Recherche : [#vulnérabilité]

Multiples vulnérabilités dans les produits Stormshield – CERT-FR

https://www.cert.ssi.gouv.fr/avis/CERTFR-2022-AVI-1041/

#cve · #vulnérabilité

November 26, 2022 at 1:42:34 AM GMT+1 * · permalien

https://www.cert.ssi.gouv.fr/avis/CERTFR-2022-AVI-1041/

Vulnerable SDK components lead to supply chain risks in IoT and OT environments - Microsoft Security Blog

#dev · #vulnérabilité

November 23, 2022 at 10:11:46 AM GMT+1 * · permalien

https://www.microsoft.com/en-us/security/blog/2022/11/22/vulnerable-sdk-components-lead-to-supply-chain-risks-in-iot-and-ot-environments/

Accidental $70k Google Pixel Lock Screen Bypass - bugs.xdavidhu.me

#mobile · #vulnérabilité

November 15, 2022 at 10:25:51 AM GMT+1 * · permalien

https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/

Windows Kerberos authentication breaks after November updates

#microsoft · #vulnérabilité

November 15, 2022 at 9:58:34 AM GMT+1 * · permalien

https://www.bleepingcomputer.com/news/microsoft/windows-kerberos-authentication-breaks-after-november-updates/

Multiples vulnérabilités dans OpenSSL – CERT-FR

https://www.cert.ssi.gouv.fr/avis/CERTFR-2022-AVI-985/

#vulnérabilité · #opensource

November 10, 2022 at 8:37:45 PM GMT+1 * · permalien

https://www.cert.ssi.gouv.fr/avis/CERTFR-2022-AVI-985/

Lenovo warns of flaws that can be used to bypass security featuresSecurity Affairs

e

#vulnérabilité · #hardware

November 10, 2022 at 10:11:20 AM GMT+1 * · permalien

https://securityaffairs.co/wordpress/138312/security/lenovo-bypass-security-features.html

VMware warns of three critical holes in remote-control tool

#vulnérabilité

November 9, 2022 at 9:12:09 AM GMT+1 * · permalien

https://www.theregister.com/AMP/2022/11/09/vmware_workspace_one_assist_critical_flaws

SQL Injection on REST API · Advisory · glpi-project/glpi · GitHub

GLPI CVE-2022-39323

#vulnérabilité · #cve

November 7, 2022 at 9:02:40 AM GMT+1 * · permalien

https://github.com/glpi-project/glpi/security/advisories/GHSA-cp6q-9p4x-8hr9

Multiple Vulnerabilities Reported in Checkmk IT Infrastructure Monitoring Software

Multiple vulnerabilities have been disclosed in Checkmk IT Infrastructure monitoring software that could be chained together by an unauthenticated, remote attacker to fully take over affected servers.

#vulnérabilité

November 3, 2022 at 9:40:12 AM GMT+1 * · permalien

https://thehackernews.com/2022/11/multiple-vulnerabilities-reported-in.html

BREAKDOWN Realistic Pentest of a Schneider Electric Industrial Control System M221 PLC - YouTube

#vulnérabilité · #Indus

October 31, 2022 at 3:51:09 PM GMT+1 * · permalien

https://www.youtube.com/watch?v=1Ppm7dQ66-U

High-Severity Flaws in Juniper Junos OS Affect Enterprise Networking Devices

#vulnérabilité

October 31, 2022 at 3:05:30 PM GMT+1 * · permalien

https://thehackernews.com/2022/10/high-severity-flaws-in-juniper-junos-os.html

22-Year-Old Vulnerability Reported in Widely Used SQLite Database Library

#vulnérabilité · #cve

October 26, 2022 at 8:42:40 AM GMT+2 * · permalien

https://thehackernews.com/2022/10/22-year-old-vulnerability-reported-in.html

Multiples vulnérabilités dans les produits SolarWinds

#vulnérabilité · #certfr

October 21, 2022 at 8:33:03 AM GMT+2 * · permalien

https://www.cert.ssi.gouv.fr/avis/CERTFR-2022-AVI-939/

Dangerous hole in Apache Commons Text – like Log4Shell all over again – Naked Security

#vulnérabilité · #opensource

October 19, 2022 at 8:39:53 AM GMT+2 * · permalien

https://nakedsecurity.sophos.com/2022/10/18/dangerous-hole-in-apache-commons-text-like-log4shell-all-over-again/

Adobe patches critical Magento XSS that puts sites at takeover risk | The Daily Swig

#vulnérabilité · #Patching

October 18, 2022 at 8:23:05 AM GMT+2 * · permalien

https://portswigger.net/daily-swig/adobe-patches-critical-magento-xss-that-puts-sites-at-takeover-risk

Adobe Security Bulletin

#vulnérabilité · #CVE10 · #Patching

October 16, 2022 at 10:13:32 PM GMT+2 * · permalien

https://helpx.adobe.com/security/products/magento/apsb22-48.html

Zimbra remote code execution vulnerability actively exploited in the wild | The Daily Swig

The bug was assigned the tracker CVE-2022-41352 in late September. Issued a CVSS severity score of 9.8

#vulnérabilité · #opensource

October 13, 2022 at 10:38:15 AM GMT+2 * · permalien

https://portswigger.net/daily-swig/zimbra-remote-code-execution-vulnerability-actively-exploited-in-the-wild

Microsoft Patch Tuesday Fixes New Windows Zero-Day; No Patch for Exchange Server Bugs

#vulnérabilité · #microsoft

October 12, 2022 at 3:09:38 PM GMT+2 * · permalien

https://thehackernews.com/2022/10/microsoft-patch-tuesday-fixes-new.html?m=1

Fortinet warns admins to patch critical auth bypass bug immediately

CVE-2022-40684

#vulnérabilité · #cve

October 7, 2022 at 5:35:10 PM GMT+2 * · permalien

https://www.bleepingcomputer.com/news/security/fortinet-warns-admins-to-patch-critical-auth-bypass-bug-immediately/

WARNING: New Unpatched Microsoft Exchange Zero-Day Under Active Exploitation

ecurity company GTSC, which discovered the shortcom

#microsoft · #vulnérabilité

September 30, 2022 at 6:14:03 PM GMT+2 * · permalien

https://thehackernews.com/2022/09/warning-new-unpatched-microsoft.html