Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

IBM Lotus Mobile Connect - Cross Site Scripting Vulnerability 9 (CERT-EU Security Advisory 2011-0020)

IBM Lotus Mobile Connect is prone to a cross-site scripting vulnerability. Fixes are available. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This...
Auteur: Cert EU

Linux Kernel - Remote Denial of Service Vulnerability (CERT-EU Security Advisory 2011-0019)

The Linux kernel is prone to a remote denial-of-service vulnerability. Specifically, this issue occurs when using certain network drivers for handling VLAN 0 frames with the priority tag set. Attackers can remotely exploit this issue by sending...
Auteur: Cert EU

Linux Kernel - Remote Denial of Service Vulnerability (CERT-EU Security Advisory 2011-0018)

The Linux kernel is prone to a remote denial-of-service vulnerability. To exploit this issue, attackers can use readily available network utilities.
Auteur: Cert EU

Microsoft Windows Kernel Remote Code Execution Vulnerability (CERT-EU Security Advisory 2011-0017)

Microsoft Windows is prone to a remote code-execution vulnerability. A commercial exploit is available for CORE IMPACT; urgency raised.
Auteur: Cert EU

Oracle Java Remote Java Runtime Environment (CERT-EU Security Advisory 2011-0016)

Oracle Java SE is prone to a remote vulnerability in Java Runtime Environment. A commercial exploit is available through VUPEN Security; urgency raised.
Auteur: Cert EU

ISC BIND 9 Recursive Queries Remote DoS (CERT-EU Security Advisory 2011-0015)

ISC BIND is prone to a remote denial-of-service vulnerability
Auteur: Cert EU

Adobe Acrobat and Reader - Multiple Vulnarabilities (CERT-EU Security Advisory 2011-0014)

Critical vulnerabilities have been identified in Adobe Acrobat and Reader.
Auteur: Cert EU

Oracle Java SE Rhino Script Engine Remote Code Execution Vulnerability (CERT-EU Security Advisory 2011-0013)

Oracle Java SE Rhino Script Engine Remote Code Execution Vulnerability (CERT-EU Security Advisory 2011-0013)
Auteur: Cert EU

Adobe Flash Player - Multiple Vulnerabilities (CERT-EU Security Advisory 2011-0012)

Critical vulnerabilities have been identified in Adobe Flash Player 11.0.1.152 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 11.0.1.153 and earlier versions for Android. [1]
Auteur: Cert EU

Mozilla Firefox and Thunderbird 'loadSubScript()' Security Bypass (CERT-EU Security Advisory 2011-0011)

Mozilla Firefox and Thunderbird are prone to a security-bypass vulnerability [1]. This issue occurs because installed add-ons fail to properly use 'XPCNativeWrappers' in the 'loadSubScript()' function.
Auteur: Cert EU

Mozilla Firefox and Thunderbird Shift-JIS Encoding HTML Injection Vulnerability (CERT-EU Security Advisory 2011-0010)

Mozilla Firefox and Thunderbird are prone to an HTML-injection vulnerability CVE-2011-3648(Candidate) Exploits are available. Fixes are available.
Auteur: Cert EU

Multiple vulnerabilities on Adobe Shockwave Player (CERT-EU Security Advisory 2011-0009)

Adobe Shockwave Player is prone to several memory corruption vulnerabilities [1] leading to arbitrary code execution.
Auteur: Cert EU

Oracle Database Server PITRIG_DROPMETADATA Remote Buffer Overflow Vulnerability (CERT-EU Security Advisory 2011-0008)

Oracle is prone to a buffer-overflow discovered in 2007 which remains unpatched [1][2]. An exploit code has become available [3] which raises the criticality of the advisory.
Auteur: Cert EU

Potential DoS threat against SSL/TLS servers (CERT-EU Security Advisory 2011-0007)

A hacker group has released a tool [1] that can perform denial of service attacks against SSL based servers. The released tool exploits a flaw in the SSL secure renegotiation feature. The attack requires very low resources at the client side, a...
Auteur: Cert EU

Vulnerability on Apache HTTP server with mod_proxy exposes internal networks (CERT-EU Security Advisory 2011-0006)

A vulnerability [1] has been released on the Apache HTTP server in reverse-proxy mode. The vulnerability impacts httpd 1.3 all versions and httpd 2.x all versions using the mod_proxy with certain configuration of RewriteRule or ProxyPassMatch....
Auteur: Cert EU

Background information about the recent "BEAST attack on SSL / TLS" (CERT-EU Security Advisory 2011-0005)

Two security researchers demonstrated[1] an attack against encrypted SSL and TLS "cookies", which sometimes store credentials (for example, Google or Facebook) to keep a user logged in. The attack received a lot of media attention. This advisory...
Auteur: Cert EU

Adobe emergency patch for multiple Flash Player vulnerabilities (CERT-EU Security Advisory 2011-0004)

Adobe announced[1] the availability of a patch for multiple critical vulnerabilities found in Flash Player. Click for further details.
Auteur: Cert EU

Oracle emergency patch for Apache HTTPD DoS vulnerability (CERT-EU Security Advisory 2011-0003)

Oracle announced[1] the availability of a patch for a denial of service vulnerability in Apache HTTPD. Click for further details.
Auteur: Cert EU
First11121314151617181920

Événements SSI