Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Critical Vulnerabilities in Cisco Products (CERT-EU Security Advisory 2020-039)

On 29th of July, Cisco released several security updates to address security vulnerabilities including three critical ones: an authentication bypass (CVE-2020-3382), a buffer overflow (CVE-2020-3375), and an authorization bypass (CVE-2020-3374)....
Auteur: Cert EU

Critical Wordpress Plugin Vulnerability (CERT-EU Security Advisory 2020-038)

On 19th of June, Wordfence Threat Intelligence team discovered a vulnerability that affects Wordpress plugin Comments – wpDiscuz. This flaw gives unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve...
Auteur: Cert EU

Citrix Workspace Vulnerability (CERT-EU Security Advisory 2020-037)

Citrix Workspace is vulnerable to a remote command execution attack. The flaw sees Workspace app's automatic update feature abused to gain access to a vulnerable Workspace app installation, with the attack vector being a named pipe. Citrix have...
Auteur: Cert EU

Critical Cisco Vulnerabilities (CERT-EU Security Advisory 2020-036)

Cisco released 31 Security Advisories for vulnerabilities affecting its products. Five of them are rated critical with CVSS Score 9.8. In particular, critical vulnerabilities affect: telnet service of firewall routers (CVE-2020-3330), web-based...
Auteur: Cert EU

Windows DNS Server Remote Code Execution Vulnerability (CERT-EU Security Advisory 2020-035)

A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local...
Auteur: Cert EU

SAP - Multiple Vulnerabilities (CERT-EU Security Advisory 2020-034)

On the 14th of July 2020, SAP released eight Security Notes on the Security Patch Day. Security Note "#2934135" addresses a critical vulnerability CVE-2020-6286 affecting the SAP NetWeaver Application Server (AS) Java component LM Configuration...
Auteur: Cert EU

Serious MobileIron Vulnerabilities (CERT-EU Security Advisory 2020-033)

Recently, an independent security researcher reported to MobileIron that he had identified vulnerabilities in MobileIron Core that could allow an attacker to execute remote exploits without authentication. MobileIron has now issued patches for...
Auteur: Cert EU

Critical CITRIX Vulnerabilities (CERT-EU Security Advisory 2020-032)

Multiple vulnerabilities have been discovered in Citrix ADC (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway) and Citrix SD-WAN WANOP. These vulnerabilities, if exploited, could result in a number of security...
Auteur: Cert EU

F5 Critical Vulnerability (CERT-EU Security Advisory 2020-031)

A new vulnerability has been discovered in the configuration interface of the BIG-IP application delivery controller (ADC) used by some of the world's biggest companies. Attackers can run commands as an unauthorized user and completely compromise...
Auteur: Cert EU

Microsoft Sharepoint - RCE in ASP.Net Web Controls (CERT-EU Security Advisory 2020-030)

On the 6th of June 2020, Microsoft released a security advisory for a vulnerability affecting Microsoft Sharepoint identified as CVE-2020-1181. On the 17th of June 2020, Zero Day Initiative released a blog post providing a proof of concept on how...
Auteur: Cert EU

FortiClient Hardcoded Cryptographic Key (CERT-EU Security Advisory 2020-029)

Fortinet FortiClient for Windows uses a hard-coded cryptographic key to encrypt security sensitive data in the configuration file. The vulnerability allows an attacker with access to the configuration file to disclose sensitive configuration...
Auteur: Cert EU

FortiClient for Windows Privilege Escalation Vulnerability (CERT-EU Security Advisory 2020-028)

Fortinet FortiClient for Windows is subject of a local privilege-escalation vulnerability. The vulnerability has received CVE number CVE-2020-9291.
Auteur: Cert EU

DNS Protocol Vulnerability (CERT-EU Security Advisory 2020-027)

On 19th of May 2020 a new DNS protocol vulnerability was made public. It was discovered by researchers from Tel Aviv University and the Interdisciplinary Center in Israel. Disclosed vulnerability abuses DNS delegation mechanism to force DNS...
Auteur: Cert EU

