jeudi 28 mai 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

FortiClient for Windows Privilege Escalation Vulnerability (CERT-EU Security Advisory 2020-028)

Fortinet FortiClient for Windows is subject of a local privilege-escalation vulnerability. The vulnerability has received CVE number CVE-2020-9291.
Auteur: Cert EU

DNS Protocol Vulnerability (CERT-EU Security Advisory 2020-027)

On 19th of May 2020 a new DNS protocol vulnerability was made public. It was discovered by researchers from Tel Aviv University and the Interdisciplinary Center in Israel. Disclosed vulnerability abuses DNS delegation mechanism to force DNS...
Auteur: Cert EU

Critical Oracle WebLogic Server Vulnerability Exploited (CERT-EU Security Advisory 2020-026)

In April, within the monthly Critical Patch Update Advisory addressing hundreds of vulnerabilities, Oracle released an update about a critical vulnerability affecting WebLogic Server. This vulnerability allows remote attackers to execute...
Auteur: Cert EU

Microsoft Sharepoint - RCE in TypeConverters (CERT-EU Security Advisory 2020-025)

On the 14th of April 2020, Microsoft released several security advisories for vulnerabilities affecting Microsoft Sharepoint. On the 29th of April 2020, Zero Day Initiative released a blog post providing details on one of these vulnerabilities...
Auteur: Cert EU

Multiple Vulnerabilities in the Autodesk FBX Library (CERT-EU Security Advisory 2020-024)

On April 15, 2020, Microsoft has announced the release of updates to address multiple vulnerabilities found in the Autodesk FBX library which is integrated into certain Microsoft applications such as Microsoft Office, Office 365 ProPlus and Paint...
Auteur: Cert EU

Pulse Connect Secure Severe Vulnerabilities (CERT-EU Security Advisory 2020-023)

On April 6, 2020, three issues were discovered in Host Checker policy enforcement on Pulse Secure Pulse Connect Secure (PCS). These vulnerabilities were encoded as CVE-2020-11580 (No certificate Validation), CVE-2020-11581 (Command Injection),...
Auteur: Cert EU

Liferay Portal - Exploited Remote Code Execution Vulnerabilities (CERT-EU Security Advisory 2020-022)

On March 20, 2020, Code White released two proof-of-concepts for vulnerabilities on Liferay Portal. These vulnerabilities were patched by Liferay. However, CERT-EU is aware of these vulnerabilities being actually exploited by malicious threat...
Auteur: Cert EU

Critical Vulnerability in VMware vCenter (CERT-EU Security Advisory 2020-021)

On April 9, 2020, VMware vCenter Server updates were issued, which address sensitive information disclosure vulnerability in the VMware Directory Service "vmdir" (CVE-2020-3952). A malicious actor with network access to an affected deployment may...
Auteur: Cert EU

Critical Vulnerabilities in Firefox (CERT-EU Security Advisory 2020-020)

On the 3rd of April 2020, Mozilla released an advisory concerning two critical vulnerabilities affecting Firefox browser. According to Mozilla, both vulnerabilities are related to "use-after-free" bugs and have been exploited in the wild in...
Auteur: Cert EU

Apache Web Server Vulnerability (CERT-EU Security Advisory 2020-019)

On the 1st of April 2020, a new vulnerability was made public related to Apache Web server. Apache HTTP Server is prone to an open-redirection vulnerability because it fails to properly validate the redirect URLs. Specifically, this issue affects...
Auteur: Cert EU

Serious PHP Vulnerability (CERT-EU Security Advisory 2020-018)

In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while using "mb_strtolower()" function with "UTF-32LE" encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption,...
Auteur: Cert EU

Remote-Code-Execution Vulnerabilities in All Versions of Windows (CERT-EU Security Advisory 2020-017)

On the 23th of March 2020, Microsoft released a security advisory for two remote-code-execution vulnerabilities affecting all versions of Windows. The two vulnerabilities are linked to the Adobe Type Manager Library. An attacker could exploit...
Auteur: Cert EU

Multiple Critical Vulnerabilities in Trend Micro (CERT-EU Security Advisory 2020-016)

