Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Security update available for Bind 9 (CERT-EU Security Advisor 2012-0113)

If a record with RDATA in excess of 65535 bytes is loaded into a nameserver, a subsequent query for that record will cause named to exit with an assertion failure.
Auteur: Cert EU

Microsoft Security Updates (CERT-EU Security Advisory 2012-0112)

CERT-EU has received notification from Microsoft on a number of new security updates which have been released on the 12 September 2012.
Auteur: Cert EU

Microsoft Security Updates - Advance Notification (CERT-EU Security Advisory 2012-0111)

ERT-EU has received advance notification from Microsoft on a number of new security updates which are planned for release on September 11, 2012.
Auteur: Cert EU

UPDATED - Oracle Java Runtime Environment Remote Code Execution Vulnerability. Fix is available from Oracle (CERT-EU Security Advisory 2012-0110)

Oracle Java Runtime Environment (JRE) is prone to a remote code execution vulnerability.
Auteur: Cert EU

Apache 'mod-rpaf' Module Denial of Service Vulnerability (CERT-EU Security Advisory 2012-0109)

The Apache 'mod-rpaf' module is prone to a denial-of-service vulnerability.
Auteur: Cert EU

Security update available for Adobe Flash Player (CERT-EU Security Advisory 2012-0108)

Adobe has released security updates for Adobe Flash Player 11.3.300.271 and earlier versions for Windows, Macintosh and Linux, Adobe Flash Player 11.1.115.11 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.10 and earlier...
Auteur: Cert EU

Microsoft Excel 'MergeCells' Record Heap Overflow Remote Code Execution Vulnerability (CERT-EU Security Advisory 2012-0107)

Microsoft Excel is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel ('.xls') file. Successful exploits can allow attackers to execute arbitrary...
Auteur: Cert EU

UPDATED - Microsoft Security Advisory 2737111 Released on July 24, 2012 (CERT-EU Security Advisory 2012-0087)

Vulnerabilities in Microsoft Exchange and FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution.
Auteur: Cert EU

Microsoft has released Security Advisory 2743314 - Unencapsulated MS-CHAP v2 Could Allow Information Disclosure (CERT-EU Security Advisory 2012-0106 )

Microsoft is aware that detailed exploit code has been published for known weaknesses in the Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2). The MS-CHAP v2 protocol is widely used as an authentication method in...
Auteur: Cert EU

Cisco IOS XR Software Route Processor DoS Vulnerability (CERT-EU Security Advisory 2012-0105)

Cisco IOS XR Software is prone to a denial-of-service vulnerability.An attacker can exploit this issue to cause the route processor on an affected device to stop transmitting packets from the route processor CPU to the fabric, resulting in a...
Auteur: Cert EU

Multiple Cisco Nexus Devices Remote Denial of Service Vulnerability (CERT-EU Security Advisory 2012-0104)

Multiple Cisco Nexus devices are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the device to crash, denying service to legitimate users.
Auteur: Cert EU

CSRF vulnerability in JMX console as shipped with JBoss EAP 5.1.1 (CERT-EU Security Advisory 2012-0103)

The JMX console as shipped with JBoss EAP 5.1.1 is vulnerable to cross-site request forgery (CSRF) attacks. This vulnerability allows an attacker to invoke operations on mbeans via the JMX console.
Auteur: Cert EU

IBM WebSphere MQ File Transfer Edition Web Gateway insufficient access control (CERT-EU Security Advisory 2012-0102)

When using the web gateway, an authenticated user is able to access other users' files without further access control if the URL of the file is known. The URL for a file contains non guessable elements.
Auteur: Cert EU

Security update available for Adobe Shockwave Player (CERT-EU Security Advisory 2012-0101)

Adobe has released an update for Adobe Shockwave Player 11.6.5.635 and earlier versions on the Windows and Macintosh operating systems. This update addresses vulnerabilities that could allow an attacker, who successfully exploits these...
Auteur: Cert EU

Security update available for Adobe Flash Player (CERT-EU Security Advisory 2012-0100)

Adobe has released security updates for Adobe Flash Player 11.3.300.270 and earlier versions for Windows, Macintosh and Linux. These updates address a vulnerability (CVE-2012-1535) that could cause the application to crash and potentially allow...
Auteur: Cert EU

Security update available for Adobe Reader and Acrobat (CERT-EU Security Advisory 2012-0099)

Adobe has released security updates for Adobe Reader and Acrobat X (10.1.3) and earlier versions for Windows and Macintosh. These updates address vulnerabilities in the software that could cause the application to crash and potentially allow an...
Auteur: Cert EU

Microsoft Security Updates (CERT-EU Security Advisory 2012-0098)

CERT-EU has received notification from Microsoft on a number of new security updates which have been released on the 14 August 2012.
Auteur: Cert EU

JBoss Enterprise SOA Platform 5.3.0 security update (CERT-EU Security Advisory 2012-0097)

An update for the JMX Console in JBoss Enterprise SOA Platform 5.3.0 that fixes one security issue is now available from the Red Hat Customer Portal.
Auteur: Cert EU

Oracle Security Alert for CVE-2012-3132 (CERT-EU Security Advisory 2012-0096)

This security alert addresses the security issue CVE-2012-3132, the Privilege Escalation vulnerability in the Oracle Database Server that was recently disclosed at the Black Hat USA 2012 Briefings held in July 2012 involving INDEXTYPE CTXSYS.CONTEXT.
Auteur: Cert EU

Microsoft Security Updates - Advance Notification (CERT-EU Security Advisory 2012-0095)

CERT-EU has received advance notification from Microsoft on a number of new security updates which are planned for release on August 14, 2012.
Auteur: Cert EU

Linux kernel netfilter: null pointer dereference in nf_ct_frag6_reasm (CERT-EU Security Advisory 2012-0094)

The Linux kernel is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause a kernel crash, denying service to legitimate users.
Auteur: Cert EU

Cisco IOS SSH2 Sessions Remote Denial of Service Vulnerability (CERT-EU Security Advisory 2012-0093)

Cisco IOS is prone to a remote denial-of-service vulnerability. Successfully exploiting this issue allows remote attackers to crash the affected device, denying service to legitimate users.
Auteur: Cert EU

Cisco ASA 5500 Series Denial of Service Vulnerability (CERT-EU Security Advisory 2012-0092)

The Cisco Adaptive Security Appliance (ASA) 5500 Series is prone to a remote denial-of-service vulnerability. Successful exploits may allow an attacker to cause excessive memory consumption, resulting in a denial-of-service condition.
Auteur: Cert EU

Microsoft Internet Explorer Col Element Remote Code Execution Vulnerability (CERT-EU Security Advisory 2012-0091)

Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions.
Auteur: Cert EU

Denial of Service vulnerability in ISC BIND (CERT-EU Security Advisory 2012-0090)

Some versions of ISC BIND 9, when DNSSEC validation is enabled, do not properly initialize the failing-query cache, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) by sending many queries.
Auteur: Cert EU
First10111213141516171819Last

Événements SSI