Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Signature Spoofing Vulnerability in GnuPG (CERT-EU Security Advisory 2018-016)

On 13th of June 2018, Marcus Brinkmann released technical details concerning a vulnerability impacting GnuPG and most applications based on GnuPG (Enigmail, GPGtools, python-gnupg, etc.) [1]. This vulnerability can be exploited by a remote...
Auteur: Cert EU

Critical Vulnerabilities in Adobe Acrobat, Reader and Photoshop CC (CERT-EU Security Advisory 2018-015)

Adobe has released Adobe Security Bulletins APSB18-09 and APSB18-17 providing security updates for Adobe Acrobat, Reader and Adobe Photoshop CC for Windows and MacOS. These updates address critical and important vulnerabilities, which successful...
Auteur: Cert EU

Vulnerabilities in OpenPGP and S/MIME Client Implementations (CERT-EU Security Advisory 2018-014)

On 14th of May 2018, security researchers released technical details concerning vulnerabilities impacting OpenPGP and S/MIME encryption technologies. These vulnerabilities abuse e-mail clients rendering HTML content when displaying e-mails to...
Auteur: Cert EU

Cisco WebEx ARF Remote Code Execution Vulnerabilities (CERT-EU Security Advisory 2018-013)

On May 2nd, 2018, Cisco published two advisories for remote code execution vulnerabilities, CVE-2018-0287 (medium) and CVE-2018-0264 (critical) in the various Cisco WebEx Players. The players are used to play back WebEx meeting recordings that...
Auteur: Cert EU

Drupal Core - Remote Code Execution (CERT-EU Security Advisory 2018-012)

Drupal is a content management system often used for Enterprise Content Management Projects. A remote code execution vulnerability (CVE-2018-7602) exists within multiple subsystems of Drupal 7.x and 8.x. This allows attackers to exploit multiple...
Auteur: Cert EU

Cisco Products Multiple Vulnerabilities (CERT-EU Security Advisory 2018-011)

On the 17th and 18th of April 2018, Cisco has released several updates to address vulnerabilities affecting multiple products in which a remote attacker can exploit these vulnerabilities to trigger cross site scripting, denial of service, remote...
Auteur: Cert EU

Critical Vulnerability in Sophos Mobile and Sophos Mobile Control (CERT-EU Security Advisory 2018-010)

On 26th of March 2018, Sophos released a security advisory concerning Sophos Mobile and Sophos Mobile Control. This critical vulnerability could allow an unauthenticated user to access the administration console or the self-service portal of...
Auteur: Cert EU

UPDATE Cisco Smart Install Protocol Remote Code Execution Vulnerability (CERT-EU Security Advisory 2018-009)

On 28th of March 2018, Cisco published a security advisory concerning a buffer overflow discovered in Smart Install feature of Cisco IOS and Cisco IOS XE software. This vulnerability allows an unauthenticated, remote attacker to execute arbitrary...
Auteur: Cert EU

Drupal Core – Remote Code Execution (CERT-EU Security Advisory 2018-008)

Drupal team announced a security advisory for a vulnerability (CVE-2018-7600) reported by Jasper Mattsson and rated as Highly Critical with a score of 21/25 based on the NIST Common Misuse Scoring System. A remote code execution vulnerability...
Auteur: Cert EU

Unauthorized Personal Data Sharing (CERT-EU Security Advisory 2018-007)

CERT-EU has recently observed the usage of software tools and components that might lead to unauthorized personal data leakage. These components are often available in the form of browser extensions or plugins, or e-mail clients plugins. Examples...
Auteur: Cert EU

Remote Code Execution Vulnerability in Exim (CERT-EU Security Advisory 2018-006)

On February 05, 2018, Devcore Security Consulting discovered a buffer overflow vulnerability in the base64 decode function of Exim message transfer agent. On March 06, 2018, Exim released a security advisory about the issue, confirming potential...
Auteur: Cert EU

UPDATE Critical Vulnerability in Adobe Flash Player (CERT-EU Security Advisory 2018-005)

On January 31, 2018, KrCERT/CC released a security alert regarding a vulnerability in Adobe Flash Player. Regarding this issue, Adobe Systems has also released a security advisory about the vulnerability (CVE-2018-4878). According to Adobe, the...
Auteur: Cert EU

