vendredi 20 septembre 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Arbitrary Code Execution in Internet Explorer and Edge (CERT-EU Security Advisory 2017-004)

A high-severity vulnerability in Microsoft's Edge and Internet Explorer browsers allows attackers to execute malicious code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code (CVE-2017-0037).
Auteur: Cert EU

CISCO Smart Install Protocol Issues (CERT-EU Security Advisory 2017-003)

It has been reported that there exists a way to misuse the Cisco Smart Install protocol messages. The misuse is directed towards Smart Install Clients allowing an unauthenticated remote attacker to change the startup configuration, load...
Auteur: Cert EU

Ticketbleed Vulnerability Affecting F5 BIG-IP (CERT-EU Security Advisory 2017-002)

A vulnerability called Ticketbleed in F5 BIG-IP devices (CVE-2016-9244) could allow an unauthenticated, remote attacker to obtain sensitive information from memory if the non-default Session Tickets option is enabled for a Client SSL profile.
Auteur: Cert EU

UPDATE CISCO WebEx Browser Extension Remote Code Execution Vulnerability (CERT-EU Security Advisory 2017-001)

A vulnerability in CISCO WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the browser on the affected system. This vulnerability concerns browser extensions for CISCO WebEx...
Auteur: Cert EU

UPDATE Critical Firefox Vulnerability (CERT-EU Security Advisory 2016-142)

On 29th of November 2016, a JavaScript code exploiting a vulnerability in Firefox has been discovered. The exploit took advantage of a bug in Firefox to allow the attacker to execute arbitrary code on the targeted system by having the victim load...
Auteur: Cert EU

Black Nurse ICMP DOS attacks (CERT-EU Security Advisory 2016-141)

TDC-SOC-CERT the CERT from TDC A/S, a Danish telecommunications company, observed and started analyzing a number of denial of service attacks (DOS) based on the ICMP protocol.
Auteur: Cert EU

URGENT - 0 day Adobe Flash vulnerability (CERT-EU Security Advisory 2016-140)

"Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS.These updates address a critical vulnerability that could potentially allow an attacker to take control of the affected system."
Auteur: Cert EU

Linux Kernel vulnerability "Dirty COW" (CERT-EU Security Advisory 2016-139)

It has been reported a serious vulnerability that has been present for nine years in a section of the Linux kernel, which is most probably part of all the distributions of this OS.
Auteur: Cert EU

IKEv1 vulnerability in CISCO devices (CERT-EU Security Advisory 2016-138).

The advisory recommends integrity checks and provides detection guidance for the IKEv1 vulnerabilities discovered by CISCO in its devices.
Auteur: Cert EU

Critical Adobe Flash Player vulnerabilities (APSB16-29) (CERT-EU Security Advisory 2016-137)

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS to address multiple critical vulnerabilities.
Auteur: Cert EU

Pegasus Spyware targeting iOS devices CERT-EU Security Advisory 2016-136 - Updated

Three critical zero-day vulnerabilities were discovered, impacting Apple iOS and OS X devices. This advisory presents recommendations for end-users and Mobile Device Management administrators.
Auteur: Cert EU

Leak of hacking tools targeting Fortinet devices CERT-EU Security Advisory 2016-135

On 13th of august, a previously unknown group called "Shadow Brokers" publicly released a large number of hacking tools they claimed were used by the "Equation Group". The targeted devices include Fortinet devices. This advisory presents risk...
Auteur: Cert EU

Leak of hacking tools targeting CISCO firewalls CERT-EU Security Advisory 2016-133

On 13th of august, a previously unknown group called "Shadow Brokers" publicly released a large number of hacking tools they claimed were used by the "Equation Group". The targeted devices include CISCO Adaptive Security Appliance (ASA) and PIX...
Auteur: Cert EU

SMB bug allows to leak user login and NTLMv2 hashes [CERT-EU Security Advisory 2016-132]

The Server Message Block (SMB) protocol is a network protocol allowing files and printers sharing over different networks (TCP/IP included).
Auteur: Cert EU

HTTPoxy - CGI "HTTP_PROXY" variable name clash (CERT-EU Security Advisory 2016-130)

Web servers running in a CGI or CGI-like context may assign client request Proxy header values to internal HTTP_PROXY environment variables. This vulnerability can be leveraged to conduct man-in-the-middle (MITM) attacks on internal subrequests...
Auteur: Cert EU

Drupal RESTful Web Services Module Remote Code Execution Vulnerability (CERT-EU Security Advisory 2016-129)

The RESTful Web Services module for Drupal is prone to a remote code-execution vulnerability; fixes are available.
Auteur: Cert EU

Drupal Webform Multiple File Upload Module Remote Code Execution Vulnerability (CERT-EU Security Advisory 2016-128)

The Webform Multiple File Upload module for Drupal is prone to a remote code-execution vulnerability; fixes are available.
Auteur: Cert EU

Drupal Coder Module Remote Code Execution Vulnerability (CERT-EU Security Advisory 2016-127)

The Coder module for Drupal is prone to a remote code-execution vulnerability; fixes are available.
Auteur: Cert EU

Critical Adobe Flash bug (CVE-2016-4171) (CERT-EU Security Advisory 2016-126)

A critical vulnerability (CVE-2016-4171) exists in Adobe Flash Player 21.0.0.242 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of...
Auteur: Cert EU

Critical vulnerability in Adobe Flash Player (CVE-2016-4117) (CERT-EU Security Advisory 2016-125)

A critical vulnerability (CVE-2016-4117) exists in Adobe Flash Player 21.0.0.226 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of...
Auteur: Cert EU

Critical vulnerability in ImageMagick allowing remote code execution (CERT-EU Security Advisory 2016-124)

On May 3rd, 2016, security researchers reported several bugs in ImageMagick [1], a package commonly used by web services to process images. [2][3]
Auteur: Cert EU

Badlock Bug in Windows and Samba (CERT-EU Security Advisory 2016-123)

On April 12th, 2016 Badlock, a crucial security bug in Windows and Samba was disclosed.
Auteur: Cert EU

Cisco - Denial of Service Vulnerabilities (CERT-EU Security Advisory 2016-122)

The March 23, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication includes six Cisco Security Advisories that describe vulnerabilities in Cisco IOS Software.
Auteur: Cert EU

UPDATE Remote Code Execution in all git versions (client + server) < 2.7.1 (CERT-EU Security Advisory 2016-121)

Version: 17/03/2016 Corrigendum initial publication typos A vulnerability in Git allows a perpetrator to execute code remotely while cloning or pushing repository with large filenames or a large number of nested trees..
Auteur: Cert EU

Remote Code Execution in all git versions (client+server)<2.7.1 (CERT-EU Security Advisory 2016-120)

A vulnerability in Git allows a perpetrator to execute code remotely while cloning or pushing repository with large filenames or a large number of nested trees..
Auteur: Cert EU
First682683684685686687688689690691Last

Événements SSI

LES ASSISES

Grand rendez-vous annuel des RSSI, les Assises de la sécurité des systèmes d'information se tiennent à Monaco (Grimaldi Forum) du 9 au 12 octobre 2019. Organisées par DG Consultants.

BLOCKCHAIN

Conférence et exposition sur les applications d'entreprise de la blockchain à Paris, cité universitaire internationale, les 13 et 14 novembre 2019. Organisés par Corp Agency.

TRUSTECH

Cet événement international dédié aux paiements, à l'identification et à la sécurité est organisé à Cannes (palais des festivals) du 26 au 28 novembre 2019. Organisé par Comexposium.

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS