Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Ghostscript Vulnerability

Original release date: August 21, 2018 | Last revised: August 22, 2018 NCCIC is aware of a Ghostscript vulnerability affecting various vendors. An attacker could exploit this vulnerability to take control of an affected system.    NCCIC...
Auteur: US Cert

VU#332928: Ghostscript contains multiple -dSAFER sandbox bypass vulnerabilities

Vulnerability Note VU#332928 Ghostscript contains multiple -dSAFER sandbox bypass vulnerabilities Original Release date: 21 Aug 2018 | Last revised: 27 Aug 2018 Overview Ghostscript contains multiple -dSAFER sandbox bypass...
Auteur: US Cert

Apache Releases Security Updates for Tomcat Native

Original release date: August 17, 2018 The Apache Foundation has released security updates to address vulnerabilities in Apache Tomcat Native. A remote attacker could exploit these vulnerabilities to take control of an affected...
Auteur: US Cert

Cisco Releases Security Updates

Original release date: August 15, 2018 Cisco has released updates to address vulnerabilities affecting Cisco products. A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition.  NCCIC encourages users...
Auteur: US Cert

VU#982149: Intel processors are vulnerable to a speculative execution side-channel attack called L1 Terminal Fault (L1TF)

Vulnerability Note VU#982149 Intel processors are vulnerable to a speculative execution side-channel attack called L1 Terminal Fault (L1TF) Original Release date: 15 Aug 2018 | Last revised: 17 Aug 2018 Overview Intel...
Auteur: US Cert

FBI Releases Guidance on Defending Against Travel Scams

Original release date: August 14, 2018 The Federal Bureau of Investigation (FBI) has released an article on building a digital defense against travel scams. FBI explains how scammers trick consumers with "free" vacation ploys. These offers...
Auteur: US Cert

VMware Releases Security Updates

Original release date: August 14, 2018 | Last revised: August 15, 2018 VMware has released security updates to address vulnerabilities in vSphere, Workstation, Fusion, and Virtual Appliances. An attacker could exploit these vulnerabilities...
Auteur: US Cert

Samba Releases Security Updates

Original release date: August 14, 2018 The Samba Team has released security updates to address several vulnerabilities in Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system.NCCIC encourages...
Auteur: US Cert

Adobe Releases Security Updates

Original release date: August 14, 2018 Adobe has released security updates to address vulnerabilities in Adobe Acrobat and Reader, Adobe Experience Manager, Adobe Flash Player, and Adobe Creative Cloud Desktop Application. An attacker...
Auteur: US Cert

Microsoft Releases August 2018 Security Updates

Original release date: August 14, 2018 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.NCCIC...
Auteur: US Cert

VU#787952: Android and iOS apps contain multiple vulnerabilities

Vulnerability Note VU#787952 Android and iOS apps contain multiple vulnerabilities Original Release date: 14 Aug 2018 | Last revised: 15 Aug 2018 Overview Android apps, including those pre-installed on some mobile devices,...
Auteur: US Cert

Intel Side-Channel L1TF Vulnerability

Original release date: August 14, 2018 | Last revised: August 15, 2018 Intel has released recommendations to address a side-channel vulnerability called L1 Terminal Fault (L1TF) that affects multiple Intel microprocessors. An attacker...
Auteur: US Cert

VU#857035: IKEv1 Main Mode vulnerable to brute force attacks

Vulnerability Note VU#857035 IKEv1 Main Mode vulnerable to brute force attacks Original Release date: 14 Aug 2018 | Last revised: 17 Aug 2018 Overview Internet Key Exchange v1 main mode is vulnerable to offline dictionary or...
Auteur: US Cert

VU#641765: Linux kernel IP fragment re-assembly vulnerable to denial of service

Vulnerability Note VU#641765 Linux kernel IP fragment re-assembly vulnerable to denial of service Original Release date: 14 Aug 2018 | Last revised: 20 Aug 2018 Overview The Linux kernel, versions 3.9+, IP implementation is...
Auteur: US Cert

Oracle Releases Security Alert

Original release date: August 13, 2018 | Last revised: August 14, 2018 Oracle has released a security alert to address a vulnerability in multiple versions of Oracle Database. A remote attacker could exploit this vulnerability to take...
Auteur: US Cert

Back-to-School Cyber Safety

Original release date: August 10, 2018 As summer break ends, many students will return to school with mobile devices, such as smart phones, tablets, and laptops. Although these devices can help students with their schoolwork and stay in...
Auteur: US Cert

North Korean Malicious Cyber Activity

Original release date: August 09, 2018 The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have identified a Trojan malware variant—referred to as KEYMARBLE—used by the North Korean government. The U.S....
Auteur: US Cert

VU#962459: TCP implementations vulnerable to Denial of Service

Vulnerability Note VU#962459 TCP implementations vulnerable to Denial of Service Original Release date: 06 Aug 2018 | Last revised: 16 Aug 2018 Overview The Linux kernel versions 4.9+ and supported versions of FreeBSD are...
Auteur: US Cert

VU#307144: mingw-w64 by default produces executables that opt in to ASLR, but are not compatible with ASLR

Vulnerability Note VU#307144 mingw-w64 by default produces executables that opt in to ASLR, but are not compatible with ASLR Original Release date: 03 Aug 2018 | Last revised: 03 Aug 2018 Overview mingw-w64 produces a...
Auteur: US Cert

VU#304725: Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange

Vulnerability Note VU#304725 Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange Original Release date: 23 Jul 2018 | Last revised: 17 Aug 2018 Overview Bluetooth...
Auteur: US Cert

VU#338343: strongSwan VPN charon server vulnerable to buffer underflow

Vulnerability Note VU#338343 strongSwan VPN charon server vulnerable to buffer underflow Original Release date: 23 May 2018 | Last revised: 13 Jun 2018 Overview strongSwan VPN's charon server prior to version 5.6.3 does not...
Auteur: US Cert

VU#180049: CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks

Vulnerability Note VU#180049 CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks Original Release date: 21 May 2018 | Last revised: 19 Jun 2018 Overview CPU hardware utilizing...
Auteur: US Cert

VU#122919: OpenPGP and S/MIME mail client vulnerabilities

Vulnerability Note VU#122919 OpenPGP and S/MIME mail client vulnerabilities Original Release date: 14 May 2018 | Last revised: 15 May 2018 Overview Mail clients may leak plaintext messages while decrypting OpenPGP and S/MIME...
Auteur: US Cert

VU#631579: Hardware debug exception documentation may result in unexpected behavior

Vulnerability Note VU#631579 Hardware debug exception documentation may result in unexpected behavior Original Release date: 08 May 2018 | Last revised: 06 Jun 2018 Overview In some circumstances, some operating systems or...
Auteur: US Cert

VU#283803: Integrated GPUs may allow side-channel and rowhammer attacks using WebGL ("Glitch")

Vulnerability Note VU#283803 Integrated GPUs may allow side-channel and rowhammer attacks using WebGL ("Glitch") Original Release date: 03 May 2018 | Last revised: 03 May 2018 Overview Some platforms with integrated GPUs, such...
Auteur: US Cert
First18192021222324252627

Événements SSI