News Sécurité Info

Vous trouverez ci-dessous des liens vers les dernières publications issues des flux RSS de l’ANSSI et du CERT-FR pour les francophones, Packet-Storm,SecurityFocus et nvdet .nist.gov pour les anglophones.

Agence nationale de la sécurité des systèmes d’information – ANSSI

CERT-FR

Erreur : Le flux comprend des erreurs.

Packet Storm

  • Dell Customer Connect 1.3.28.0 Privilege Escalation
    Dell Customer Connect (DCCService.exe) version 1.3.28.0 suffers from a local privilege escalation vulnerability.
  • OpenText Documentum Content Server SQL Injection
    OpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote authenticated users to execute arbitrary code with super-user privileges by leverag …
  • Ubuntu Security Notice USN-3266-2
    Ubuntu Security Notice 3266-2 – USN-3266-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubun …
  • Ubuntu Security Notice USN-3265-1
    Ubuntu Security Notice 3265-1 – It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of se …
  • Ubuntu Security Notice USN-3265-2
    Ubuntu Security Notice 3265-2 – USN-3265-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from …
  • Ubuntu Security Notice USN-3266-1
    Ubuntu Security Notice 3266-1 – Alexander Popov discovered that a race condition existed in the Stream Control Transmission Protocol implementation in the Linux kernel. A local attacker could use this …
  • Ubuntu Security Notice USN-3264-2
    Ubuntu Security Notice 3264-2 – USN-3264-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from …
  • Ubuntu Security Notice USN-3267-1
    Ubuntu Security Notice 3267-1 – Jann Horn discovered that Samba incorrectly handled symlinks. An authenticated remote attacker could use this issue to access files on the server outside of the exporte …
  • Ubuntu Security Notice USN-3268-1
    Ubuntu Security Notice 3268-1 – Zhenhao Hong discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a de …
  • Ubuntu Security Notice USN-3264-1
    Ubuntu Security Notice 3264-1 – Alexander Popov discovered that a race condition existed in the Stream Control Transmission Protocol implementation in the Linux kernel. A local attacker could use this …

SecurityFocus Vulnerabilities

US National Vulnerability Database (nvd.nist.gov)

  • CVE-2017-5047
    An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a …
  • CVE-2017-5049
    An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a …
  • CVE-2017-5051
    An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a …
  • CVE-2017-5050
    An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a …
  • CVE-2017-5048
    An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a …
  • CVE-2017-5030
    Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a c …
  • CVE-2017-5034
    A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
  • CVE-2017-8106
    The handle_invept function in arch/x86/kvm/vmx.c in the Linux kernel 3.12 through 3.15 allows privileged KVM guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) vi …