memory corruption [CVE-2019-2269]

A vulnerability was found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Voice & Music (Chip Software). It has been rated as critical. This issue affects an...
Auteur: VulDB

Qualcomm Snapdragon Auto Channel NULL Pointer Dereference denial of service

A vulnerability was found in Qualcomm Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music and Snapdragon Wearables (Chip Software). It has been declared as problematic. This vulnerability affects an unknown code...
Auteur: VulDB

Qualcomm Snapdragon Auto GPU Subsystem information disclosure

A vulnerability was found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music and Snapdragon Wired Infrastructure and Networking...
Auteur: VulDB

Qualcomm Snapdragon Auto perf-event Use-After-Free memory corruption

A vulnerability was found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music and Snapdragon Wearables (Chip Software) and classified as critical....
Auteur: VulDB

Qualcomm Snapdragon Auto Version Info Loop memory corruption

A vulnerability has been found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music and Snapdragon Wearables (Chip Software) and...
Auteur: VulDB

Send Anywhere App 9.4.18 on Android Password Storage username/password privilege escalation

A vulnerability, which was classified as critical, was found in Send Anywhere App 9.4.18 on Android (Android App Software). Affected is an unknown function of the file username/password of the component Password Storage. The manipulation with an...
Auteur: VulDB

Momo App 2.1.9 on Android Credential Storage Cleartext privilege escalation

A vulnerability, which was classified as critical, has been found in Momo App 2.1.9 on Android (Android App Software). This issue affects some unknown processing of the component Credential Storage. The manipulation with an unknown input leads...
Auteur: VulDB

TronLink Wallet 2.2.0 Registration Form CreateWalletTwoActivity information disclosure

A vulnerability classified as problematic was found in TronLink Wallet 2.2.0. This vulnerability affects the function CreateWalletTwoActivity of the component Registration Form. The manipulation with an unknown input leads to a information...
Auteur: VulDB

Cat Runner Decorate Home 2.8.0 on Android Application API privilege escalation

A vulnerability classified as critical has been found in Cat Runner Decorate Home 2.8.0 on Android (Android App Software). This affects an unknown code of the component Application API. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

TronLink Wallet 2.2.0 Secure Storage .xml privilege escalation

A vulnerability was found in TronLink Wallet 2.2.0. It has been rated as critical. Affected by this issue is an unknown part of the file /data/data/com.tronlink.wallet/shared_prefs/.xml of the component Secure Storage. The manipulation with an...
Auteur: VulDB

Sweetscape 010 Editor 9.0.1 Variable Integer Overflow memory corruption

A vulnerability was found in Sweetscape 010 Editor 9.0.1. It has been declared as critical. Affected by this vulnerability is some unknown functionality. The manipulation as part of a Variable leads to a memory corruption vulnerability (Integer...
Auteur: VulDB

Sweetscape 010 Editor 9.0.1 Scripting Engine Memcpy Argument memory corruption

A vulnerability was found in Sweetscape 010 Editor 9.0.1. It has been classified as critical. Affected is the function Memcpy of the component Scripting Engine. The manipulation as part of a Argument leads to a memory corruption vulnerability...
Auteur: VulDB

ATCOM A10W 2.6.1a2421 Web Interface Shell Metacharacter command injection

A vulnerability was found in ATCOM A10W 2.6.1a2421 and classified as critical. This issue affects an unknown function of the component Web Interface. The manipulation as part of a Shell Metacharacter leads to a privilege escalation vulnerability...
Auteur: VulDB

Akuvox R50P 50.0.6.156 Telnet Service Default Credentials weak authentication

A vulnerability has been found in Akuvox R50P 50.0.6.156 and classified as critical. This vulnerability affects some unknown processing of the component Telnet Service. The manipulation with an unknown input leads to a weak authentication...
Auteur: VulDB
12345678910Last

Événements SSI

BLACK HAT

Événement majeur mondial sur la sécurité de l'information la conférence Black Hat USA a lieu du 3 au 8 août 2019 à Las Vegas (Mandalay Bay). Organisé par UBM.


Présentation par l'organisateur

Now in its 22nd year, Black Hat USA is the world's leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2019 opens with four days of technical Trainings (August 3-6) followed by the two-day main conference (August 7-8) featuring Briefings, Arsenal, Business Hall, and more.

 Plus d'infos sur le site dédié à l'événement.

LES ASSISES

Grand rendez-vous annuel des RSSI, les Assises de la sécurité des systèmes d'information se tiennent à Monaco (Grimaldi Forum) du 9 au 12 octobre 2019. Organisées par DG Consultants.

Présentation par l'organisateur



Retour sur Les Assises 2018

La 18ème édition des Assises de la Sécurité à Monaco, c’est terminé ! Encore merci aux 2800 participants dont les 160 partenaires qui pendant trois jours se sont retrouvés pour faire vivre cet événement unique en France. Conférences, one-to-one, tables-rondes, ateliers, moments de networking… Par leur contenu, par la qualité des visiteurs et par la richesse des échanges, les Assises se positionnent plus que jamais comme le rendez-vous incontournable de tous les professionnels de la cybersécurité. A l’image du marché qui ne cesse d’évoluer, les Assises savent adapter leur offre afin de répondre au mieux aux attentes du secteur. Ainsi cette édition a-t-elle voulu mettre en avant les grands enjeux du moment en multipliant les prises de parole, les démonstrations et les retours d’expérience.

Rendez-vous maintenant pour la prochaine édition qui aura lieu du 9 au 12 octobre 2019

Plus d'informations sur le site dédié à l'événement.

RSS