Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Samsung and some Dell printers, Remote Disclosure of Information. (CERT-EU security Advisory 2012-0138)

Samsung printers and some Dell printers manufactured for Samsung contain and snmp account that could be used to get privileged access to the devices.
Auteur: Cert EU

PHP 5.4.9 and PHP 5.3.19 released, multiple vulnerabilities fixed [1] (CERT-EU Security Advisory 2012-0137)

The PHP development team announces the immediate availability of PHP 5.4.9 and PHP 5.3.19. These releases fix over 15 bugs. All users of PHP are encouraged to upgrade to PHP 5.4.9, or at least 5.3.19.
Auteur: Cert EU

Cisco Secure Access Control System TACACS+ Authentication Bypass Vulnerability [1] (CERT-EU Security Advisory 2012-0136)

Cisco Secure Access Control System (ACS) contains a vulnerability that could allow an unauthenticated, remote attacker to bypass TACACS+ based authentication service offered by the affected product. CVE-2012-5424 CVSS Base Score: 5.0...
Auteur: Cert EU

Cisco IronPort Appliances Sophos Anti-Virus Vulnerabilities [1] (CERT-EU Security Advisory 2012-0135)

Cisco IronPort Email Security Appliances (ESA) and Cisco IronPort Web Security Appliances (WSA) include versions of Sophos Anti-Virus that contain multiple vulnerabilities that could allow an unauthenticated, remote attacker to gain control of...
Auteur: Cert EU

Multiple vulnerabilities in Mozilla products (CERT-EU Security Advisory 2012-0134)

Several vulnerabilities have been detected in Mozilla products. Some of the ones reported below might already have been covered by previous CERT-EU advisories, but are mentioned for the sake of completeness. CVE-2012-5830, CVE-2012-5833,...
Auteur: Cert EU

Apache Tomcat Denial of Service & DIGEST authentication weaknesses (CERT-EU Security Advisory 2012-0133)

The Apache Tomcat security team issued new releases for Apache Tomcat to fix two security issues: Denial of Service for Tomcat 6.x and DIGEST authentication weaknesses for Tomcat 7.x and 5.5.x. CVE numbers: CVE-2012-2733, CVE-2012-3439
Auteur: Cert EU

HP Integrated Lights-Out iLO3 and iLO4, Remote Disclosure of Information [1] (CERT-EU Security Advisory 2012-0132)

A potential security vulnerability has been identified with HP Integrated Lights-Out iLO3 and iLO4. The vulnerability could be remotely exploited resulting in a disclosure of information. CVE number: CVE-2012-3271 CVSS Score: 9.3...
Auteur: Cert EU

Hotfix available for ColdFusion 10 for Windows [1] (CERT-EU Security Advisory 2012-0131)

Adobe has released a security hotfix for ColdFusion 10 Update 1 and above for Windows. This hotfix resolves a vulnerability affecting ColdFusion on Windows Internet Information Services (IIS), which could result in a Denial of Service condition....
Auteur: Cert EU

Security Updates Available for Adobe Flash Player [1] ( CERT-EU Security Advisory 2012-0130)

Adobe has released security updates for Adobe Flash Player 11.4.402.287 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.243 and earlier versions for Linux, Adobe Flash Player 11.1.115.20 and earlier versions for...
Auteur: Cert EU

VMware security updates for vSphere API and ESX Service Console (CERT-EU Security Advisory 2012-0129)

VMware has updated the vSphere API to address a denial of service vulnerability in ESX and ESXi. VMware has also updated the ESX Service Console to include several open source security updates. CVE-2012-5703, CVE-2012-1033, CVE-2012-1667,...
Auteur: Cert EU

VMware Hosted Products and OVF Tool address security issues (ERT-EU Security Advisory 2012-0128)

VMware Hosted products and OVFTool patches address several security issues. CVE-2012-5458, CVE-2012-5459 and CVE-2012-3569
Auteur: Cert EU

VMware vCenter Operations, CapacityIQ, and Movie Decoder security updates (CERT-EU Security Advisory 2012-0127)

