Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Critical Vulnerability in VMWare Products (CERT-EU Security Advisory 2020-015)

On the 12th of March 2020, VMWare released an advisory concerning three vulnerabilities in VMWare products. The most critical one (CVE-2020-3947) could be exploited by an attacker to execute code on a host system from a malicious or compromised...
Auteur: Cert EU

SMBv3 - Critical Remote Code Execution Vulnerability (CERT-EU Security Advisory 2020-014)

On the 10th of March 2020, Microsoft released a security advisory for a remote code execution vulnerability affecting Microsoft Server Message Block 3.1.1 (SMBv3) protocol. An "unauthenticated" attacker who successfully exploited the...
Auteur: Cert EU

Critical PPP Daemon Vulnerability (CERT-EU Security Advisory 2020-013)

A new dangerous (and 17 years old!) remote code execution vulnerability has been discovered by Ilja Van Sprundel from IOActive. It affects the PPP daemon ("pppd") software that comes installed on almost all Linux-based operating systems and...
Auteur: Cert EU

Cisco Webex Players Vulnerabilities (CERT-EU Security Advisory 2020-012)

High serverity vulnerabilities were patched in Cisco Webex video conferencing platform. In particular they affect Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows. If exploited, these could...
Auteur: Cert EU

Multiple XSS Vulnerabilities in Wordpress Plugins (CERT-EU Security Advisory 2020-011)

Several cross-site scripting (XSS) vulnerabilities were fond in popular WordPress plugins. Some of them could give attackers complete control of sites. It is to be mentioned that this year we have already observed other vulnerabilities in...
Auteur: Cert EU

Microsoft Exchange Server - Remote Code Execution Vulnerability (CERT-EU Security Advisory 2020-010)

Microsoft released a fix for a remote code execution vulnerability in Microsoft Exchange (CVE-2020-0688). The vulnerability exists because Exchange fails to create unique cryptographic keys at installation time, leading to all Exchange servers...
Auteur: Cert EU

Critical Vulnerability in ThemeGrill Demo Importer Wordpress Plugin (CERT-EU Security Advisory 2020-009)

A critical vulnerability affecting the ThemeGrill Demo Importer plugin has been identified. Theme Grill Demo Importer is a plugin that can be used to import ThemeGrill official themes demo content, widgets and theme settings. The plugin is...
Auteur: Cert EU

WordPress Profile Builder Plugin Critical Vulnerability (CERT-EU Security Advisory 2020-008)

A critical vulnerability affecting the WordPress Profile Builder Plugin has been identified. Profile Builder is a plugin designed to create custom forms that allow users to register, edit their profile, etc. The plugin is affected by a broken...
Auteur: Cert EU

Vulnerabilities in WordPress GDPR Cookie Consent Plugin (CERT-EU Security Advisory 2020-007)

Critical vulnerabilities affecting the WordPress GDPR Cookie Consent plugin have been identified. This plugin is used to make websites GDPR compliant. The vulnerability was reported by the security researcher Jerome Bruandet from NinTechNet. The...
Auteur: Cert EU

Internet Explorer Zero-Day Vulnerability (CERT-EU Security Advisory 2020-006)

Microsoft released an advisory notifying about a remote code execution (RCE) vulnerability existing in the scripting engine of Internet Explorer (IE). The vulnerability allows an attacker to corrupt the memory of the IE and execute code with the...
Auteur: Cert EU

Critical Vulnerabilities in WordPress Plugins (CERT-EU Security Advisory 2020-005)

Critical vulnerabilities that are affecting two WordPress plugins have been identified. The vulnerabilities affect InfiniteWP Client and the WP Time Capsule plugins and allow a remote attacker to login into an administrator account without password.
Auteur: Cert EU

Critical Vulnerabilities in Multiple Oracle Products (CERT-EU Security Advisory 2020-004)

Oracle has published an advisory about hundreds of critical vulnerabilities that are affecting several of its products. Many of the vulnerabilities can be remotely exploited without authentication and without user interaction. Expedient patching...
Auteur: Cert EU

Critical Vulnerabilities in Microsoft Windows (CERT-EU Security Advisory 2020-003)

Several critical vulnerabilities affecting Microsoft Windows were patched on 14th of January 2020, as part of the regular patch Tuesday. Some the vulnerabilities are quite critical, so it is extremely important to apply the patches as soon as...
Auteur: Cert EU

