Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2018-09-12 05:39:04 |
Address Bar Spoofing Flaw Found in Edge, Safari (lien direct) |
A researcher has discovered an address bar spoofing vulnerability in the Microsoft Edge and Apple Safari web browsers, but a patch is currently only available for the former.
|
Vulnerability
|
|
|
|
2018-09-11 18:04:05 |
SAP Patches Critical Vulnerability in Business Client (lien direct) |
SAP today released its September 2018 set of patches to address a total of 14 vulnerabilities in its products, including a critical bug in SAP Business Client.
|
Vulnerability
|
|
|
|
2018-09-10 20:04:05 |
Zerodium Discloses Flaw That Allows Code Execution in Tor Browser (lien direct) |
Exploit acquisition firm Zerodium has disclosed a NoScript vulnerability that can be exploited to execute arbitrary JavaScript code in the Tor Browser even if the maximum security level is used.
|
Vulnerability
|
|
|
|
2018-09-10 15:02:04 |
VPN Firms Release New Patches for Privilege Escalation Flaw (lien direct) |
Virtual private network (VPN) service providers ProtonVPN and NordVPN have made another attempt to patch a potentially serious privilege escalation vulnerability that they first tried to address a few months ago.
|
Vulnerability
|
|
|
|
2018-09-06 11:25:04 |
Flaw in Schneider PLC Allows Significant Disruption to ICS (lien direct) |
A vulnerability discovered in some of Schneider Electric's Modicon programmable logic controllers (PLCs) may allow malicious actors to cause significant disruption to industrial control systems (ICS).
|
Vulnerability
|
|
|
|
2018-09-05 15:08:02 |
Windows Zero-Day Exploited in Targeted Attacks by \'PowerPool\' Group (lien direct) |
A threat group tracked by security firm ESET as “PowerPool” has been exploiting a Windows zero-day vulnerability to elevate the privileges of a backdoor in targeted attacks.
|
Vulnerability
Threat
|
|
|
|
2018-09-04 10:22:05 |
(Déjà vu) Oracle Products Affected by Exploited Apache Struts Flaw (lien direct) |
Oracle informed customers over the weekend that some of the company's products are affected by a critical Apache Struts 2 vulnerability that has been exploited in the wild.
|
Vulnerability
|
|
|
|
2018-08-31 14:29:04 |
Critical Vulnerability Patched in PHP Package Repository (lien direct) |
A critical remote code execution vulnerability was recently addressed in packagist.org |
Vulnerability
|
|
|
|
2018-08-28 14:07:03 |
Critical Apache Struts Vulnerability Exploited in Live Attacks (lien direct) |
A Critical remote code execution vulnerability in Apache Struts 2 that was patched last week is already being abused in malicious attacks, threat intelligence firm Volexity warns.
|
Vulnerability
Threat
|
|
★★
|
|
2018-08-28 11:21:03 |
Exploit Published for Windows Task Scheduler Zero-Day (lien direct) |
Details of an unpatched vulnerability in Microsoft's Windows 10 operating system were made public on Monday, via Twitter.
|
Vulnerability
|
|
|
|
2018-08-27 09:52:02 |
(Déjà vu) Exploit for Recent Critical Apache Struts Vulnerability Published (lien direct) |
Exploit code for a |
Vulnerability
|
|
|
|
2018-08-20 13:40:00 |
Vulnerability in IP Relay Service Impacts Major Canadian ISPs (lien direct) |
A recently addressed local file disclosure vulnerability in the SOLEO IP Relay service impacted nearly all major Internet service providers (ISPs) in Canada, a security researcher has discovered.
|
Vulnerability
|
|
|
|
2018-08-09 05:18:03 |
Flaw in BIND Security Feature Allows DoS Attacks (lien direct) |
The Internet Systems Consortium (ISC) revealed on Wednesday that the BIND DNS software is affected by a serious vulnerability that can be exploited for denial-of-service (DoS) attacks.
|
Vulnerability
|
|
|
|
2018-08-07 14:39:00 |
\'SegmentSmack\' Flaw in Linux Kernel Allows Remote DoS Attacks (lien direct) |
A vulnerability in the Linux kernel can allow a remote attacker to trigger a denial-of-service (DoS) condition by sending specially crafted packets to the targeted system. The flaw could impact many companies.
|
Vulnerability
|
|
★★★★★
|
|
2018-07-25 14:13:03 |
Researchers Resurrect Decade-Old Oracle Solaris Vulnerability (lien direct) |
One of the Solaris vulnerabilities patched by Oracle with its July 2018 Critical Patch Update (CPU) exists due to an ineffective fix implemented by the company for a flaw first discovered in 2007.
|
Vulnerability
|
|
|
|
2018-07-20 17:22:05 |
Microsoft Addresses Serious Vulnerability in Translator Hub (lien direct) |
A serious vulnerability in the Microsoft Translator Hub could be exploited to delete any or all of the 13000+ projects hosted by the service, a security researcher has discovered.
|
Vulnerability
|
|
|
|
2018-07-20 10:57:03 |
Adobe Patches Vulnerability Affecting Internal Systems (lien direct) |
Adobe has patched what researchers describe as a potentially serious security issue in its internal systems, but the company has downplayed the impact of the vulnerability.
|
Vulnerability
|
|
|
|
2018-07-19 09:28:05 |
ABB to Patch Code Execution Flaw in HMI Tool (lien direct) |
Swiss industrial tech company ABB is working on a patch for a serious arbitrary code execution vulnerability affecting one of its engineering tools.
|
Tool
Vulnerability
|
|
|
|
2018-07-18 18:18:05 |
Vulnerability or Not? Pen Tester Quarrels With Software Maker (lien direct) |
|
Vulnerability
|
|
|
|
2018-06-27 11:25:02 |
Unpatched WordPress Flaw Leads to Site Takeover, Code Execution (lien direct) |
A file deletion vulnerability that remains unpatched 7 months after being reported allows for the complete takeover of WordPress sites and for arbitrary code execution.
|
Vulnerability
|
|
|
|
2018-06-27 04:50:05 |
Cisco ASA Flaw Exploited in DoS Attacks (lien direct) |
Cisco has informed users that a recently patched vulnerability affecting its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software has been exploited in denial-of-service (DoS) attacks.
|
Vulnerability
Threat
|
|
|
|
2018-06-25 09:04:01 |
Rockwell Patches Flaw Affecting Safety Controllers From Several Vendors (lien direct) |
In April, at SecurityWeek's ICS Cyber Security Conference in Singapore, industrial cybersecurity firm Applied Risk disclosed the details of a serious denial-of-service (DoS) vulnerability affecting safety controllers from several major vendors.
|
Vulnerability
|
|
|
|
2018-06-22 17:19:05 |
"Wavethrough" Bug in Microsoft Edge Leaks Sensitive Information (lien direct) |
A security vulnerability |
Vulnerability
|
|
|
|
2018-06-22 12:21:02 |
Hackers Exploit Drupal Flaw for Monero Mining (lien direct) |
Network attacks exploiting a recently patched Drupal vulnerability are attempting to drop Monero mining malware onto vulnerable systems, Trend Micro reports.
|
Malware
Vulnerability
|
|
|