Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module (CERT-EU Security Advisory 2012-0039)

These issues allow remote attackers to cause a denial of service (device reload) via a crafted series of (1) IPv4 or (2) IPv6 UDP packets, aka Bug ID CSCtq10441.
Auteur: Cert EU

Mozilla Firefox/Thunderbird/Seamonkey are prone to a Memory Corruption Vulnerability (CERT-EU Security Advisory 2012-0038)

Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. Multiple unspecified vulnerabilities in the...
Auteur: Cert EU

MMozilla Firefox/Thunderbird/SeaMonkey are prone to an Information Disclosure Vulnerability (CERT-EU Security Advisory 2012-0037)

An attacker can exploit this issue to disclose certain data from the user's memory. Information obtained may aid in further attacks.
Auteur: Cert EU

Microsoft Security Updates (CERT-EU Security Advisory 2012-0036)

CERT-EU has received notification from Microsoft on a number of new security updates which have been released on the 13 March 2012.
Auteur: Cert EU

JBOSS Security Updates (CERT-EU Security Advisory 2012-0035)

JBoss Enterprise SOA Platform 5.2.0 roll up patch 1, which fixes one security issue and various bugs, is now available from the Red Hat Customer Portal.
Auteur: Cert EU

OpenSSL Security Update (CERT-EU Security Advisory 2012-0034)

OpenSSL has issued a security update for the CMS and S/MIME Bleichenbacher attack (CVE-2012-0884).
Auteur: Cert EU

VMware ESXi and ESX updates to third party libraries and ESX Service Console (CERT-EU Security Advisory 2012-0033)

VMware VirtualCenter Update 6b and ESX 3.5 patch update JRE.
Auteur: Cert EU

VMware vCenter Chargeback Manager Information Leak and Denial of Service (CERT-EU Security Advisory 2012-0032)

The vCenter Chargeback Manager contains a vulnerability that allows information leakage and denial-of-service.
Auteur: Cert EU

Adobe Flash Player - Multiple Vulnarabilities (CERT-EU Security Advisory 2012-0019:Update 1)

Critical vulnerabilities have been identified in Adobe Flash Player 11.1.102.55 and earlier versions for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 11.1.112.61 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.5...
Auteur: Cert EU

RSA SecurID Software Token Converter buffer overflow vulnerability (CERT-EU Security Advisory 2012-0031)

CVE-2012-0397 Buffer overflow in EMC RSA SecurID Software Token Converter before 2.6.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors.[1][2]
Auteur: Cert EU

Vulnerabilities in Adobe Flash Player (CERT-EU Security Advisory 2012-0030)

CVE-2012-0768 and CVE-2012-0769. This vulnerability is currently undergoing analysis and not all information is available. Adobe has rated this incident as Priority 2 Critical.
Auteur: Cert EU

Kelihos Botnet is Back and Active (CERT-EU Security Advisory 2012-0029)

In September 2011, Microsoft announced the takedown of the Kelihos botnet [1]. In the beginning of 2012, Kaspersky found a new version of Kelihos in the wild [2]. Kelihos (also know as Hlux) is a Spambot with the capability to steal credentials...
Auteur: Cert EU

Cisco TelePresence Video Communication Server Session Initiation Protocol Denial of Service Vulnerabilities (CERT-EU Security Advisory 2012-0028)

CVSS Base Scores CVE-2012-0330: Error while processing malformed SIP message CVSS v2 Base Score: 7.8 (HIGH) (AV:N/AC:L/Au:N/C:N/I:N/A:C) [3])
Auteur: Cert EU

Multiple Vulnerabilities in Cisco Unity Connection (CERT-EU Security Advisory 2012-0027)

CVSS Base Scores CVE-2012-0366: Privilege Escalation Vulnerability CVSS v2 Base Score: 9.0 (CRITICAL) (AV:N/AC:L/Au:S/C:C/I:C/A:C) [3])
Auteur: Cert EU

Unified Communications Manager Skinny Client Control Protocol Vulnerabilities (CERT-EU Security Advisory 2012-0026)

CVSS Base Scores CVE-2011-4486: SCCP Registration may Cause Reload CVSS v2 Base Score: 7.8 (HIGH) (AV:N/AC:L/Au:N/C:N/I:N/A:C) [3])
Auteur: Cert EU

Multiple Vulnerabilities in Cisco Wireless LAN Controllers (CERT-EU Security Advisory 2012-0025)

CVSS Base Scores CVE-2012-0368: HTTP Denial of Service Vulnerability CVSS v2 Base Score: 7.8 (HIGH) (AV:N/AC:L/Au:N/C:N/I:N/A:C) [3])
Auteur: Cert EU

Cisco Cius Denial of Service Vulnerability (CERT-EU Security Advisory 2012-0024)

Cisco Cius Software contains a denial of service vulnerability that could cause the device to stop responding (DoS).
Auteur: Cert EU

Remote code execution vulnerability in smbd ( CERT-EU Security Advisory 2012-0023)

An input validation flaw in Samba could allow a remote attacker to execute arbitrary code with the privileges of the Samba server (root). CVE-2012-0870
Auteur: Cert EU

Cisco Small Business SRP 500 Series Multiple Vulnerabilities ( CERT-EU Security Advisory 2012-0022)

Several vulnerabilities have been fixed in Cisco Small Business (SRP 500) Series Services Ready Platforms.
Auteur: Cert EU

Linux Kernel NFS Implementation. Local Denial of Service Vulnerability (CERT-EU Security Advisory 2012-0021)

The NFS implementation in the Linux kernel is prone to a local denial-of-service vulnerability due to null-pointer dereference error. CVE-2011-4325
Auteur: Cert EU

Cisco NX-OS Malformed IP Packet Denial of Service Vulnerability (CERT-EU Security Advisory 2012-0020)

Cisco NX-OS Software is affected by a denial of service (DoS) vulnerability that could cause Cisco Nexus 1000v, 5000, and 7000 Series Switches that are running affected versions of Cisco NX-OS Software to reload when the IP stack processes a...
Auteur: Cert EU

Adobe Flash Player - Multiple Vulnarabilities (CERT-EU Security Advisory 2012-0019)

Critical vulnerabilities have been identified in Adobe Flash Player 11.1.102.55 and earlier versions for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 11.1.112.61 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.5...
Auteur: Cert EU

Oracle Java SE Critical Patch Update (CERT-EU Security Advisory 2012-0018)

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. The Critical Patch Update for Java SE also includes non-security fixes. Critical Patch Updates are cumulative and each advisory describes only the security...
Auteur: Cert EU

Adobe Shockwave Player - remote code execution vulnerability (CERT-EU Security Advisory 2012-0017)

Adobe reported vulnerabilities in their Shockwave Players that could allow an attacker to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.6.3.633 and earlier versions to update to Adobe Shockwave...
Auteur: Cert EU

PHP5 Arbitrary Remote Code Execution Vulnerability (CERT-EU Security Advisory 2012-0015)

The PHP development team announced the immediate availability of PHP 5.3.10. This release delivers a critical security fix. This release fixes the arbitrary remote code execution vulnerability CVE-2012-0830.
Auteur: Cert EU
First11121314151617181920

Événements SSI