Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2020-12-04 15:31:15 |
VMware Rolls a Fix for Formerly Critical Zero-Day Bug (lien direct) |
VMware has issued a full patch and revised the severity level of the NSA-reported vulnerability to "important." |
Vulnerability
|
|
|
|
2020-11-20 15:11:25 |
Facebook Messenger Bug Allows Spying on Android Users (lien direct) |
The company patched a vulnerability that could connected video and audio calls without the knowledge of the person receiving them. |
Vulnerability
|
|
|
|
2020-11-19 21:34:25 |
German COVID-19 Contact-Tracing Vulnerability Allowed RCE (lien direct) |
Bug hunters at GitHub Security Labs help shore up German contact tracing app security, crediting open source collaboration. |
Vulnerability
|
|
|
|
2019-05-14 12:58:02 |
(Déjà vu) WhatsApp Zero-Day Exploited in Targeted Spyware Attacks (lien direct) |
WhatsApp has patched a vulnerability that allowed attackers to install spyware on victims' phones. |
Vulnerability
|
|
|
|
2019-04-26 19:44:05 |
Users Urged to Disable WordPress Plugin After Unpatched Flaw Disclosed (lien direct) |
Yet another WordPress plugin vulnerability has put thousands of websites at risk. |
Vulnerability
|
|
★★★★★
|
|
2019-04-11 17:19:04 |
WordPress Urges Users to Uninstall Yuzo Plugin After Flaw Exploited (lien direct) |
A vulnerability in the Yuzo Related Posts WordPress plugin, used by 60,000 websites, is being exploited in the wild. |
Vulnerability
|
|
|
|
2019-03-29 16:26:00 |
Magento Patches Critical SQL Injection and RCE Vulnerabilities (lien direct) |
Magento patched 37 flaws Thursday, including a stored cross-site scripting (XSS) vulnerability that could have let an attacker take over a site. |
Vulnerability
|
|
|
|
2019-03-26 13:54:01 |
Apple iOS 12.2 Patches 51 Serious Flaws (lien direct) |
Apple patched more than 50 flaws in iOS 12.2, including an array of bugs in Webkit and a vulnerability that allows apps to secretly listen to users. |
Vulnerability
|
|
|
|
2019-03-19 15:26:04 |
Researcher Says NSA\'s Ghidra Tool Can Be Used for RCE (lien direct) |
Researchers have released a proof-of-concept showing how a XXE vulnerability can be exploited to attack Ghidra project users. |
Tool
Vulnerability
|
|
|
|
2019-03-15 14:46:05 |
Unpatched Fujitsu Wireless Keyboard Bug Allows Keystroke Injection (lien direct) |
An unpatched high-severity vulnerability allows keystroke injections in Fujitsu wireless keyboards. |
Vulnerability
|
|
|
|
2019-03-14 15:56:00 |
Cisco Patches Critical \'Default Password\' Bug (lien direct) |
Vulnerability allows adversaries to access monitoring system used for gathering info on operating systems and hardware. |
Vulnerability
|
|
|
|
2019-03-05 14:00:01 |
RSAC 2019: Joomla! Mail Flaw Exploited to Create Mass Phishing Infrastructure (lien direct) |
The Jmail Breaker attack leverages an old vulnerability in Joomla! along with a newly found flaw in the mail module. |
Vulnerability
|
|
|
|
2019-03-01 20:22:04 |
Adobe Patches Critical ColdFusion Vulnerability With Active Exploit (lien direct) |
Adobe has hurried out a patch for a critical arbitrary code execution vulnerability in its ColdFusion product. |
Vulnerability
|
|
|
|
2019-02-27 16:42:03 |
Cisco Patches High-Severity Webex Vulnerability For Third Time (lien direct) |
Third time's hopefully a charm for Cisco, which has patched a high-severity flaw once again in its Webex video conferencing platform. |
Vulnerability
|
|
|
|
2019-02-26 18:46:01 |
\'Cloudborne\' IaaS Attack Allows Persistent Backdoors in the Cloud (lien direct) |
A known vulnerability combined with a weakness in bare-metal server reclamation opens the door to powerful, high-impact attacks. |
Vulnerability
|
|
|
|
2019-02-26 14:51:00 |
Critical WinRAR Flaw Found Actively Being Exploited (lien direct) |
The spam campaign is being used to spread a malicious .exe file, taking advantage of a vulnerability in WinRAR which was patched in January. |
Spam
Vulnerability
|
|
|
|
2019-02-21 17:05:03 |
Adobe Re-Patches Critical Acrobat Reader Flaw (lien direct) |
Adobe has issued yet another patch for a critical vulnerability in its Acrobat Reader - a week after the original fix. |
Vulnerability
|
|
|
|
2019-02-12 18:28:04 |
Major Container Security Flaw Threatens Cascading Attacks (lien direct) |
A fundamental component of container technologies like Docker, cri-o, containerd and Kubernetes contains an important vulnerability that could cause cascading attacks. |
Vulnerability
|
Uber
|
|
|
2019-02-08 15:31:04 |
FireOS Flaw Allowed Limited Content Injection in Amazon Tablets (lien direct) |
A vulnerability in FireOS, the Amazon Fire Tablet's operating system, has been patched. |
Vulnerability
|
|
|
|
2019-02-06 15:24:05 |
Microsoft Confirms Serious \'PrivExchange\' Vulnerability (lien direct) |
The elevated privilege flaw exists in Microsoft Exchange and would allow a remote attacker to impersonate an administrator. |
Vulnerability
|
|
|
|
2019-01-23 12:00:03 |