VMware has provided an upgrade path for vCenter Operations and CapacityIQ and an update for Movie Decoder. These updates address multiple security vulnerabilities. CVE-2012-4897, CVE-2012-5050, CVE-2012-5051
Auteur: Cert EU

VMware vSphere and vCOps updates to third party libraries (CERT-EU Security Advisory 2012-0126)

VMware has updated several third party libraries in vSphere and vcOps to address multiple security vulnerabilities. CVE-2010-4180, CVE-2010-4252, CVE-2011-0014, CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619,...
Auteur: Cert EU

Microsoft Security Updates (CERT-EU Security Advisory 2012-0125)

CERT-EU has received notification from Microsoft on a number of new security updates which have been released on November 13, 2012. This advisory is intended to help you plan for the deployment of these security updates more effectively. Please...
Auteur: Cert EU

Oracle Critical Patch Update - October 2012 [1] (CERT-EU Security Advisory 2012-0124)

The Critical Patch Update for October 2012 [2] and The Oracle Java SE Critical Patch Update [3] for October 2012 were released. Oracle strongly recommends applying the patches as soon as possible. Please note that Sun products are included in...
Auteur: Cert EU

Multiple Updates on JBOSS Products [1] (CERT-EU Security Advisory 2012-0123)

1) An update for the JBoss Web Services component in JBoss Enterprise SOA Platform 5.3.0 that fixes one security issue is now available from the Red Hat Customer Portal. [1]
Auteur: Cert EU

Multiple Updates Available for CISCO Products [1,2,3] (CERT-EU Security Advisory 2012-0121)

CISCO has published multiple updates on their products that fix several vulnerabilities
Auteur: Cert EU

Denial of Service on Bind [1] (CERT-EU Security Advisory 2012-0122)

A nameserver can be locked up if it can be induced to load a specially crafted combination of resource records.
Auteur: Cert EU

Microsoft Security Updates (CERT-EU Security Advisory 2012-0120)

CERT-EU has received notification from Microsoft on a number of new security updates which have been released on the October 09, 2012.
Auteur: Cert EU

Security Updates Available for Adobe Flash Player (CERT-EU Security Advisory 2012-0119)

Adobe has released security updates for Adobe Flash Player 11.4.402.278 and earlier versions for Windows, Adobe Flash Player 11.4.402.265 and earlier versions for Macintosh, Adobe Flash Player 11.2.202.238 and earlier for versions for Linux,...
Auteur: Cert EU

Revocation of Adobe Code Signing Certificate (CERT-EU Security Advisory 2012-0118)

Adobe is investigating what appears to be the misuse of an Adobe code signing certificate. Adobe has revoked the certificate on October 4 for all software code signed after July 10, 2012 (00:00 GMT). Adobe has issued updates signed using a new...
Auteur: Cert EU

JBoss Enterprise Data Services Platform 5.3.0 update (CERT-EU Security Advisory 2012-0117)

JBoss Enterprise Data Services Platform 5.3.0 roll up patch 1, which fixes one security issue and various bugs, is now available from the Red Hat Customer Portal.
Auteur: Cert EU

JBoss Enterprise SOA Platform 4.2.0.CP05 and 4.3.0.CP05 update (CERT-EU Security Advisory 2012-0116)

An update for JBoss Enterprise SOA Platform 4.2.0.CP05 and 4.3.0.CP05 that fixes one security issue is now available from the Red Hat Customer Portal.
Auteur: Cert EU

Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10 (CERT-EU Security Advisory 2012-0115)

Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer 10 on all supported editions of Windows 8 and Windows Server 2012. The update addresses the vulnerabilities in Adobe Flash Player by updating the...
Auteur: Cert EU

UPDATED - Internet Explorer Zero-Day Exploits Available - MS12-063 (CERT-EU Security Advisory 2012-0114)

There appears to have been an exploit detected that affects fully patched versions of Microsoft Internet Explorer versions 6 through 9, and allows downloading and running arbitrary executables.
Auteur: Cert EU
First9101112131415161718Last

Événements SSI