vendredi 22 mars 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Microsoft Security Updates (CERT-EU Security Advisory 2012-0083 )

CERT-EU has received notification from Microsoft on a number of new security updates which have been released on the 10 July 2012. This advisory is intended to help you plan for the deployment of these security updates more effectively.
Auteur: Cert EU

JBOSS security updates (CERT-EU Security Advisory 2012-0082)

Updated resteasy packages that fix one security issue are now available for several JBOSS products
Auteur: Cert EU

Linux kernel epoll can leak file descriptors when returning -ELOOP (CERT-EU Security Advisory 2012-0081)

Linux Kernel is vulnerable to a denial of service, caused by an error related to adding epoll file descriptors in each other in circle.
Auteur: Cert EU

Microsoft Security Updates (CERT-EU Security Advisory 2012-0080)

CERT-EU has received advance notification from Microsoft on a number of new security updates which are planned for release on 10 July 2012.
Auteur: Cert EU

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 (CERT-EU Security Advisory 2012-0079)

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries
Auteur: Cert EU

Multiple Buffer Overflow Vulnerabilities in the Cisco WebEx Player (CERT-EU Security Advisory 2012-0078)

The Cisco WebEx Recording Format (WRF) player contains four buffer overflow vulnerabilities and the Cisco Advanced Recording Format (ARF) player contains one buffer overflow vulnerability. In some cases,exploitation of the vulnerabilities could...
Auteur: Cert EU

Linux kernel security flaw in the NFSv4 implementation(CERT-EU Security Advisory 2012-0077)

The NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in GETACL replies, which allows remote NFS servers to cause a denial of service (OOPS) by sending an excessive number of bitmap words.
Auteur: Cert EU

Public exploit code for Internet Explorer is now widely available (CERT-EU Security Advisory 2012-0076)

The vulnerability which was patched in MS12-037 as part of the June edition of Microsoft's Patch Tuesday is being exploited in the wild.
Auteur: Cert EU

VMware Workstation, Player, Fusion, ESXi and ESX patches address security issues (CERT-EU Security Advisory 2012-0075)

VMware products allow user-assisted remote attackers to execute arbitrary code on the host OS or cause a denial of service (memory corruption) on the host OS via a crafted Checkpoint file.
Auteur: Cert EU

Jboss Security Update - JNDI: unauthenticated remote write access is permitted by default (CERT-EU Security Advisory 2012-0074)

An update that fixes one security issue is now available from the Red Hat Customer Portal.The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which...
Auteur: Cert EU

DNSChanger malware - decommissioning of temporary DNS servers on the 9 July 2012 (CERT-EU Security Advisory 2012-0016 - Update 2)

NEW!!! CERT-EU has recently received several alerts about connections from IP addresses within our constituency to the rogue DNS Servers listed below. It was later confirmed that, while some of these connections were genuine, other connections...
Auteur: Cert EU

Oracle Java SE Critical Patch Update Advisory - June 2012(CERT-EU Security Advisory 2012-0073)

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. The Critical Patch Update for Java SE also includes non-security fixes.
Auteur: Cert EU

Security updates available for Adobe Flash Player (CERT-EU Security Advisory 2012-0072)

Adobe released security updates for Adobe Flash Player. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Auteur: Cert EU

Microsoft Security Updates (CERT-EU Security Advisory 2012-0071)

CERT-EU has received advance notification from Microsoft on a number of new security updates which are planned for release on 12 June 2012.
Auteur: Cert EU

Linkedin password hash database leaked (CERT-EU Security Advisory 2012-0070)

Linkedin confirmed[1] that a file containing around 65 million of (unsalted) SHA1 password hashes connected to a Linkedin accounts have been publicly posted.
Auteur: Cert EU

Several vulnerabilities in Firefox, Thunderbird and Seamonkey (CERT-EU Security Advisory 2012-0069)

The most severe vulnerability (Priority: urgent; Severity: urgent; classification done by Redhat) allows a remote attacker to run code in the security context of a user of Firefox, Thunderbird or Seamonkey, when they open a malicious website or...
Auteur: Cert EU

Denial of Service vulnerability in ISC BIND (CERT-EU Security Advisory 2012-0068)

CVE-2012-1667: Handling of zero length rdata can cause named to terminate unexpectedly CVSS Score: 8.5 HIGH[2] CVSS Equation: (AV:N/AC:L/Au:N/C:P/I:N/A:C) A problem in BIND was uncovered while testing with experimental DNS record types. It is...
Auteur: Cert EU

Vulnerability in Microsoft Certificate Authority(CERT-EU Security Advisory 2012-0067)

Microsoft is aware of active attacks using unauthorized digital certificates derived from a Microsoft Certificate Authority. An unauthorized certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks.
Auteur: Cert EU

Symantec Endpoint Protection Multiple Issues (CERT-EU Security Advisory 2012-0066)

Symantec was notified of a vulnerable service running on the Symantec Endpoint Protection 12.1 management console. Successful access to this service can potentially allow an unauthorized remote attacker to launch a two-stage exploit attempt...
Auteur: Cert EU

Multiple issues in Linux Kernel (CERT-EU Security Advisory 2012-0065)

Multiple issues in Linux Kernel include multiple buffer overflows in the hfsplus filesystem implementation, problems with handling the use of file system capabilities by the cap_bprm_set_creds function in security/commoncap.c, and the KVM...
Auteur: Cert EU

OpenSSL Security Advisory - Invalid TLS/DTLS record attack(CERT-EU Security Advisory 2012-0064)

A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1, 1.2 and DTLS can be exploited in a denial of service attack or arbitrary code execution on both clients and servers.[1,3]
Auteur: Cert EU

Multiple vulnerabilities in Adobe Shockwave Player (CERT-EU Security Advisory 2012-0063)

Adobe released a security update for Adobe Shockwave Player 11.6.4.634 and earlier versions for Windows and Macintosh. This update addresses vulnerabilities (memory corruption) that could allow an attacker who successfully exploits these...
Auteur: Cert EU

Microsft Security Updates (CERT-EU Security Advisory 2012-0062)

CERT-EU has received notification from Microsoft on a number of new security updates which have been released on the 8 May 2012.
Auteur: Cert EU

Remote code-execution vulnerability in Adobe Flash Player (CERT-EU Security Advisory 2012-0061)

Adobe released security updates for Adobe Flash Player. These updates address an object confusion vulnerability (CVE-2012-0779)[2] that could cause the application to crash and potentially allow an attacker to take control of the affected system.
Auteur: Cert EU

PHP Remote-Code Execution Vulnerability in Certain CGI-based Setups [1,2] (CERT-EU Security Advisory 2012-0060)

There is a vulnerability in certain CGI-based setups that has gone unnoticed for at least 8 years (!) [1,2]. Some systems support a method for supplying an array of strings to the CGI script. This is only used in the case of an 'indexed' query.
Auteur: Cert EU
First321322323324325326327328329330

Événements SSI

IT & IT SECURITY MEETINGS

IT & IT Security Meetings, «salon des réseaux, du cloud, de la mobilité et de la sécurité informatique», se tient à Cannes, Palais des Festivals et des Congrès du 19 au 21 mars 2019. Organisé par Weyou Group.

RSS