Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Linux Kernel - Remote Denial of Service Vulnerability (CERT-EU Security Advisory 2011-0019)

The Linux kernel is prone to a remote denial-of-service vulnerability. Specifically, this issue occurs when using certain network drivers for handling VLAN 0 frames with the priority tag set. Attackers can remotely exploit this issue by sending...
Auteur: Cert EU

Linux Kernel - Remote Denial of Service Vulnerability (CERT-EU Security Advisory 2011-0018)

The Linux kernel is prone to a remote denial-of-service vulnerability. To exploit this issue, attackers can use readily available network utilities.
Auteur: Cert EU

Microsoft Windows Kernel Remote Code Execution Vulnerability (CERT-EU Security Advisory 2011-0017)

Microsoft Windows is prone to a remote code-execution vulnerability. A commercial exploit is available for CORE IMPACT; urgency raised.
Auteur: Cert EU

Oracle Java Remote Java Runtime Environment (CERT-EU Security Advisory 2011-0016)

Oracle Java SE is prone to a remote vulnerability in Java Runtime Environment. A commercial exploit is available through VUPEN Security; urgency raised.
Auteur: Cert EU

ISC BIND 9 Recursive Queries Remote DoS (CERT-EU Security Advisory 2011-0015)

ISC BIND is prone to a remote denial-of-service vulnerability
Auteur: Cert EU

Adobe Acrobat and Reader - Multiple Vulnarabilities (CERT-EU Security Advisory 2011-0014)

Critical vulnerabilities have been identified in Adobe Acrobat and Reader.
Auteur: Cert EU

Oracle Java SE Rhino Script Engine Remote Code Execution Vulnerability (CERT-EU Security Advisory 2011-0013)

Oracle Java SE Rhino Script Engine Remote Code Execution Vulnerability (CERT-EU Security Advisory 2011-0013)
Auteur: Cert EU

Adobe Flash Player - Multiple Vulnerabilities (CERT-EU Security Advisory 2011-0012)

Critical vulnerabilities have been identified in Adobe Flash Player 11.0.1.152 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 11.0.1.153 and earlier versions for Android. [1]
Auteur: Cert EU

Mozilla Firefox and Thunderbird 'loadSubScript()' Security Bypass (CERT-EU Security Advisory 2011-0011)

Mozilla Firefox and Thunderbird are prone to a security-bypass vulnerability [1]. This issue occurs because installed add-ons fail to properly use 'XPCNativeWrappers' in the 'loadSubScript()' function.
Auteur: Cert EU

Mozilla Firefox and Thunderbird Shift-JIS Encoding HTML Injection Vulnerability (CERT-EU Security Advisory 2011-0010)

Mozilla Firefox and Thunderbird are prone to an HTML-injection vulnerability CVE-2011-3648(Candidate) Exploits are available. Fixes are available.
Auteur: Cert EU

Multiple vulnerabilities on Adobe Shockwave Player (CERT-EU Security Advisory 2011-0009)

Adobe Shockwave Player is prone to several memory corruption vulnerabilities [1] leading to arbitrary code execution.
Auteur: Cert EU

Oracle Database Server PITRIG_DROPMETADATA Remote Buffer Overflow Vulnerability (CERT-EU Security Advisory 2011-0008)

Oracle is prone to a buffer-overflow discovered in 2007 which remains unpatched [1][2]. An exploit code has become available [3] which raises the criticality of the advisory.
Auteur: Cert EU

Potential DoS threat against SSL/TLS servers (CERT-EU Security Advisory 2011-0007)

A hacker group has released a tool [1] that can perform denial of service attacks against SSL based servers. The released tool exploits a flaw in the SSL secure renegotiation feature. The attack requires very low resources at the client side, a...
Auteur: Cert EU

Vulnerability on Apache HTTP server with mod_proxy exposes internal networks (CERT-EU Security Advisory 2011-0006)

A vulnerability [1] has been released on the Apache HTTP server in reverse-proxy mode. The vulnerability impacts httpd 1.3 all versions and httpd 2.x all versions using the mod_proxy with certain configuration of RewriteRule or ProxyPassMatch....
Auteur: Cert EU

Background information about the recent "BEAST attack on SSL / TLS" (CERT-EU Security Advisory 2011-0005)

Two security researchers demonstrated[1] an attack against encrypted SSL and TLS "cookies", which sometimes store credentials (for example, Google or Facebook) to keep a user logged in. The attack received a lot of media attention. This advisory...
Auteur: Cert EU

Adobe emergency patch for multiple Flash Player vulnerabilities (CERT-EU Security Advisory 2011-0004)

Adobe announced[1] the availability of a patch for multiple critical vulnerabilities found in Flash Player. Click for further details.
Auteur: Cert EU

Oracle emergency patch for Apache HTTPD DoS vulnerability (CERT-EU Security Advisory 2011-0003)

Oracle announced[1] the availability of a patch for a denial of service vulnerability in Apache HTTPD. Click for further details.
Auteur: Cert EU
First11121314151617181920

Événements SSI