jeudi 28 mai 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Web Cache Poisoning Vulnerabilities - (CERT-EU Security Advisory 2019-001)

Web cache poisoning has long been considered a _theoretical_ threat. However, already published research describes practical examples of this type of attack. Also, recently there have been documented cases of observing exploitation of these types...
Auteur: Cert EU

BLEEDINGBIT - Vulnerabilities Affecting Enterprise WiFi Devices (CERT-EU Security Advisory 2018-028)

Security researchers disclosed details about two critical vulnerabilities related to the use of BLE (Bluetooth Low Energy) chips made by Texas Instruments (TI). The vulnerable BLE chips are embedded in WiFi network equipment from Cisco, Meraki...
Auteur: Cert EU

Multiple Vulnerabilities in Oracle Products (CERT-EU Security Advisory 2018-027)

On 16th of October 2018, Oracle released a critical patch bundle that addresses several security vulnerabilities. The patch contains 301 new fixes since the last patch. The addressed vulnerabilities affect many Oracle products including among...
Auteur: Cert EU

Vulnerabilities in PHP (CERT-EU Security Advisory 2018-026)

On 11th of October 2018, several vulnerabilities have been fixed in PHP, a programming language designed for web applications. According to the Center for Internet Security, these vulnerabilities allow an adversary to perform an arbitrary code...
Auteur: Cert EU

Cisco Webex Player Remote Code Execution Vulnerabilities (CERT-EU Security Advisory 2018-025)

On 19th of September 2018, Cisco published a security advisory concerning Remote Code Execution Vulnerabilities. These vulnerabilities allow an unauthenticated remote attacker to execute arbitrary code on an affected device. The vulnerabilities...
Auteur: Cert EU

Windows Task Scheduler – Privileges Escalation Vulnerability (CERT-EU Security Advisory 2018-024)

On August 27th, a tweet from a researcher with a nick SandboxEscaper announced an unpatched local privileges escalation vulnerability in Windows. This flaw is affecting the way Task Scheduler uses Advanced Local Procedure Call (ALPC) to read and...
Auteur: Cert EU

Major Vulnerability in Ghostscript (CERT-EU Security Advisory 2018-023)

Ghostscript -- an interpreter for PostScript and PDF -- is affected by a major vulnerability. There is currently no patch available, but some workarounds are possible.
Auteur: Cert EU

Apache Struts -- Critical Remote Code Execution Vulnerability (CERT-EU Security Advisory 2018-022)

Semmle researchers discovered and disclosed a critical remote code execution vulnerability (CVE-2018-11776) in the Apache Struts web application framework. That flaw could allow remote attackers to run malicious code on the affected servers.
Auteur: Cert EU

Speculative Execution Attack on Intel Processors (CERT-EU Security Advisory 2018-020)

In January 2018, two separate teams discovered flaws in Intel processor allowing speculative execution attacks and notified Intel of their researches. On 14th of August 2018, the vulnerabilities were disclosed publicly under the name Foreshadow....
Auteur: Cert EU

Critical Vulnerabilities in Adobe Acrobat and Reader (CERT-EU Security Advisory 2018-021)

On 14th of August 2018, Adobe released a security bulletin addressing two critical vulnerabilities affecting Adobe Acrobat and Reader for Windows and MacOS. Successful exploitation could lead to arbitrary code execution in the context of the...
Auteur: Cert EU

New attack on WPA/WPA2 using PMKID (CERT-EU Security Advisory 2018-019)

On August 4th the researcher Jens Steube published on his website a new method to get a hash which involves the Pre-Shared Key (PSK) of a wifi access point. A successful exploitation of the technique allows an attacker to retrieve the PSK.
Auteur: Cert EU

WebLogic Vulnerability Exploited In The Wild (CERT-EU Security Advisory 2018-018)

Recently Oracle released patches for vulnerability CVE-2018-2893. This vulnerability allows an unauthenticated attacker to compromise Oracle WebLogic Server. Exploits were published on GitHub and on other websites after the announcement of the...
Auteur: Cert EU

Juniper JunOS Multiple Vulnerabilities (CERT-EU Security Advisory 2018-017)

On the 12th of July 2018, Juniper has released updates to address several vulnerabilities affecting JunOS products. A remote attacker can exploit those vulnerabilities in order to trigger privilege escalation, denial of service, firewall rule...
Auteur: Cert EU

