samedi 30 mai 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

UPDATE Remote Code Execution in all git versions (client + server) < 2.7.1 (CERT-EU Security Advisory 2016-121)

Version: 17/03/2016 Corrigendum initial publication typos A vulnerability in Git allows a perpetrator to execute code remotely while cloning or pushing repository with large filenames or a large number of nested trees..
Auteur: Cert EU

Remote Code Execution in all git versions (client+server)<2.7.1 (CERT-EU Security Advisory 2016-120)

A vulnerability in Git allows a perpetrator to execute code remotely while cloning or pushing repository with large filenames or a large number of nested trees..
Auteur: Cert EU

CISCO CVE-2016-1329 (CERT-EU Security Advisory 2016-119)

A vulnerability in Cisco NX-OS Software allows a perpetrator to connect to the device with administrative privileges.
Auteur: Cert EU

DROWN Attack (CERT-EU Security Advisory 2016-118)

A vulnerability in SSLv2 can lead to a compromise the cryptographic scheme of safe transactions over Internet. The attack that exploits the vulnerability is called "DROWN". The attacker can easily interfere between client and server and monitor...
Auteur: Cert EU

Palo Alto critical bugs (CERT-EU Security Advisory 2016-117)

Palo Alto Networks has revealed four new vulnerabilities
Auteur: Cert EU

Vulnerability in Microsoft Enhanced Mitigation Experience Toolkit (EMET) (CERT-EU Security Advisory 2016-116)

The Enhanced Mitigation Experience Toolkit (EMET) is a utility that helps prevent vulnerabilities in software from being successfully exploited.
Auteur: Cert EU

UPDATE CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow (CERT-EU Security Advisory 2016-115)

Updated: CentOS has released updates to vulnerability remedy. F5 has published information about products affected products.
Auteur: Cert EU

CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow (CERT-EU Security Advisory 2016-114)

Vulnerability in glibc allows unauthenticated attacker to remotely exploit and cause: - Denial-of-Service (DoS) - Remote code execution (administrator / root privileges) - Remote code execution (User)
Auteur: Cert EU

CISCO IKE v1 and v2 Vulnerability (CERT-EU Security Advisory 2016-113)

A vulnerability in the Internet Key Exchange .v1 and .v2 of CISCO ASA software can be exploited causing DOS or even remote code execution.
Auteur: Cert EU

SSH Login vulnerability on multiple Fortinet products (CERT-EU Security Advisory 2016-62) - UPDATED

The FortiOS SSH has a login vulnerability. Remote console access to vulnerable devices with "Administrative Access" enabled for S= SH is possible.
Auteur: Cert EU

OpenSSH roaming feature vulnerabilities (CERT-EU Security Advisory 2016-50)

Since version 5.4 (released on March 8, 2010), the OpenSSH client supports an undocumented feature called roaming: if the connection to an SSH server breaks unexpectedly, and if the server supports roaming as well, the client is able to reconnect...
Auteur: Cert EU

FortiOS login vulnerability (CERT-EU Security Advisory 2016-45)

The FortiOS SSH has a login vulnerability. Remote console access to vulnerable devices with "Administrative Access" enabled for S= SH is possible. A Pyhton script was released that can be used to exploit the vulnerability.
Auteur: Cert EU

Crypto implementation flaws in Pacom GMS System (CERT-EU Security Advisory 2015-761)

The Pacom 1000 implementation have several serious implementation flaws in cryptography mechanisms. The flaws that were found can bypass the security of any unpatched installation. The issue could affect the Psysical Security entities of a...
Auteur: Cert EU

JUNIPER multiple Security issues with ScreenOS (CVE-2015-7755) [CERT-EU Security Advisory 2015-825]

During a recent internal code review, Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen devices and to decrypt VPN connections.
Auteur: Cert EU

Remote code execution vulnerability in jar analysis (CERT-EU Security Advisory 2015-824)

Tavis Ormandy and Natalie Silvanovich of Google Project Zero discovered a critical vulnerability in Fireeye devices. As a result, an attacker can send an email to a user or alternatively get them to click a link and completely compromise one of...
Auteur: Cert EU

Vulnerable Dell Self-Signed Root certificates (CERT-EU Security Advisory 2015-750)

Some Dell laptops and desktops come with a pre-installed self-signed root certificate under the name of eDellRoot and in some occasions have also an installed another self-signed root certificate under the name of DSDTestProvider. This is a...
Auteur: Cert EU

Logjam Attack (CERT-EU Security Advisory 2015-325)

Last days was published a new vulnerability related to TSL/SSL protocol called Logjam attack. This vulnerability allows a man-in-the-middle attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography (which is an old...
Auteur: Cert EU

Microsoft Security Bulletin MS14-068 - Critical Vulnerability in Kerberos Could Allow Elevation of Privileges (MS KB 3011780) - (CERT-EU Security Advisory 2014-253)

The vulnerability in Microsoft Windows Kerberos KDC could allow an attacker to elevate unprivileged domain user account privileges to those of the domain administrator account.
Auteur: Cert EU

Malware distribution to German-speaking users (CERT-EU Security Advisory 2014-249)

CERT-EU has identified a malware distribution and fraud campaign with focus on german-speaking users.
Auteur: Cert EU

IMPORTANT: Critical Vulnerability in Schannel Could Allow Remote Code Execution (KB2992611) CVE-2014-6321 - (CERT-EU Security Advisory 2014-248)

A privately reported vulnerability in the Microsoft Secure Channel (Schannel) security package in Windows has been found.
Auteur: Cert EU

NEW SSLv3 Padding Oracle On Downgraded Legacy Encryption attack (CERT-EU Security Advisory 2014-169)

The SSL protocol 3.0, as used in OpenSSL and other products, uses non-deterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain clear text data via a padding-oracle attack, aka the "POODLE" issue.
Auteur: Cert EU

New: BadUSB (CERT-EU Security Advisory 2014-138)

BadUSB is a dangerous USB security flaw that allows attackers to turn a simple USB device into a keyboard, which can then be used to type malicious commands into the victim's computer.
Auteur: Cert EU

BASH Vulnerability (CERT-EU Security Advisory 2014-137)

GNU BASH is prone to remote code execution vulnerability. Vulnerable GNU BASH versions processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code.
Auteur: Cert EU

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products [1] (CERT-EU Security Advisory 2014-054)

Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code, create a denial of service (DoS) condition, or perform a...
Auteur: Cert EU

Multiple Vulnerabilities in OpenSSL [1] (CERT-EU Security Advisory 2014-053)

Several vulnerabilities have been discovered in OpenSSL library.
Auteur: Cert EU
12345678910Last

Événements SSI