mercredi 8 avril 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Critical Vulnerabilities in Firefox (CERT-EU Security Advisory 2020-020)

On the 3rd of April 2020, Mozilla released an advisory concerning two critical vulnerabilities affecting Firefox browser. According to Mozilla, both vulnerabilities are related to "use-after-free" bugs and have been exploited in the wild in...
Auteur: Cert EU

Apache Web Server Vulnerability (CERT-EU Security Advisory 2020-019)

On the 1st of April 2020, a new vulnerability was made public related to Apache Web server. Apache HTTP Server is prone to an open-redirection vulnerability because it fails to properly validate the redirect URLs. Specifically, this issue affects...
Auteur: Cert EU

Serious PHP Vulnerability (CERT-EU Security Advisory 2020-018)

In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while using "mb_strtolower()" function with "UTF-32LE" encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption,...
Auteur: Cert EU

Remote-Code-Execution Vulnerabilities in All Versions of Windows (CERT-EU Security Advisory 2020-017)

On the 23th of March 2020, Microsoft released a security advisory for two remote-code-execution vulnerabilities affecting all versions of Windows. The two vulnerabilities are linked to the Adobe Type Manager Library. An attacker could exploit...
Auteur: Cert EU

Multiple Critical Vulnerabilities in Trend Micro (CERT-EU Security Advisory 2020-016)

On the 16th of March 2020, Trend Micro has released critical patches for two remote code execution vulnerabilities in Trend Micro Apex One and OfficeScan XG along with other three critical vulnerabilities. Trend Micro confirmed that they...
Auteur: Cert EU

Critical Vulnerability in VMWare Products (CERT-EU Security Advisory 2020-015)

On the 12th of March 2020, VMWare released an advisory concerning three vulnerabilities in VMWare products. The most critical one (CVE-2020-3947) could be exploited by an attacker to execute code on a host system from a malicious or compromised...
Auteur: Cert EU

SMBv3 - Critical Remote Code Execution Vulnerability (CERT-EU Security Advisory 2020-014)

On the 10th of March 2020, Microsoft released a security advisory for a remote code execution vulnerability affecting Microsoft Server Message Block 3.1.1 (SMBv3) protocol. An "unauthenticated" attacker who successfully exploited the...
Auteur: Cert EU

Critical PPP Daemon Vulnerability (CERT-EU Security Advisory 2020-013)

A new dangerous (and 17 years old!) remote code execution vulnerability has been discovered by Ilja Van Sprundel from IOActive. It affects the PPP daemon ("pppd") software that comes installed on almost all Linux-based operating systems and...
Auteur: Cert EU

Cisco Webex Players Vulnerabilities (CERT-EU Security Advisory 2020-012)

High serverity vulnerabilities were patched in Cisco Webex video conferencing platform. In particular they affect Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows. If exploited, these could...
Auteur: Cert EU

Multiple XSS Vulnerabilities in Wordpress Plugins (CERT-EU Security Advisory 2020-011)

Several cross-site scripting (XSS) vulnerabilities were fond in popular WordPress plugins. Some of them could give attackers complete control of sites. It is to be mentioned that this year we have already observed other vulnerabilities in...
Auteur: Cert EU

Microsoft Exchange Server - Remote Code Execution Vulnerability (CERT-EU Security Advisory 2020-010)

Microsoft released a fix for a remote code execution vulnerability in Microsoft Exchange (CVE-2020-0688). The vulnerability exists because Exchange fails to create unique cryptographic keys at installation time, leading to all Exchange servers...
Auteur: Cert EU

Critical Vulnerability in ThemeGrill Demo Importer Wordpress Plugin (CERT-EU Security Advisory 2020-009)

A critical vulnerability affecting the ThemeGrill Demo Importer plugin has been identified. Theme Grill Demo Importer is a plugin that can be used to import ThemeGrill official themes demo content, widgets and theme settings. The plugin is...
Auteur: Cert EU

WordPress Profile Builder Plugin Critical Vulnerability (CERT-EU Security Advisory 2020-008)

A critical vulnerability affecting the WordPress Profile Builder Plugin has been identified. Profile Builder is a plugin designed to create custom forms that allow users to register, edit their profile, etc. The plugin is affected by a broken...
Auteur: Cert EU