Critical Oracle WebLogic Server Vulnerability Exploited (CERT-EU Security Advisory 2020-026)

In April, within the monthly Critical Patch Update Advisory addressing hundreds of vulnerabilities, Oracle released an update about a critical vulnerability affecting WebLogic Server. This vulnerability allows remote attackers to execute...
Auteur: Cert EU

Microsoft Sharepoint - RCE in TypeConverters (CERT-EU Security Advisory 2020-025)

On the 14th of April 2020, Microsoft released several security advisories for vulnerabilities affecting Microsoft Sharepoint. On the 29th of April 2020, Zero Day Initiative released a blog post providing details on one of these vulnerabilities...
Auteur: Cert EU

Multiple Vulnerabilities in the Autodesk FBX Library (CERT-EU Security Advisory 2020-024)

On April 15, 2020, Microsoft has announced the release of updates to address multiple vulnerabilities found in the Autodesk FBX library which is integrated into certain Microsoft applications such as Microsoft Office, Office 365 ProPlus and Paint...
Auteur: Cert EU

Pulse Connect Secure Severe Vulnerabilities (CERT-EU Security Advisory 2020-023)

On April 6, 2020, three issues were discovered in Host Checker policy enforcement on Pulse Secure Pulse Connect Secure (PCS). These vulnerabilities were encoded as CVE-2020-11580 (No certificate Validation), CVE-2020-11581 (Command Injection),...
Auteur: Cert EU

Liferay Portal - Exploited Remote Code Execution Vulnerabilities (CERT-EU Security Advisory 2020-022)

On March 20, 2020, Code White released two proof-of-concepts for vulnerabilities on Liferay Portal. These vulnerabilities were patched by Liferay. However, CERT-EU is aware of these vulnerabilities being actually exploited by malicious threat...
Auteur: Cert EU

Critical Vulnerability in VMware vCenter (CERT-EU Security Advisory 2020-021)

On April 9, 2020, VMware vCenter Server updates were issued, which address sensitive information disclosure vulnerability in the VMware Directory Service "vmdir" (CVE-2020-3952). A malicious actor with network access to an affected deployment may...
Auteur: Cert EU

Critical Vulnerabilities in Firefox (CERT-EU Security Advisory 2020-020)

On the 3rd of April 2020, Mozilla released an advisory concerning two critical vulnerabilities affecting Firefox browser. According to Mozilla, both vulnerabilities are related to "use-after-free" bugs and have been exploited in the wild in...
Auteur: Cert EU

Apache Web Server Vulnerability (CERT-EU Security Advisory 2020-019)

On the 1st of April 2020, a new vulnerability was made public related to Apache Web server. Apache HTTP Server is prone to an open-redirection vulnerability because it fails to properly validate the redirect URLs. Specifically, this issue affects...
Auteur: Cert EU

Serious PHP Vulnerability (CERT-EU Security Advisory 2020-018)

In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while using "mb_strtolower()" function with "UTF-32LE" encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption,...
Auteur: Cert EU

Remote-Code-Execution Vulnerabilities in All Versions of Windows (CERT-EU Security Advisory 2020-017)

On the 23th of March 2020, Microsoft released a security advisory for two remote-code-execution vulnerabilities affecting all versions of Windows. The two vulnerabilities are linked to the Adobe Type Manager Library. An attacker could exploit...
Auteur: Cert EU

Multiple Critical Vulnerabilities in Trend Micro (CERT-EU Security Advisory 2020-016)

On the 16th of March 2020, Trend Micro has released critical patches for two remote code execution vulnerabilities in Trend Micro Apex One and OfficeScan XG along with other three critical vulnerabilities. Trend Micro confirmed that they...
Auteur: Cert EU

Critical Vulnerability in VMWare Products (CERT-EU Security Advisory 2020-015)

On the 12th of March 2020, VMWare released an advisory concerning three vulnerabilities in VMWare products. The most critical one (CVE-2020-3947) could be exploited by an attacker to execute code on a host system from a malicious or compromised...
Auteur: Cert EU
12345678910Last

Événements SSI