Recherche : [#vulnérabilité]

State-sponsored attackers actively exploiting RCE in Citrix devices, patch ASAP! (CVE-2022-27518) - Help Net Security

An unauthenticated RCE flaw (CVE-2022-27518) is being leveraged by APT5 to compromise Citrix ADC deployments.

#vulnérabilité

December 14, 2022 at 12:10:29 AM GMT+1 * · permalien

https://www.helpnetsecurity.com/2022/12/13/cve-2022-27518-exploited/

Sophos fixed a critical flaw in its Sophos Firewall version 19.5Security Affairs

Sophos addressed several vulnerabilities affecting its Sophos Firewall version 19.5, including arbitrary code execution issues.

#cve · #patching · #vulnérabilité

December 10, 2022 at 8:43:44 AM GMT+1 * · permalien

https://securityaffairs.co/wordpress/139362/security/sophos-firewall-critical-flaw.html

Ping of death! FreeBSD fixes crashtastic bug in network tool – Naked Security

It's a venerable program, and this version had a venerable bug in it.

#vulnérabilité · #opensource

December 6, 2022 at 10:00:59 AM GMT+1 * · permalien

https://nakedsecurity.sophos.com/2022/12/05/ping-of-death-freebsd-fixes-crashtastic-bug-in-network-tool/

Multiples vulnérabilités dans les produits Stormshield – CERT-FR

https://www.cert.ssi.gouv.fr/avis/CERTFR-2022-AVI-1041/

#cve · #vulnérabilité

November 26, 2022 at 1:42:34 AM GMT+1 * · permalien

https://www.cert.ssi.gouv.fr/avis/CERTFR-2022-AVI-1041/

Vulnerable SDK components lead to supply chain risks in IoT and OT environments - Microsoft Security Blog

#dev · #vulnérabilité

November 23, 2022 at 10:11:46 AM GMT+1 * · permalien

https://www.microsoft.com/en-us/security/blog/2022/11/22/vulnerable-sdk-components-lead-to-supply-chain-risks-in-iot-and-ot-environments/

Accidental $70k Google Pixel Lock Screen Bypass - bugs.xdavidhu.me

#mobile · #vulnérabilité

November 15, 2022 at 10:25:51 AM GMT+1 * · permalien

https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/

Windows Kerberos authentication breaks after November updates

#microsoft · #vulnérabilité

November 15, 2022 at 9:58:34 AM GMT+1 * · permalien

https://www.bleepingcomputer.com/news/microsoft/windows-kerberos-authentication-breaks-after-november-updates/

Multiples vulnérabilités dans OpenSSL – CERT-FR

https://www.cert.ssi.gouv.fr/avis/CERTFR-2022-AVI-985/

#vulnérabilité · #opensource

November 10, 2022 at 8:37:45 PM GMT+1 * · permalien

https://www.cert.ssi.gouv.fr/avis/CERTFR-2022-AVI-985/

Lenovo warns of flaws that can be used to bypass security featuresSecurity Affairs

e

#vulnérabilité · #hardware

November 10, 2022 at 10:11:20 AM GMT+1 * · permalien

https://securityaffairs.co/wordpress/138312/security/lenovo-bypass-security-features.html

VMware warns of three critical holes in remote-control tool

#vulnérabilité

November 9, 2022 at 9:12:09 AM GMT+1 * · permalien

https://www.theregister.com/AMP/2022/11/09/vmware_workspace_one_assist_critical_flaws

SQL Injection on REST API · Advisory · glpi-project/glpi · GitHub

GLPI CVE-2022-39323

#vulnérabilité · #cve

November 7, 2022 at 9:02:40 AM GMT+1 * · permalien

https://github.com/glpi-project/glpi/security/advisories/GHSA-cp6q-9p4x-8hr9

Multiple Vulnerabilities Reported in Checkmk IT Infrastructure Monitoring Software

Multiple vulnerabilities have been disclosed in Checkmk IT Infrastructure monitoring software that could be chained together by an unauthenticated, remote attacker to fully take over affected servers.

#vulnérabilité

November 3, 2022 at 9:40:12 AM GMT+1 * · permalien

https://thehackernews.com/2022/11/multiple-vulnerabilities-reported-in.html

BREAKDOWN Realistic Pentest of a Schneider Electric Industrial Control System M221 PLC - YouTube

#vulnérabilité · #Indus

October 31, 2022 at 3:51:09 PM GMT+1 * · permalien

https://www.youtube.com/watch?v=1Ppm7dQ66-U

High-Severity Flaws in Juniper Junos OS Affect Enterprise Networking Devices

#vulnérabilité

October 31, 2022 at 3:05:30 PM GMT+1 * · permalien

https://thehackernews.com/2022/10/high-severity-flaws-in-juniper-junos-os.html

22-Year-Old Vulnerability Reported in Widely Used SQLite Database Library

#vulnérabilité · #cve

October 26, 2022 at 8:42:40 AM GMT+2 * · permalien

https://thehackernews.com/2022/10/22-year-old-vulnerability-reported-in.html

Multiples vulnérabilités dans les produits SolarWinds

#vulnérabilité · #certfr

October 21, 2022 at 8:33:03 AM GMT+2 * · permalien

https://www.cert.ssi.gouv.fr/avis/CERTFR-2022-AVI-939/

Dangerous hole in Apache Commons Text – like Log4Shell all over again – Naked Security

#vulnérabilité · #opensource

October 19, 2022 at 8:39:53 AM GMT+2 * · permalien

https://nakedsecurity.sophos.com/2022/10/18/dangerous-hole-in-apache-commons-text-like-log4shell-all-over-again/

Adobe patches critical Magento XSS that puts sites at takeover risk | The Daily Swig

#vulnérabilité · #Patching

October 18, 2022 at 8:23:05 AM GMT+2 * · permalien

https://portswigger.net/daily-swig/adobe-patches-critical-magento-xss-that-puts-sites-at-takeover-risk

Adobe Security Bulletin

#vulnérabilité · #CVE10 · #Patching

October 16, 2022 at 10:13:32 PM GMT+2 * · permalien

https://helpx.adobe.com/security/products/magento/apsb22-48.html

Zimbra remote code execution vulnerability actively exploited in the wild | The Daily Swig

The bug was assigned the tracker CVE-2022-41352 in late September. Issued a CVSS severity score of 9.8

#vulnérabilité · #opensource

October 13, 2022 at 10:38:15 AM GMT+2 * · permalien

https://portswigger.net/daily-swig/zimbra-remote-code-execution-vulnerability-actively-exploited-in-the-wild