Signature Spoofing Vulnerability in GnuPG (CERT-EU Security Advisory 2018-016)

On 13th of June 2018, Marcus Brinkmann released technical details concerning a vulnerability impacting GnuPG and most applications based on GnuPG (Enigmail, GPGtools, python-gnupg, etc.) [1]. This vulnerability can be exploited by a remote...
Auteur: Cert EU

Critical Vulnerabilities in Adobe Acrobat, Reader and Photoshop CC (CERT-EU Security Advisory 2018-015)

Adobe has released Adobe Security Bulletins APSB18-09 and APSB18-17 providing security updates for Adobe Acrobat, Reader and Adobe Photoshop CC for Windows and MacOS. These updates address critical and important vulnerabilities, which successful...
Auteur: Cert EU

Vulnerabilities in OpenPGP and S/MIME Client Implementations (CERT-EU Security Advisory 2018-014)

On 14th of May 2018, security researchers released technical details concerning vulnerabilities impacting OpenPGP and S/MIME encryption technologies. These vulnerabilities abuse e-mail clients rendering HTML content when displaying e-mails to...
Auteur: Cert EU

Cisco WebEx ARF Remote Code Execution Vulnerabilities (CERT-EU Security Advisory 2018-013)

On May 2nd, 2018, Cisco published two advisories for remote code execution vulnerabilities, CVE-2018-0287 (medium) and CVE-2018-0264 (critical) in the various Cisco WebEx Players. The players are used to play back WebEx meeting recordings that...
Auteur: Cert EU

Drupal Core - Remote Code Execution (CERT-EU Security Advisory 2018-012)

Drupal is a content management system often used for Enterprise Content Management Projects. A remote code execution vulnerability (CVE-2018-7602) exists within multiple subsystems of Drupal 7.x and 8.x. This allows attackers to exploit multiple...
Auteur: Cert EU

Cisco Products Multiple Vulnerabilities (CERT-EU Security Advisory 2018-011)

On the 17th and 18th of April 2018, Cisco has released several updates to address vulnerabilities affecting multiple products in which a remote attacker can exploit these vulnerabilities to trigger cross site scripting, denial of service, remote...
Auteur: Cert EU

Critical Vulnerability in Sophos Mobile and Sophos Mobile Control (CERT-EU Security Advisory 2018-010)

On 26th of March 2018, Sophos released a security advisory concerning Sophos Mobile and Sophos Mobile Control. This critical vulnerability could allow an unauthenticated user to access the administration console or the self-service portal of...
Auteur: Cert EU

UPDATE Cisco Smart Install Protocol Remote Code Execution Vulnerability (CERT-EU Security Advisory 2018-009)

On 28th of March 2018, Cisco published a security advisory concerning a buffer overflow discovered in Smart Install feature of Cisco IOS and Cisco IOS XE software. This vulnerability allows an unauthenticated, remote attacker to execute arbitrary...
Auteur: Cert EU

Drupal Core – Remote Code Execution (CERT-EU Security Advisory 2018-008)

Drupal team announced a security advisory for a vulnerability (CVE-2018-7600) reported by Jasper Mattsson and rated as Highly Critical with a score of 21/25 based on the NIST Common Misuse Scoring System. A remote code execution vulnerability...
Auteur: Cert EU

Unauthorized Personal Data Sharing (CERT-EU Security Advisory 2018-007)

CERT-EU has recently observed the usage of software tools and components that might lead to unauthorized personal data leakage. These components are often available in the form of browser extensions or plugins, or e-mail clients plugins. Examples...
Auteur: Cert EU

Remote Code Execution Vulnerability in Exim (CERT-EU Security Advisory 2018-006)

On February 05, 2018, Devcore Security Consulting discovered a buffer overflow vulnerability in the base64 decode function of Exim message transfer agent. On March 06, 2018, Exim released a security advisory about the issue, confirming potential...
Auteur: Cert EU

UPDATE Critical Vulnerability in Adobe Flash Player (CERT-EU Security Advisory 2018-005)

On January 31, 2018, KrCERT/CC released a security alert regarding a vulnerability in Adobe Flash Player. Regarding this issue, Adobe Systems has also released a security advisory about the vulnerability (CVE-2018-4878). According to Adobe, the...
Auteur: Cert EU
12345678910Last

Événements SSI