Critical Vulnerability in Citrix Products (CERT-EU Security Advisory 2020-002)

A critical vulnerability affecting Citrix products has been been disclosed in December 2019. The vulnerability, identified as CVE-2019-19781, could allow an attacker to get access to the internal network without requiring authentication. Numerous...
Auteur: Cert EU

Critical Vulnerability in Mozilla Firefox (CERT-EU Security Advisory 2020-001)

A critical vulnerability affecting Mozilla Firefox has been been disclosed. The vulnerability identified as CVE-2019-17026 allows attackers to write to and read from memory locations that are off-limits, and could lead to information disclosures,...
Auteur: Cert EU

Detecting and Preventing Emotet 2019 Campaign (CERT-EU Security Advisory 2019-021)

Since beginning of June 2019, the Emotet botnet stopped sending phishing emails to infect new victims. However, on August 22nd, 2019, the known Command-and-Control (CnC) servers started responding again. Since September 16th, 2019, CERT-EU has...
Auteur: Cert EU

Simjacker Vulnerability Impacting up to 1 Billion Phone Users (CERT-EU Security Advisory 2019-020)

AdaptiveMobile Security have uncovered a new and previously undetected vulnerability and associated exploits, called Simjacker. This vulnerability is currently being actively exploited. The main Simjacker attack involves an SMS containing a...
Auteur: Cert EU

Critical Exim TLS Vulnerability (CERT-EU Security Advisory 2019-019)

Exim Mail Transfer Agent (MTA) servers are exposed to a security vulnerability, which can grant attackers the ability to run malicious code with root privileges. This vulnerability has been assigned the number CVE-2019-15846. The vulnerability is...
Auteur: Cert EU

Cisco Critical Vulnerability Affecting IOS XE Software (CERT-EU Security Advisory 2019-018)

A major vulnerability affecting CISCO IOS XE operating system has been disclosed. The vulnerability identified as CVE-2019-12643 allows a remote user to bypass authentication and gain full control of the device that is running an outdated version...
Auteur: Cert EU

Vulnerabilities in Popular VPNs (CERT-EU Security Advisory 2019-017)

Several vulnerabilities impacting popular VPNs (by Palo Alto, Pulse Security, and Fortinet) have been recently seen being exploited in the wild. In most severe case, the vulnerabilities allow for remote code execution. Although the...
Auteur: Cert EU

Several Vulnerabilities in JQuery (CERT-EU Security Advisory 2019-016)

A popular JavaScript framework jQuery has multiple cross-site scripting vulnerabilities. While they are not critical, due to large popularity of jQuery they may be used in many various ways, and hence it is strongly advisable to upgrade jQuery to...
Auteur: Cert EU

CSRF Vulnerability in Cisco IOS XE Software Web UI (CERT-EU Security Advisory 2019-015)

A Cross-Site Request Forgery (CSRF) vulnerability in the web user interface (web UI) of CISCO IOS XE Software was discovered. In some CISCO products, the web UI has insufficient CSRF protection. An attacker can potentially perform a CSRF...
Auteur: Cert EU

Critical Vulnerabilities in Microsoft NTLM (CERT-EU Security Advisory 2019-014)

Two critical Microsoft vulnerabilities were discovered by the research team Preempt. The vulnerabilities consist of three logical flaws in NTLM (NT Lan Manager). The vulnerabilities allow an attacker to potentially execute malicious code remotely...
Auteur: Cert EU

Remote Desktop Services -- Remote Code Execution Vulnerability (CERT-EU Security Advisory 2019-013)

Microsoft released fixes for a critical Remote Code Execution vulnerability (CVE-2019-0708) in Remote Desktop Services that affects some older versions of Windows. The Remote Desktop Protocol (RDP) itself is not vulnerable. This vulnerability is...
Auteur: Cert EU

Thrangrycat – Critical Vulnerability Affecting Most Cisco Devices (CERT-EU Security Advisory 2019-012)

Cisco Secure Boot helps to ensure that the code that executes on Cisco hardware platforms is authentic and unmodified. The Cisco Secure Boot Hardware Tampering vulnerability (CVE-2019-1649) could allow an authenticated, local attacker to write a...
Auteur: Cert EU
12345678910Last

Événements SSI