mardi 16 juillet 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Adobe Flash Player - Multiple Vulnarabilities (CERT-EU Security Advisory 2012-0019)

Critical vulnerabilities have been identified in Adobe Flash Player 11.1.102.55 and earlier versions for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 11.1.112.61 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.5...
Auteur: Cert EU

Oracle Java SE Critical Patch Update (CERT-EU Security Advisory 2012-0018)

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. The Critical Patch Update for Java SE also includes non-security fixes. Critical Patch Updates are cumulative and each advisory describes only the security...
Auteur: Cert EU

Adobe Shockwave Player - remote code execution vulnerability (CERT-EU Security Advisory 2012-0017)

Adobe reported vulnerabilities in their Shockwave Players that could allow an attacker to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.6.3.633 and earlier versions to update to Adobe Shockwave...
Auteur: Cert EU

PHP5 Arbitrary Remote Code Execution Vulnerability (CERT-EU Security Advisory 2012-0015)

The PHP development team announced the immediate availability of PHP 5.3.10. This release delivers a critical security fix. This release fixes the arbitrary remote code execution vulnerability CVE-2012-0830.
Auteur: Cert EU

Multiple vulnerabilities in JBoss Operations Network (CERT-EU Security Advisory 2012-0014)

Red Hat has released fixes to JBoss Operations Network (JBoss ON), a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. The Red Hat...
Auteur: Cert EU

CERT-EU Security Advisory 2012-0013 Denial of Service Vulnerability in Oracle WebLogic Server, Application Server (OC4J) and iPlanet Web Server (CERT-EU Security Advisory 2012-0013)

Oracle has released a security advisory about a denial of service vulnerability in Oracle WebLogic Server, Oracle Application Server (OC4J) and Oracle iPlanet Web Server due to hashing collisions. No authentication is required to exploit this...
Auteur: Cert EU

Multiple vulnerabilities in JBoss Web server (CERT-EU Security Advisory 2012-0012)

Red Hat has released fixes to JBoss Communications Platform and JBoss Web, the web container of JBoss Enterprise Application Platform. These vulnerabilities can allow remote attackers to access sensitive information or cause a denial of service.
Auteur: Cert EU

Multiple vulnerabilities in Apache HTTP server (CERT-EU Security Advisory 2012-0011)

The Apache Software Foundation has released a new version the Apache HTTP server that fixes multiple vulnerabilities. These vulnerabilities can allow remote attackers to access sensitive information, cause a denial of service or allow local users...
Auteur: Cert EU

Multiple vulnerabilities in VMware ESXi and ESX (CERT-EU Security Advisory 2012-0010)

VMware ESXi and ESX updates to third party library and ESX Service Console address several security issues
Auteur: Cert EU

Sudo format string vulnerability (CERT-EU Security Advisory 2012-0009)

A flaw exists in the debugging code in sudo versions 1.8.0 through 1.8.3p1 that can be used to crash sudo or potentially allow an unauthorized user to elevate privileges to root.
Auteur: Cert EU

Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability (CERT-EU Security Advisory 2012-0008)

Cisco IronPort Email Security Appliances (ESA) and Cisco IronPort Security Management Appliances (SMA) contain a vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code with elevated privileges
Auteur: Cert EU

Vulnerability in OpenSSL in DTLS applications (CERT-EU Security Advisory 2012-0006)

OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108.
Auteur: Cert EU

Adobe Acrobat and Reader U3D Memory Corruption Vulnerability (Security Advisory 2011-0026)

Adobe Acrobat and Reader are prone to a remote memory corruption vulnerability.
Auteur: Cert EU

Multiple vulnerabilities in .NET Framework including critical Elevation of Privilege flaw (CERT-EU Security Advisory 2011-0033)

Microsoft has released an out-of-band security update [1] that resolves one publicly disclosed vulnerability [2] and three privately reported vulnerabilities in Microsoft .NET Framework.
Auteur: Cert EU

Vulnerabilities in Cisco IP Video Phone E20 and Digital Media Manager (CERT-EU Security Advisory 2012-0005)

Cisco IP Video Phone E20 Default Root Account Cisco TelePresence Software version TE 4.1.0 contains a default account vulnerability that could allow an unauthenticated, remote attacker to take complete control of the affected device.
Auteur: Cert EU

Remote Security Vulnerability in Oracle Sun Solaris (CERT-EU Security Advisory 2012-0004)

