Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Multiple vulnerabilities in JBoss Operations Network (CERT-EU Security Advisory 2012-0014)

Red Hat has released fixes to JBoss Operations Network (JBoss ON), a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. The Red Hat...
Auteur: Cert EU

CERT-EU Security Advisory 2012-0013 Denial of Service Vulnerability in Oracle WebLogic Server, Application Server (OC4J) and iPlanet Web Server (CERT-EU Security Advisory 2012-0013)

Oracle has released a security advisory about a denial of service vulnerability in Oracle WebLogic Server, Oracle Application Server (OC4J) and Oracle iPlanet Web Server due to hashing collisions. No authentication is required to exploit this...
Auteur: Cert EU

Multiple vulnerabilities in JBoss Web server (CERT-EU Security Advisory 2012-0012)

Red Hat has released fixes to JBoss Communications Platform and JBoss Web, the web container of JBoss Enterprise Application Platform. These vulnerabilities can allow remote attackers to access sensitive information or cause a denial of service.
Auteur: Cert EU

Multiple vulnerabilities in Apache HTTP server (CERT-EU Security Advisory 2012-0011)

The Apache Software Foundation has released a new version the Apache HTTP server that fixes multiple vulnerabilities. These vulnerabilities can allow remote attackers to access sensitive information, cause a denial of service or allow local users...
Auteur: Cert EU

Multiple vulnerabilities in VMware ESXi and ESX (CERT-EU Security Advisory 2012-0010)

VMware ESXi and ESX updates to third party library and ESX Service Console address several security issues
Auteur: Cert EU

Sudo format string vulnerability (CERT-EU Security Advisory 2012-0009)

A flaw exists in the debugging code in sudo versions 1.8.0 through 1.8.3p1 that can be used to crash sudo or potentially allow an unauthorized user to elevate privileges to root.
Auteur: Cert EU

Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability (CERT-EU Security Advisory 2012-0008)

Cisco IronPort Email Security Appliances (ESA) and Cisco IronPort Security Management Appliances (SMA) contain a vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code with elevated privileges
Auteur: Cert EU

Vulnerability in OpenSSL in DTLS applications (CERT-EU Security Advisory 2012-0006)

OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108.
Auteur: Cert EU

Adobe Acrobat and Reader U3D Memory Corruption Vulnerability (Security Advisory 2011-0026)

Adobe Acrobat and Reader are prone to a remote memory corruption vulnerability.
Auteur: Cert EU

Multiple vulnerabilities in .NET Framework including critical Elevation of Privilege flaw (CERT-EU Security Advisory 2011-0033)

Microsoft has released an out-of-band security update [1] that resolves one publicly disclosed vulnerability [2] and three privately reported vulnerabilities in Microsoft .NET Framework.
Auteur: Cert EU

Vulnerabilities in Cisco IP Video Phone E20 and Digital Media Manager (CERT-EU Security Advisory 2012-0005)

Cisco IP Video Phone E20 Default Root Account Cisco TelePresence Software version TE 4.1.0 contains a default account vulnerability that could allow an unauthenticated, remote attacker to take complete control of the affected device.
Auteur: Cert EU

Remote Security Vulnerability in Oracle Sun Solaris (CERT-EU Security Advisory 2012-0004)

Oracle Sun Solaris is prone to a remote security vulnerability. Fixes are available.
Auteur: Cert EU

Multiple vulnerabilities in Apache Tomcat (CERT-EU Security Advisory 2012-0003)

The Apache Tomcat security team disclosed two vulnerabilities in their product. Fixes are available. The vulnerabilities allow unauthorized disclosure of information and disruption of service.
Auteur: Cert EU

Multiple vulnerabilities in OpenSSL (CERT-EU Security Advisory 2012-0002)

The OpenSSL project disclosed various vulnerabilities in their product.
Auteur: Cert EU

Security updates available for Adobe Reader and Acrobat (CERT-EU Security Advisory 2012-0001).

These updates address critical vulnerabilities (CVE-2011-2462, CVE-2011-4369, CVE-2011-4370, CVE-2011-4371, CVE-2011-4372, CVE-2011-4373) in Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh, and Adobe Acrobat X (10.1.1) and...
Auteur: Cert EU

Multiple vulnerabilities on Mozilla Firefox / Thunderbird / SeaMonkey (CERT-EU Security Advisory 2011-0032)

Multiple vulnerabilities have been found in Mozilla Firefox / Thunderbird. A fix is available.
Auteur: Cert EU

Multiple vulnerabilities on JBoss Enterprise Portal Platform (CERT-EU Security Advisory 2011-0031)

Multiple vulnerabilities have been found in JBoss Enterprise Portal Platform. A patch is available.
Auteur: Cert EU

RSA SecurID Software Token DLL Loading Arbitrary Code Execution (CERT-EU Security Advisory 2011-0030)

RSA SecurID Software Token is prone to a vulnerability that lets attackers execute arbitrary code. This vulnerability may be exploited to load arbitrary libraries by tricking a user into opening a Software Token file located on a compromised or...
Auteur: Cert EU

Mozilla Firefox/Thunderbird/SeaMonkey information disclosure vulnerability (Security Advisory 2011-0028)

Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 are prone to an information disclosure vulnerability, exploitable by a remote attacker to obtain information from the browser history.[1] Updated versions are available.[3]
Auteur: Cert EU

Unspecified vulnerability in Adobe Flash Player 11.1.102.55 (Security Advisory 2011-0027)

Adobe Flash Player 11.1.102.55 on Windows and Mac OS X is prone to remote attacks by execution of arbitrary code via a crafted SWF file.
Auteur: Cert EU

JBoss Application Server Administrative Console Cross-Site Scripting (Security Advisory 2011-0025)

JBoss Application Server console is prone to a cross-site scripting vulnerability while handling DOM objects; fixes are available.
Auteur: Cert EU

JBoss AS Administration Cross Site Request Forgery Vulnerability (Security Advisory 2011-0024)

JBoss AS is prone to a cross-site request-forgery vulnerability; fixes are available.
Auteur: Cert EU

HP Printers and Digital Senders Remote Security Bypass Vulnerability (Security Advisory 2011-0023)

HP Printers and Digital Senders are prone to a security-bypass vulnerability leading to the installation of a malicious firmware
Auteur: Cert EU

Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability (CERT-EU Security Advisory 2011-0022)

Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability Apache HTTP Server is prone to a security-bypass vulnerability.
Auteur: Cert EU

Multiple Linux Kernel Vulnerabilities (CERT-EU Security Advisory 2011-0021)

Linux kernel is prone to multiple 'hardlink' stack-based buffer-overflow vulnerabilities and multiple integer-overflow vulnerabilities because of a failure to properly bounds check user-supplied input. Specifically, hardlink fails to properly...
Auteur: Cert EU
First11121314151617181920

Événements SSI