Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

JUNIPER multiple Security issues with ScreenOS (CVE-2015-7755) [CERT-EU Security Advisory 2015-825]

During a recent internal code review, Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen devices and to decrypt VPN connections.
Auteur: Cert EU

Remote code execution vulnerability in jar analysis (CERT-EU Security Advisory 2015-824)

Tavis Ormandy and Natalie Silvanovich of Google Project Zero discovered a critical vulnerability in Fireeye devices. As a result, an attacker can send an email to a user or alternatively get them to click a link and completely compromise one of...
Auteur: Cert EU

Vulnerable Dell Self-Signed Root certificates (CERT-EU Security Advisory 2015-750)

Some Dell laptops and desktops come with a pre-installed self-signed root certificate under the name of eDellRoot and in some occasions have also an installed another self-signed root certificate under the name of DSDTestProvider. This is a...
Auteur: Cert EU

Logjam Attack (CERT-EU Security Advisory 2015-325)

Last days was published a new vulnerability related to TSL/SSL protocol called Logjam attack. This vulnerability allows a man-in-the-middle attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography (which is an old...
Auteur: Cert EU

Microsoft Security Bulletin MS14-068 - Critical Vulnerability in Kerberos Could Allow Elevation of Privileges (MS KB 3011780) - (CERT-EU Security Advisory 2014-253)

The vulnerability in Microsoft Windows Kerberos KDC could allow an attacker to elevate unprivileged domain user account privileges to those of the domain administrator account.
Auteur: Cert EU

Malware distribution to German-speaking users (CERT-EU Security Advisory 2014-249)

CERT-EU has identified a malware distribution and fraud campaign with focus on german-speaking users.
Auteur: Cert EU

IMPORTANT: Critical Vulnerability in Schannel Could Allow Remote Code Execution (KB2992611) CVE-2014-6321 - (CERT-EU Security Advisory 2014-248)

A privately reported vulnerability in the Microsoft Secure Channel (Schannel) security package in Windows has been found.
Auteur: Cert EU

NEW SSLv3 Padding Oracle On Downgraded Legacy Encryption attack (CERT-EU Security Advisory 2014-169)

The SSL protocol 3.0, as used in OpenSSL and other products, uses non-deterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain clear text data via a padding-oracle attack, aka the "POODLE" issue.
Auteur: Cert EU

New: BadUSB (CERT-EU Security Advisory 2014-138)

BadUSB is a dangerous USB security flaw that allows attackers to turn a simple USB device into a keyboard, which can then be used to type malicious commands into the victim's computer.
Auteur: Cert EU

BASH Vulnerability (CERT-EU Security Advisory 2014-137)

GNU BASH is prone to remote code execution vulnerability. Vulnerable GNU BASH versions processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code.
Auteur: Cert EU

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products [1] (CERT-EU Security Advisory 2014-054)

Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code, create a denial of service (DoS) condition, or perform a...
Auteur: Cert EU

Multiple Vulnerabilities in OpenSSL [1] (CERT-EU Security Advisory 2014-053)

Several vulnerabilities have been discovered in OpenSSL library.
Auteur: Cert EU

GnuTLS Hello Vulnerability (CERT-EU Security Advisory 2014-052)

This vulnerability affects the client side of the GnuTLS library. A server that sends a specially crafted Server Hello could corrupt the memory of a requesting client.
Auteur: Cert EU

Cisco RADIUS DoS [1] (CERT-EU Security Advisory 2014-051)

Cisco Identity Services Engine Software (ISE) is an authentication, authorization, and accounting application.
Auteur: Cert EU

Microsoft Internet Explorer 8 Remote Code Execution [1] (CERT-EU Security Advisory 2014-050)

Internet Explorer 8 is prone to a remote code-execution vulnerability due to a use-after-free condition.
Auteur: Cert EU

Microsoft Security Updates (CERT-EU Security Advisory 2014-049)

Microsoft has published on a number of new security updates which has been released on May 08, 2014.
Auteur: Cert EU

Security updates available for Adobe Reader and Acrobat (CERT-EU Security Advisory 2014-048)

Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.06) and earlier versions for Windows and Macintosh.
Auteur: Cert EU

Security updates available for Adobe Flash Player (CERT-EU Security Advisory 2014-047)

Adobe has released security updates for Adobe Flash Player 13.0.0.206 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.356 and earlier versions for Linux.
Auteur: Cert EU

BIND nameservers security update[1] (CERT-EU Security Advisory 2014-046)

A defect in the pre-fetch feature (which is enabled by default) can cause BIND 9.10.0 to terminate with a "REQUIRE" assertion failure if it processes queries whose answers have particular attributes.
Auteur: Cert EU

FreeBSD Security Advisory (CERT-EU Security Advisory 2014-045)

hen network packets making up a TCP stream (``TCP segments'') are received out-of-sequence, they are maintained in a reassembly queue by the destination system until they can be re-ordered and re-assembled.
Auteur: Cert EU

Citrix NetScaler Application Delivery Security Update [1] (CERT-EU Security Advisory 2014-044)

A number of security vulnerabilities have been identified in the management component of the Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway products.
Auteur: Cert EU

UPDATE Vulnerability in Internet Explorer Could Allow Remote Code Execution (CERT-EU Security Advisory 2014-041)

UPDATE: Microsoft has issued a cumulative security update for Internet Explorer (no 2965111) resolving the publicly disclosed vulnerability (CVE-2014-1776 [1]) as well as other eight privately reported vulnerabilities in IE [2].
Auteur: Cert EU

Oracle Critical Patch Update Advisory (CERT-EU Security Advisory 2014-043)

The Oracle Critical Patch Update for April 2014 [1] were released.
Auteur: Cert EU

Security updates available for Adobe Flash Player (CERT-EU Security Advisory 2014-042)

Adobe has released security updates for Adobe Flash Player 13.0.0.182 and earlier versions for Windows, Adobe Flash Player 13.0.0.201 and earlier versions for Macintosh and Adobe Flash Player 11.2.202.350 and earlier versions for Linux.
Auteur: Cert EU

VMware Security Advisories (VMSA-2014-0004.6) CERT-EU Security Advisory 2014-040

VMware product updates address OpenSSL security vulnerabilities.
Auteur: Cert EU
First234567891011Last

Événements SSI