jeudi 9 juillet 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

VU#290915: F5 BIG-IP contains multiple vulnerabilities including unauthenticated remote command execution

Overview F5 BIG-IP provides a Traffic Management User Interface (TMUI), also referred to as the Configuration utility, that has multiple vulnerabilities including a remotely exploitable command injection...
Auteur: US Cert

VU#576779: Netgear httpd upgrade_check.cgi stack buffer overflow

Overview Multiple Netgear devices contain a stack buffer overflow in the httpd web server's handling of upgrade_check.cgi, which may allow for unauthenticated remote code execution with root...
Auteur: US Cert

VU#257161: Treck IP stacks contain multiple vulnerabilities

Overview Treck IP stack implementations for embedded systems are affected by multiple vulnerabilities. This set of vulnerabilities was researched and reported by JSOF, who calls them Ripple20. Description Treck IP network stack software is...
Auteur: US Cert

VU#339275: Universal Plug and Play (UPnP) SUBSCRIBE can be abused to send traffic to arbitrary destinations

VU#339275: Universal Plug and Play (UPnP) SUBSCRIBE can be abused to send traffic to arbitrary destinations
Auteur: US Cert

VU#636397: IP-in-IP protocol routes arbitrary traffic by default

VU#636397: IP-in-IP protocol routes arbitrary traffic by default
Auteur: US Cert

VU#127371: iOS contains an unspecified kernel vulnerability

iOS contains an unspecified kernel vulnerability. This vulnerability can allow code execution with kernel privileges. This vulnerability is being used by the public unc0ver 5.0 jailbreak utility,which claims to support all devices from iOS 11...
Auteur: US Cert

VU#647177: Bluetooth devices supporting BR/EDR are vulnerable to impersonation attacks

Bluetooth is a short-range wireless technology based off of a core specification that defines six different core configurations,including the Bluetooth Basic Rate/Enhanced Data Rate(BR/EDR)Core Configurations. Bluetooth BR/EDR is used for...
Auteur: US Cert

VU#534195: Bluetooth devices supporting LE and specific BR/EDR implementations are vulnerable to method confusion attacks

Bluetooth is a short-range wireless technology based off of a core specification that defines six different core configurations,including the Bluetooth Low Energy(BLE)Core Configuration. Like Bluetooth Classic(BR/ER),BLE is used for low-power...
Auteur: US Cert

VU#366027: Samsung Qmage codec for Android Skia library does not properly validate image files

The Samsung May 2020 Android Security Update notes that"a possible memory overwrite vulnerability in Quram qmg library allows possible remote arbitrary code execution."Samsung identifies this vulnerability as SVE-2020-16747,more commonly known as...
Auteur: US Cert

Unpatched Oracle WebLogic Servers Vulnerable to CVE-2020-2883

Original release date: May 1, 2020Oracle has released a blog post warning users that a previously disclosed Oracle WebLogic Server remote code execution vulnerability (CVE-2020-2883) is being exploited in the wild. Oracle disclosed the...
Auteur: US Cert

SaltStack Patches Critical Vulnerabilities in Salt

Original release date: May 1, 2020SaltStack has released a security update to address critical vulnerabilities affecting Salt versions prior to 2019.2.4 and 3000.2. Salt is an open-source remote task and configuration management framework widely...
Auteur: US Cert

Cisco Releases Security Updates for IOS XE SD-WAN Solution Software

Original release date: April 30, 2020Cisco has released security updates to address a vulnerability in IOS XE SD-WAN Solution software. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and...
Auteur: US Cert

WordPress Releases Security Update

Original release date: April 30, 2020WordPress 5.4 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected website. The Cybersecurity and Infrastructure...
Auteur: US Cert

Adobe Releases Security Updates for Multiple Products

Original release date: April 29, 2020Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and...
Auteur: US Cert

VMware Releases Security Updates for ESXi

Original release date: April 29, 2020VMware has released security updates to address a vulnerability in ESXi. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security...
Auteur: US Cert

Samba Releases Security Updates

Original release date: April 28, 2020The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system. The...
Auteur: US Cert

Google Releases Security Updates for Chrome

Original release date: April 28, 2020Google has released Chrome version 81.0.4044.129 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and...
Auteur: US Cert

Juniper Releases Security Updates for Junos OS

Original release date: April 28, 2020Juniper has released security updates to address a vulnerability affecting multiple versions of Junos operating systems. A remote attacker can exploit this vulnerability to take control of an affected...
Auteur: US Cert

OpenSSL Releases Security Update

Original release date: April 22, 2020OpenSSL version 1.1.1g has been released to address a vulnerability affecting versions 1.1.1d–1.1.1f. An attacker could exploit this vulnerability to cause a denial-of-service condition. The Cybersecurity and...
Auteur: US Cert

Microsoft Releases Security Updates for Multiple Products

Original release date: April 22, 2020Microsoft has released security updates to address multiple vulnerabilities in products that use the Autodesk FBX library. These include Office 2016, Office 2019, Office 365 ProPlus, and Paint 3D. A remote...
Auteur: US Cert

 Google Releases Security Updates for Chrome

Original release date: April 22, 2020Google has released Chrome version 81.0.4044.122 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and...
Auteur: US Cert

NSA, ASD Release Guidance for Mitigating Web Shell Malware

Original release date: April 22, 2020The U.S. National Security Agency (NSA) and the Australian Signals Directorate (ASD) have jointly released a Cybersecurity Information Sheet (CSI) on mitigating web shell malware. Malicious cyber actors are...
Auteur: US Cert

IC3 Releases Alert on Extortion Email Scams

Original release date: April 21, 2020The Internet Crime Complaint Center (IC3) has released an alert warning of a recent increase in extortion email scams. Cyber criminals threaten to release sexually explicit photos or videos of victims unless...
Auteur: US Cert

Apple Releases Security Update for Xcode

Original release date: April 17, 2020Apple has released a security update to address vulnerabilities in Xcode. A remote attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure...
Auteur: US Cert

Google Releases Security Updates

Original release date: April 16, 2020Google has released Chrome version 81.0.4044.113 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system. The Cybersecurity and...
Auteur: US Cert
12345678910Last

Événements SSI