Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

OpenSSL Security Advisory - Invalid TLS/DTLS record attack(CERT-EU Security Advisory 2012-0064)

A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1, 1.2 and DTLS can be exploited in a denial of service attack or arbitrary code execution on both clients and servers.[1,3]
Auteur: Cert EU

Multiple vulnerabilities in Adobe Shockwave Player (CERT-EU Security Advisory 2012-0063)

Adobe released a security update for Adobe Shockwave Player 11.6.4.634 and earlier versions for Windows and Macintosh. This update addresses vulnerabilities (memory corruption) that could allow an attacker who successfully exploits these...
Auteur: Cert EU

Microsft Security Updates (CERT-EU Security Advisory 2012-0062)

CERT-EU has received notification from Microsoft on a number of new security updates which have been released on the 8 May 2012.
Auteur: Cert EU

Remote code-execution vulnerability in Adobe Flash Player (CERT-EU Security Advisory 2012-0061)

Adobe released security updates for Adobe Flash Player. These updates address an object confusion vulnerability (CVE-2012-0779)[2] that could cause the application to crash and potentially allow an attacker to take control of the affected system.
Auteur: Cert EU

PHP Remote-Code Execution Vulnerability in Certain CGI-based Setups [1,2] (CERT-EU Security Advisory 2012-0060)

There is a vulnerability in certain CGI-based setups that has gone unnoticed for at least 8 years (!) [1,2]. Some systems support a method for supplying an array of strings to the CGI script. This is only used in the case of an 'indexed' query.
Auteur: Cert EU

Unpatched vulnerability in TNS Listener service on Oracle-UPDATED (CERT-EU Security Advisory 2012-0058)

The bug, which Oracle reported as fixed in the most recent Critical Patch Update [2,5], is only fixed in upcoming versions of the database, not in currently shipping releases, and there is publicly available proof-of-concept exploit code...
Auteur: Cert EU

Vulnerability in the Oracle Grid Engine component of Oracle Sun Products Suite (CERT-EU Security Advisory 2012-0059)

Two critical vulnerabilities have been identified in the Oracle Grid Engine component of Oracle Sun Products Suite
Auteur: Cert EU

VMware ESX updates to ESX Service Console (CERT-EU Security Advisory 2012-0057)

======= VMware has released a patch to the ESX Service Console Operating System (COS) kernel which addresses several security issues in the COS kernel. The ESX Console Operating System (COS) libxml2 rpms are updated to the following versions...
Auteur: Cert EU

OpenSSL Security Advisory - ASN1 BIO vulnerability (CERT-EU Security Advisory 2012-0056)

A potentially exploitable vulnerability has been discovered in the OpenSSL function asn1_d2i_read_bio. Incorrect integer conversions in OpenSSL can result in memory corruption.
Auteur: Cert EU

Oracle Critical Patch Update - April 2012 (CERT-EU Security Advisory 2012-0055)

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. The Critical Patch Update for Java SE also includes non-security fixes. Critical Patch Updates are cumulative and each advisory describes only the security...
Auteur: Cert EU

Privilege escalation vulnerability in VMWare products (CERT-EU Security Advisory 2012-0054)

VMware has release a patch to fix a privilege escalation issue in the hosted products and ESXi/ESX. The vulnerability may lead to unauthorised access in the targeted Virtual Machines (guest) or cause a denial of service.
Auteur: Cert EU

Remote code execution in Samba(CERT-EU Security Advisory 2012-0053)

Samba versions 3.6.3 and all versions previous to this are affected by a vulnerability that allows remote code execution as the "root" user from an anonymous connection.
Auteur: Cert EU

Multiple vulnerabilities in Adobe Reader and Acrobat (CERT-EU Security Advisory 2012-0052)

Adobe has released a patch for several vulnerabilities found in the Adobe Reader and Acrobat product. These vulnerabilities may lead to unauthorised access to the targeted system or cause a denial of service (memory corruption). The vendor has...
Auteur: Cert EU

Microsft Security Updates (CERT-EU Security Advisory 2012-0051)

CERT-EU has received notification from Microsoft on a number of new security updates which have been released on the 10 April 2012.
Auteur: Cert EU

Buffer Overflow Vulnerabilities in the Cisco WebEx Player (CERT-EU Security Advisory 2012-0050)

The Cisco WebEx Recording Format (WRF) player contains three buffer overflow vulnerabilities. Successful exploitation of the vulnerabilities could cause the Cisco WRF player application to crash and, in some cases, allow a remote attacker to...
Auteur: Cert EU

Title: JBoss Enterprise BRMS Platform 5.2.0 update (CERT-EU Security Advisory 2012-0049)

JBoss Enterprise BRMS Platform 5.2.0 roll up patch 1, which fixes two security issues, various bugs:
Auteur: Cert EU

Memory corruption vulnerability in libpng (CERT-EU Security Advisory 2012-0048)

libpng through 1.5.9, 1.4.10, 1.2.48, and 1.0.58 are vulnerable to memory corruption that can lead to remote arbitrary code execution and denial of service. This vulnerability impacts Linux, Windows and Mac OS platforms.
Auteur: Cert EU

Multiple vulnerabilities in VMWare ESX [1](CERT-EU Security Advisory 2012-0047)

VMware ESXi and ESX address several security issues: - - VMware ROM Overwrite Privilege Escalation - - ESX third party update for Service Console kernel - - ESX third party update for Service Console krb5 RPM These vulnerabilities may lead to...
Auteur: Cert EU

Multiple vulnerabilities in Adobe Flash Player (CERT-EU Security Advisory 2012-0046)

Adobe has released a patch for two vulnerabilities found in the Flash Player product. This update resolves: - - a memory corruption vulnerability related to URL security domain checking that could lead to code execution (ActiveX, Windows 7 or...
Auteur: Cert EU

JBOSS Security Updates (CERT-EU Security Advisory 2012-0045)

An update for JBoss Operations Network 2.4.2 that fixes one security issue is now available from the Red Hat Customer Portal.
Auteur: Cert EU

Multiple vulnerabilities in Mozilla Thunderbird and Firefox (CERT-EU Security Advisory 2012-0044)

Several vulnerabilities have been detected in Mozilla products; some of these have been covered by previous CERT-EU advisories already, but are mentioned here again for the sake of completeness.
Auteur: Cert EU

VMware issues Security Advisories & Certifications (Reference: CERT-EU Security Advisory 2012-0043)

VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, ESXi and ESX address several security issues.
Auteur: Cert EU

VMware View privilege escalation and cross-site scripting (Reference: CERT-EU Security Advisory 2012-0042)

a. VMware Virtual Desktop Display Driver Privilege Escalation. Exploitation of these issues may lead to local privilege escalation on View virtual desktops. b. View Manager Portal Cross-site Scripting. The attacker can trigger this vulnerability...
Auteur: Cert EU

Multiple Vulnerabilities in Cisco ASA 5500 S and Cisco Catalyst 6500 (CERT-EU Security Advisory 2012-0041)

The Cisco AnyConnect ActiveX control contains a buffer overflow vulnerability, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Auteur: Cert EU

Denial of Service Vulnerability in Cisco Firewall (CERT-EU Security Advisory 2012-0040)

When multicast routing is enabled, these devices allow remote attackers to cause a denial of service (device reload) via a crafted IPv4 PIM message, aka Bug IDs CSCtr47517 and CSCtu97367.
Auteur: Cert EU
First11121314151617181920

Événements SSI