Oracle Sun Solaris is prone to a remote security vulnerability. Fixes are available.
Auteur: Cert EU

Multiple vulnerabilities in Apache Tomcat (CERT-EU Security Advisory 2012-0003)

The Apache Tomcat security team disclosed two vulnerabilities in their product. Fixes are available. The vulnerabilities allow unauthorized disclosure of information and disruption of service.
Auteur: Cert EU

Multiple vulnerabilities in OpenSSL (CERT-EU Security Advisory 2012-0002)

The OpenSSL project disclosed various vulnerabilities in their product.
Auteur: Cert EU

Security updates available for Adobe Reader and Acrobat (CERT-EU Security Advisory 2012-0001).

These updates address critical vulnerabilities (CVE-2011-2462, CVE-2011-4369, CVE-2011-4370, CVE-2011-4371, CVE-2011-4372, CVE-2011-4373) in Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh, and Adobe Acrobat X (10.1.1) and...
Auteur: Cert EU

Multiple vulnerabilities on Mozilla Firefox / Thunderbird / SeaMonkey (CERT-EU Security Advisory 2011-0032)

Multiple vulnerabilities have been found in Mozilla Firefox / Thunderbird. A fix is available.
Auteur: Cert EU

Multiple vulnerabilities on JBoss Enterprise Portal Platform (CERT-EU Security Advisory 2011-0031)

Multiple vulnerabilities have been found in JBoss Enterprise Portal Platform. A patch is available.
Auteur: Cert EU

RSA SecurID Software Token DLL Loading Arbitrary Code Execution (CERT-EU Security Advisory 2011-0030)

RSA SecurID Software Token is prone to a vulnerability that lets attackers execute arbitrary code. This vulnerability may be exploited to load arbitrary libraries by tricking a user into opening a Software Token file located on a compromised or...
Auteur: Cert EU

Mozilla Firefox/Thunderbird/SeaMonkey information disclosure vulnerability (Security Advisory 2011-0028)

Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 are prone to an information disclosure vulnerability, exploitable by a remote attacker to obtain information from the browser history.[1] Updated versions are available.[3]
Auteur: Cert EU

Unspecified vulnerability in Adobe Flash Player 11.1.102.55 (Security Advisory 2011-0027)

Adobe Flash Player 11.1.102.55 on Windows and Mac OS X is prone to remote attacks by execution of arbitrary code via a crafted SWF file.
Auteur: Cert EU

JBoss Application Server Administrative Console Cross-Site Scripting (Security Advisory 2011-0025)

JBoss Application Server console is prone to a cross-site scripting vulnerability while handling DOM objects; fixes are available.
Auteur: Cert EU
First535536537538539540541542543544

Événements SSI

BLACK HAT

Événement majeur mondial sur la sécurité de l'information la conférence Black Hat USA a lieu du 3 au 8 août 2019 à Las Vegas (Mandalay Bay). Organisé par UBM.


Présentation par l'organisateur

Now in its 22nd year, Black Hat USA is the world's leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2019 opens with four days of technical Trainings (August 3-6) followed by the two-day main conference (August 7-8) featuring Briefings, Arsenal, Business Hall, and more.

 Plus d'infos sur le site dédié à l'événement.

LES ASSISES

Grand rendez-vous annuel des RSSI, les Assises de la sécurité des systèmes d'information se tiennent à Monaco (Grimaldi Forum) du 9 au 12 octobre 2019. Organisées par DG Consultants.

Présentation par l'organisateur



Retour sur Les Assises 2018

La 18ème édition des Assises de la Sécurité à Monaco, c’est terminé ! Encore merci aux 2800 participants dont les 160 partenaires qui pendant trois jours se sont retrouvés pour faire vivre cet événement unique en France. Conférences, one-to-one, tables-rondes, ateliers, moments de networking… Par leur contenu, par la qualité des visiteurs et par la richesse des échanges, les Assises se positionnent plus que jamais comme le rendez-vous incontournable de tous les professionnels de la cybersécurité. A l’image du marché qui ne cesse d’évoluer, les Assises savent adapter leur offre afin de répondre au mieux aux attentes du secteur. Ainsi cette édition a-t-elle voulu mettre en avant les grands enjeux du moment en multipliant les prises de parole, les démonstrations et les retours d’expérience.

Rendez-vous maintenant pour la prochaine édition qui aura lieu du 9 au 12 octobre 2019

Plus d'informations sur le site dédié à l'événement.

RSS