image
image
image
L'Expertise Accessible

Protégez vos données, préservez Vos Actifs

Chez Bexxo, nous savons que chaque entreprise est unique. C'est pourquoi nos solutions, conformes aux normes ISO 27001/27002 et NIST, sont adaptées à vos besoins, votre budget et vos objectifs. Nous assurons une sécurité optimale tout en simplifiant vos processus.

Analyse Gratuite Cybersécurité

Demandez une évaluation gratuite de votre cybersécurité.
Notre équipe vous contactera pour effectuer une analyse gratuite de votre cybersécurité.

Nos Services de Cybersécurité

Sécurité des Sites Internet

icon
01 Audit complet et détection des vulnérabilités

Nous réalisons une analyse approfondie de votre site web, conforme aux normes ISO 2700x et NIST CSF, pour identifier et corriger les failles de sécurité potentielles avant qu'elles ne soient exploitées.

icon
02 Protection contre les attaques

Nous déployons des mesures de défense solides pour sécuriser votre site face aux attaques telles que les CSRF, les injections SQL, ainsi qu'à d'autres menaces courantes.

icon
03 Sécurisation des données

Nous veillons à protéger les données sensibles de vos clients et à sécuriser les transactions en ligne sur votre site web.

Sécurité des Réseaux d'Entreprise

icon
01 Audit et Analyse de l'infrastructure réseau

Nous effectuons un examen approfondi de vos politiques de sécurité et de votre réseau, conformément aux normes ISO 2700x et NIST CSF, afin de repérer et corriger les vulnérabilités potentielles.

icon
02 Protection globale de l'infrastructure IT

Nous protégeons l'ensemble de votre système informatique contre les menaces internes et externes, garantissant ainsi une sécurité optimale pour votre entreprise.

icon
03 Sécurisation des accès et des données sensibles

Nous sécurisons vos accès critiques et protégeons vos données confidentielles pour garantir leur intégrité.

Découvrez notre entreprise

Comment nous collaborons avec vous

icon
Écoute et compréhension

Nous prenons le temps de discuter de vos besoins et de vos objectifs afin de bien comprendre vos enjeux spécifiques.

icon
Analyse approfondie

Nous examinons en détail vos politiques de sécurité, vos systèmes web et réseau pour repérer les vulnérabilités.

icon
Correction et renforcement

Nous déployons des solutions pour éliminer les failles et renforcer vos défenses.

icon
Vigilance permanente

Nous garantissons une surveillance continue et nous nous adaptons constamment à l'évolution des menaces.

Mise à jour permanente

Découvrez les derniers CVE critiques publiés.

Précédent
Prochain

8.6

CVE-2024-47606 - HIGH
11/12/2024

GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux_parse_theora_extension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a large unintended value when cast to an unsigned integer. This 32-bit negative value is then cast to a 64-bit unsigned i...

8.6

CVE-2024-47607 - HIGH
11/12/2024

GStreamer is a library for constructing graphs of media-handling components. stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c'. The pos array is a stack-allocated buffer of size 64. If n_channels exceeds 64, the for loop will write beyond the boundaries of the pos array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This bu...

8.6

CVE-2024-47613 - HIGH
11/12/2024

GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the vorbis_handle_identification_packet function within gstvorbisdec.c. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array. The value written will always be GST_AUDIO_CHAN...

memorycorruption

8.6

CVE-2024-47615 - HIGH
11/12/2024

GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the pad->vorbis_mode_sizes array (which size is 256). When this happens, the for loop overwrites the ent...

overflow

9.9

CVE-2024-42448 - CRITICAL
11/12/2024

From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.

8.6

CVE-2024-47537 - HIGH
11/12/2024

GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream->samples to accommodate stream->n_samples + samples_count elements of type QtDemuxSample. The problem is that samples_count is read from the input file. And if this value is big enough, this can lead to an integer overflow during the addition. As a consequ...

overflow

8.6

CVE-2024-47538 - HIGH
11/12/2024

GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the vorbis_handle_identification_packet function within gstvorbisdec.c. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array The value written will always be GST_AUDIO_CHANN...

8.6

CVE-2024-47539 - HIGH
11/12/2024

GStreamer is a library for constructing graphs of media-handling components. An out-of-bounds write vulnerability was identified in the convert_to_s334_1a function in isomp4/qtdemux.c. The vulnerability arises due to a discrepancy between the size of memory allocated to the storage array and the loop condition i * 2 < ccpair_size. Specifically, when ccpair_size is even, the allocated size in stora...

overflow

8.6

CVE-2024-47540 - HIGH
11/12/2024

GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. When size < 4, the program calls gst_buffer_unmap with an uninitialized map variable. Then, in the gst_memory_unmap function, the program will attempt to unmap the buffer using the ...

9.3

CVE-2024-50339 - CRITICAL
11/12/2024

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.17, an unauthenticated user can retrieve all the sessions IDs and use them to steal any valid session. Version 10.0.17 contains a patch for this issue.

crosssitescriptingauthorisationproblemOWSAP: A03OWSAP: A07

9.5

CVE-2024-53677 - CRITICAL
11/12/2024

File upload logic is flawed vulnerability in Apache Struts. This issue affects Apache Struts: from 2.0.0 before 6.4.0. Users are recommended to upgrade to version 6.4.0, which fixes the issue. You can find more details in  https://cwiki.apache.org/confluence/display/WW/S2-067

9.3

CVE-2024-11737 - CRITICAL
11/12/2024

CWE-20: Improper Input Validation vulnerability exists that could lead to a denial of service and a loss of confidentiality, integrity of the controller when an unauthenticated crafted Modbus packet is sent to the device.

OWSAP: A03

9.1

CVE-2024-11053 - CRITICAL
11/12/2024

When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.

8.4

CVE-2024-53290 - HIGH
11/12/2024

Dell ThinOS version 2408 contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Command execution

commandinjectionOWSAP: A03

9.3

CVE-2024-54032 - CRITICAL
10/12/2024

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

crosssitescriptingOWSAP: A03

8.2

CVE-2024-54036 - HIGH
10/12/2024

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

crosssitescriptingOWSAP: A03

8.4

CVE-2024-49105 - HIGH
10/12/2024

Remote Desktop Client Remote Code Execution Vulnerability

OWSAP: A01

8.8

CVE-2024-46340 - HIGH
09/12/2024

TP-Link TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 was discovered to transmit user credentials in plaintext after executing a factory reset.

OWSAP: A04

8.8

CVE-2024-50920 - HIGH
09/12/2024

Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to create a fake node via supplying crafted packets.

9.1

CVE-2024-11633 - CRITICAL
10/12/2024

Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution

OWSAP: A03

Contactez Nous

Nous traiterons vos informations personnelles conformément à notre politique de confidentialité.

Cliquez sur le bouton à gauche (OFF), pour autoriser l'inscription de cookie améliorant les fonctionnalités du site. Cliquez sur le bouton à gauche (ON), pour ne plus autoriser l'inscription de cookie améliorant les fonctionnalités du site.