Microsoft Windows RCE Flaw Gets Temporary Micropatch (lien direct) |
0patch released the fix for the remote code execution vulnerability in Windows, which has a CVSS score of 7.8. |
Vulnerability
|
|
|
|
2019-01-18 19:58:01 |
Fallout EK Retools for a Fresh New 2019 Look (lien direct) |
The Fallout EK has added the latest Flash vulnerability to its bad of tricks, among other tune-ups. |
Vulnerability
|
|
|
|
2019-01-09 22:33:04 |
Critical Flaw in Cisco\'s Email Security Appliance Enables \'Permanent DoS\' (lien direct) |
A remote attacker could exploit the vulnerability simply by sending an email. |
Vulnerability
|
|
|
|
2018-12-24 17:28:01 |
Critical Bug Patched in Schneider Electric Vehicle Charging Station (lien direct) |
Vulnerability in electric car charging stations could allow attackers to compromise devices. |
Vulnerability
|
|
|
|
2018-12-05 15:18:00 |
Adobe Patches Zero-Day Vulnerability in Flash Player (lien direct) |
The vulnerability could lead to arbitrary code execution. |
Vulnerability
Guideline
|
|
|
|
2018-11-29 16:11:05 |
Cisco Patches Critical Bug in License Management Tool (lien direct) |
The vulnerability could allow attacker to execute arbitrary SQL queries. |
Tool
Vulnerability
|
|
|
|
2018-11-20 20:49:03 |
Critical Adobe Flash Bug Impacts Windows, macOS, Linux and Chrome OS (lien direct) |
Adobe issues patch for a Flash Player vulnerability that could lead to an arbitrary code execution on targeted systems. |
Vulnerability
Guideline
|
|
|
|
2018-11-16 17:57:00 |
Critical WordPress Flaw Grants Admin Access to Any Registered Site User (lien direct) |
The privilege-escalation vulnerability would allow an attacker to inject malware, place ads and load custom code on an impacted website. |
Vulnerability
|
|
★★★★★
|
|
2018-11-13 22:10:04 |
Microsoft Patches Zero-Day Bug in Win7, Server 2008 and 2008 R2 (lien direct) |
Microsoft's November Patch Tuesday fixes include mitigation against a zero-day vulnerability leaving Windows 7, Server 2008 and Server 2008 R2 open to attack. |
Vulnerability
|
|
|
|
2018-11-07 16:33:05 |
WordPress Flaw Opens Millions of WooCommerce Shops to Takeover (lien direct) |
A file delete vulnerability in WordPress can be elevated into a remote code execution vulnerability for plugins like WooCommerce. |
Vulnerability
|
|
|
|
2018-11-06 13:27:01 |
Apache Struts Warns Users of Two-Year-Old Vulnerability (lien direct) |
Users must update their vulnerable libraries manually. |
Vulnerability
|
|
|
|
2018-11-01 15:20:00 |
Two Zero-Day Bugs Open Millions of Wireless Access Points to Attack (lien direct) |
Called BleedingBit, this vulnerability impacts wireless networks used in a large percentage of enterprise companies. |
Vulnerability
|
|
|
|
2018-10-11 20:24:05 |
New Drupalgeddon Attacks Enlist Shellbot to Open Backdoors (lien direct) |
Drupalgeddon 2.0 vulnerability is being exploited again by attackers using a time-honored technique of Shellbot, or PerlBot. |
Vulnerability
|
|
|
|
2018-10-09 21:24:05 |
Microsoft Patches Zero-Day Under Active Attack by APT (lien direct) |
A zero-day vulnerability tied to the Window's Win32k component is under active attack, warns Microsoft. |
Vulnerability
|
|
|
|
2018-10-02 16:47:03 |
Google Patches Critical Vulnerabilities in Android OS (lien direct) |
The most dire vulnerability targets the Android framework and could allow an adversary to execute arbitrary code on targeted devices. |
Vulnerability
|
|
|
|
2018-09-27 16:00:02 |
Local-Privilege Escalation Flaw in Linux Kernel Allows Root Access (lien direct) |
Researchers said the vulnerability "is very easy to exploit." |
Vulnerability
|
|
|
|
2018-09-21 22:01:02 |
Critical Vulnerability Found in Cisco Video Surveillance Manager (lien direct) |
Cisco has patched vulnerability in its video surveillance manager software that could give an unauthenticated, remote attacker the ability to execute arbitrary commands on targeted systems. |
Vulnerability
|
|
|
|
2018-09-20 16:10:04 |
Cisco Issues New Warning for 6-Month-Old Critical Bug in IOS XE (lien direct) |
Vulnerability allowed an unauthenticated remote attacker to log in to a device at the time the system initially boots up. |
Vulnerability
|
|
|
|
2018-09-19 16:54:02 |
Critical Out-of-Band Patch Issued for Adobe Acrobat Reader (lien direct) |
Overall seven flaws were patched - including one critical vulnerability that could lead to arbitrary code execution. |
Vulnerability
Guideline
|
|
|
|
2018-09-13 19:26:04 |
ThreatList: Microsoft Macros Remain Top Vector for Malware Delivery (lien direct) |
The second-most popular delivery method is CVE-2017-11882, a patched Microsoft vulnerability that allows the attacker to perform arbitrary code-execution. |
Malware
Vulnerability
|
|
|
|
2018-09-05 17:03:00 |
The Vulnerability Disclosure Process: Still Broken (lien direct) |
Despite the advent to bug bounty programs and enlightened vendors, researchers still complain of abuse, threats and lawsuits. |
Vulnerability
|
|
|