On the 16th of March 2020, Trend Micro has released critical patches for two remote code execution vulnerabilities in Trend Micro Apex One and OfficeScan XG along with other three critical vulnerabilities. Trend Micro confirmed that they...
Auteur: Cert EU

Critical Vulnerability in VMWare Products (CERT-EU Security Advisory 2020-015)

On the 12th of March 2020, VMWare released an advisory concerning three vulnerabilities in VMWare products. The most critical one (CVE-2020-3947) could be exploited by an attacker to execute code on a host system from a malicious or compromised...
Auteur: Cert EU

SMBv3 - Critical Remote Code Execution Vulnerability (CERT-EU Security Advisory 2020-014)

On the 10th of March 2020, Microsoft released a security advisory for a remote code execution vulnerability affecting Microsoft Server Message Block 3.1.1 (SMBv3) protocol. An "unauthenticated" attacker who successfully exploited the...
Auteur: Cert EU

Critical PPP Daemon Vulnerability (CERT-EU Security Advisory 2020-013)

A new dangerous (and 17 years old!) remote code execution vulnerability has been discovered by Ilja Van Sprundel from IOActive. It affects the PPP daemon ("pppd") software that comes installed on almost all Linux-based operating systems and...
Auteur: Cert EU

Cisco Webex Players Vulnerabilities (CERT-EU Security Advisory 2020-012)

High serverity vulnerabilities were patched in Cisco Webex video conferencing platform. In particular they affect Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows. If exploited, these could...
Auteur: Cert EU

Multiple XSS Vulnerabilities in Wordpress Plugins (CERT-EU Security Advisory 2020-011)

Several cross-site scripting (XSS) vulnerabilities were fond in popular WordPress plugins. Some of them could give attackers complete control of sites. It is to be mentioned that this year we have already observed other vulnerabilities in...
Auteur: Cert EU

Microsoft Exchange Server - Remote Code Execution Vulnerability (CERT-EU Security Advisory 2020-010)

Microsoft released a fix for a remote code execution vulnerability in Microsoft Exchange (CVE-2020-0688). The vulnerability exists because Exchange fails to create unique cryptographic keys at installation time, leading to all Exchange servers...
Auteur: Cert EU

Critical Vulnerability in ThemeGrill Demo Importer Wordpress Plugin (CERT-EU Security Advisory 2020-009)

A critical vulnerability affecting the ThemeGrill Demo Importer plugin has been identified. Theme Grill Demo Importer is a plugin that can be used to import ThemeGrill official themes demo content, widgets and theme settings. The plugin is...
Auteur: Cert EU

WordPress Profile Builder Plugin Critical Vulnerability (CERT-EU Security Advisory 2020-008)

A critical vulnerability affecting the WordPress Profile Builder Plugin has been identified. Profile Builder is a plugin designed to create custom forms that allow users to register, edit their profile, etc. The plugin is affected by a broken...
Auteur: Cert EU

Vulnerabilities in WordPress GDPR Cookie Consent Plugin (CERT-EU Security Advisory 2020-007)

Critical vulnerabilities affecting the WordPress GDPR Cookie Consent plugin have been identified. This plugin is used to make websites GDPR compliant. The vulnerability was reported by the security researcher Jerome Bruandet from NinTechNet. The...
Auteur: Cert EU

Internet Explorer Zero-Day Vulnerability (CERT-EU Security Advisory 2020-006)

Microsoft released an advisory notifying about a remote code execution (RCE) vulnerability existing in the scripting engine of Internet Explorer (IE). The vulnerability allows an attacker to corrupt the memory of the IE and execute code with the...
Auteur: Cert EU

Critical Vulnerabilities in WordPress Plugins (CERT-EU Security Advisory 2020-005)

Critical vulnerabilities that are affecting two WordPress plugins have been identified. The vulnerabilities affect InfiniteWP Client and the WP Time Capsule plugins and allow a remote attacker to login into an administrator account without password.
Auteur: Cert EU

Critical Vulnerabilities in Multiple Oracle Products (CERT-EU Security Advisory 2020-004)

Oracle has published an advisory about hundreds of critical vulnerabilities that are affecting several of its products. Many of the vulnerabilities can be remotely exploited without authentication and without user interaction. Expedient patching...
Auteur: Cert EU
12345678910Last

Événements SSI