UPDATE Critical Vulnerability in Cisco Adaptive Security Appliance (CERT-EU Security Advisory 2018-004)

On the 29nd of January 2018, CISCO published a security advisory for a remote code execution and denial of service vulnerability affecting Cisco Adaptive Security Appliance (ASA). The vulnerability is located in the Secure Sockets Layer (SSL) VPN...
Auteur: Cert EU

Critical Vulnerability in Electron on Windows (CERT-EU Security Advisory 2018-003)

On the 22nd of January 2018, GitHub published a fix for a remote code execution vulnerability affecting Electron applications that use custom protocol handlers. An attacker could exploit the vulnerability by providing to the victim a specifically...
Auteur: Cert EU

INTEL AMT Security Issue (CERT-EU Security Advisory 2018-002)

On January 12th 2018, F-Secure reported a security issue affecting laptops supporting Intel’s Active Management Technology (AMT). The issue allows an attacker with physical access to the laptop to bypass the need to enter credentials, including...
Auteur: Cert EU

UPDATE Meltdown and Spectre Critical Vulnerabilities (CERT-EU Security Advisory 2018-001)

Design flaws in modern computer processors allow programs to steal data processed on the computer. The hardware design deficiencies leaded to the development of two attack scenarios: Meltdown, melts security boundaries normally enforced by the...
Auteur: Cert EU

Multiple Security Vulnerabilities Affecting VMware Products (CERT-EU Security Advisory 2017-027)

On the 19th of December 2017, VMware released updates to address multiple security vulnerabilities in ESXi, vCenter Server Appliance, Workstation and Fusion. The most serious of the vulnerabilities could allow remote arbitrary code execution in a...
Auteur: Cert EU

UPDATE Unauthenticated Root Access in macOS High Sierra (CERT-EU Security Advisory 2017-026)

On November 28th, a security researcher Lemi Orhan Ergin has notified Apple about a serious security issue in macOS Hight Sierra. It appears that anyone can login as root by providing an empty password. The bypass works by putting the word root...
Auteur: Cert EU

Critical Vulnerabilities Affecting Intel Firmware (CERT-EU Security Advisory 2017-025)

On the 20th of November 2017, Intel reported that it has identified security vulnerabilities that could impact Intel Management Engine, Intel Trusted Execution Engine, and Intel Server Platform Services. As the result, an attacker could gain...
Auteur: Cert EU

Increased Use of Browser Cryptojacking (CERT-EU Security Advisory 2017-024)

Since summer 2017 -- mostly due to significant increase of the price of Bitcoin -- browser-based mining services have increased their popularity. By providing easy to use JavaScript libraries they allow website owners to increase their revenues...
Auteur: Cert EU

UPDATE RSA Key Generation Prone to Factorization Attack (CERT-EU Security Advisory 2017-023)

A vulnerability (CVE-2017-15361) in the procedure of RSA key generation used by a software library allows a practical factorization attack. As a result it is possible to compute the private part of an RSA key based only on its public part. The...
Auteur: Cert EU

Actively Exploited Critical Zero-Day Vulnerability in Adobe Flash (CERT-EU Security Advisory 2017-022)

On 16th of October 2017, Adobe has released a security update for Adobe Flash Player for Windows, MacOS, Linux, and Chrome OS. This update addresses a critical type confusion vulnerability that could lead to code execution (CVE-2017-11292). Adobe...
Auteur: Cert EU

KRACK - Key Reinstallation Attacks: Breaking WPA2 (CERT-EU Security Advisory 2017-021)

Researchers in the KU Leuven University have discovered a serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within the range of the Wi-Fi of the victim can exploit these weaknesses using key...
Auteur: Cert EU

Critical Vulnerabilities Impacting Dnsmasq (CERT-EU Security Advisory 2017-020)

On October 2nd, 2017, Google published a blog post detailing severalcritical vulnerabilities impacting dnsmasq. Dnsmasq is widely used in Linux and BSD distributions, Android devices and proprietary firmwares for for serving DNS, DHCP, router...
Auteur: Cert EU

Joomla! Super User Password Leak (CERT-EU Security Advisory 2017-019)

A previously unknown LDAP injection vulnerability could allow remote attackers to leak the super user password with blind injection techniques and to fully take over any affected Joomla! installation.
Auteur: Cert EU
12345678910Last

Événements SSI