Vulnerabilities in WordPress GDPR Cookie Consent Plugin (CERT-EU Security Advisory 2020-007)

Critical vulnerabilities affecting the WordPress GDPR Cookie Consent plugin have been identified. This plugin is used to make websites GDPR compliant. The vulnerability was reported by the security researcher Jerome Bruandet from NinTechNet. The...
Auteur: Cert EU

Internet Explorer Zero-Day Vulnerability (CERT-EU Security Advisory 2020-006)

Microsoft released an advisory notifying about a remote code execution (RCE) vulnerability existing in the scripting engine of Internet Explorer (IE). The vulnerability allows an attacker to corrupt the memory of the IE and execute code with the...
Auteur: Cert EU

Critical Vulnerabilities in WordPress Plugins (CERT-EU Security Advisory 2020-005)

Critical vulnerabilities that are affecting two WordPress plugins have been identified. The vulnerabilities affect InfiniteWP Client and the WP Time Capsule plugins and allow a remote attacker to login into an administrator account without password.
Auteur: Cert EU

Critical Vulnerabilities in Multiple Oracle Products (CERT-EU Security Advisory 2020-004)

Oracle has published an advisory about hundreds of critical vulnerabilities that are affecting several of its products. Many of the vulnerabilities can be remotely exploited without authentication and without user interaction. Expedient patching...
Auteur: Cert EU

Critical Vulnerabilities in Microsoft Windows (CERT-EU Security Advisory 2020-003)

Several critical vulnerabilities affecting Microsoft Windows were patched on 14th of January 2020, as part of the regular patch Tuesday. Some the vulnerabilities are quite critical, so it is extremely important to apply the patches as soon as...
Auteur: Cert EU

Critical Vulnerability in Citrix Products (CERT-EU Security Advisory 2020-002)

A critical vulnerability affecting Citrix products has been been disclosed in December 2019. The vulnerability, identified as CVE-2019-19781, could allow an attacker to get access to the internal network without requiring authentication. Numerous...
Auteur: Cert EU

Critical Vulnerability in Mozilla Firefox (CERT-EU Security Advisory 2020-001)

A critical vulnerability affecting Mozilla Firefox has been been disclosed. The vulnerability identified as CVE-2019-17026 allows attackers to write to and read from memory locations that are off-limits, and could lead to information disclosures,...
Auteur: Cert EU

Detecting and Preventing Emotet 2019 Campaign (CERT-EU Security Advisory 2019-021)

Since beginning of June 2019, the Emotet botnet stopped sending phishing emails to infect new victims. However, on August 22nd, 2019, the known Command-and-Control (CnC) servers started responding again. Since September 16th, 2019, CERT-EU has...
Auteur: Cert EU

Simjacker Vulnerability Impacting up to 1 Billion Phone Users (CERT-EU Security Advisory 2019-020)

AdaptiveMobile Security have uncovered a new and previously undetected vulnerability and associated exploits, called Simjacker. This vulnerability is currently being actively exploited. The main Simjacker attack involves an SMS containing a...
Auteur: Cert EU

Critical Exim TLS Vulnerability (CERT-EU Security Advisory 2019-019)

Exim Mail Transfer Agent (MTA) servers are exposed to a security vulnerability, which can grant attackers the ability to run malicious code with root privileges. This vulnerability has been assigned the number CVE-2019-15846. The vulnerability is...
Auteur: Cert EU

Cisco Critical Vulnerability Affecting IOS XE Software (CERT-EU Security Advisory 2019-018)

A major vulnerability affecting CISCO IOS XE operating system has been disclosed. The vulnerability identified as CVE-2019-12643 allows a remote user to bypass authentication and gain full control of the device that is running an outdated version...
Auteur: Cert EU

Vulnerabilities in Popular VPNs (CERT-EU Security Advisory 2019-017)

Several vulnerabilities impacting popular VPNs (by Palo Alto, Pulse Security, and Fortinet) have been recently seen being exploited in the wild. In most severe case, the vulnerabilities allow for remote code execution. Although the...
Auteur: Cert EU
12345678910Last

Événements SSI