dimanche 17 novembre 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Reminder: Malware Can Exploit Improper Configurations

Original release date: November 15, 2019Protect yourself from unwanted—and potentially harmful—files or programs by adhering to vendor-recommended configurations for hardware and software. Doing so in addition to maintaining regular patch...
Auteur: US Cert

CERTFR-2019-AVI-574 : Multiples vulnérabilités dans F5 BIG-IP (15 novembre 2019)

De multiples vulnérabilités ont été découvertes dans F5 BIG-IP. Elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2019-AVI-573 : Multiples vulnérabilités dans Fortinet FortiOS (15 novembre 2019)

De multiples vulnérabilités ont été découvertes dans Fortinet FortiOS. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des...
Auteur: Cert FR

CERTFR-2019-AVI-572 : Multiples vulnérabilités dans les produits Symantec (15 novembre 2019)

De multiples vulnérabilités ont été découvertes dans les produits Symantec. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un contournement de la politique de sécurité et une élévation de privilèges.

Auteur: Cert FR

Adobe Illustrator CC up to 23.1 Code Execution memory corruption

A vulnerability was found in Adobe Illustrator CC up to 23.1 and classified as critical. Affected by this issue is an unknown code. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Adobe Illustrator CC up to 23.1 Code Execution memory corruption

A vulnerability has been found in Adobe Illustrator CC up to 23.1 and classified as critical. Affected by this vulnerability is an unknown part. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Adobe Media Encoder up to 13.1 Out-of-Bounds memory corruption

A vulnerability, which was classified as critical, was found in Adobe Media Encoder up to 13.1. Affected is some unknown functionality. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Adobe Media Encoder up to 13.1 Out-of-Bounds memory corruption

A vulnerability, which was classified as critical, has been found in Adobe Media Encoder up to 13.1. This issue affects an unknown functionality. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Adobe Media Encoder up to 13.1 Out-of-Bounds memory corruption

A vulnerability classified as critical was found in Adobe Media Encoder up to 13.1. This vulnerability affects an unknown function. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Adobe Media Encoder up to 13.1 Out-of-Bounds memory corruption

A vulnerability classified as critical has been found in Adobe Media Encoder up to 13.1. This affects some unknown processing. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Adobe Media Encoder up to 13.1 Out-of-Bounds memory corruption

A vulnerability was found in Adobe Media Encoder up to 13.1. It has been rated as critical. Affected by this issue is an unknown code block. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Adobe Bridge CC up to 9.1 memory corruption [CVE-2019-8240]

A vulnerability was found in Adobe Bridge CC up to 9.1. It has been declared as critical. Affected by this vulnerability is an unknown code. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Adobe Bridge CC up to 9.1 memory corruption [CVE-2019-8239]

A vulnerability was found in Adobe Bridge CC up to 9.1. It has been classified as critical. Affected is an unknown part. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Adobe Illustrator CC up to 23.1 Library Loader privilege escalation

A vulnerability was found in Adobe Illustrator CC up to 23.1 and classified as critical. This issue affects some unknown functionality of the component Library Loader. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Adobe Animate CC up to 19.2.1 Library Loader privilege escalation

A vulnerability has been found in Adobe Animate CC up to 19.2.1 and classified as critical. This vulnerability affects an unknown functionality of the component Library Loader. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022656 API weak authentication

A vulnerability, which was classified as critical, was found in Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022656. This affects an unknown function of the component API. There is no information about possible countermeasures known....
Auteur: VulDB

rack-cors Gem up to 1.0.3 on Ruby directory traversal [CVE-2019-18978]

A vulnerability, which was classified as critical, has been found in rack-cors Gem up to 1.0.3 on Ruby. Affected by this issue is some unknown processing. Upgrading to version 1.0.4 eliminates this vulnerability.
Auteur: VulDB

MicroStrategy up to 11.1.2 Library Reflected cross site scripting

A vulnerability classified as problematic was found in MicroStrategy up to 11.1.2. Affected by this vulnerability is an unknown code block of the component Library. Upgrading to version 11.1.3 eliminates this vulnerability.
Auteur: VulDB

SnowHaze up to 2.6.5 cross site scripting [CVE-2019-18949]

A vulnerability classified as problematic has been found in SnowHaze up to 2.6.5. Affected is an unknown code. Upgrading to version 2.6.6 eliminates this vulnerability.
Auteur: VulDB

eQ-3 Homematic CCU2/Homematic CCU3 Web Interface exec.cgi HTTP POST Request Remote Code Execution

A vulnerability was found in eQ-3 Homematic CCU2 and Homematic CCU3 (unknown version). It has been rated as critical. This issue affects an unknown part of the file exec.cgi of the component Web Interface. There is no information about possible...
Auteur: VulDB

eQ-3 Homematic CCU2/Homematic CCU3 Web Interface save.cgi Code Execution

A vulnerability was found in eQ-3 Homematic CCU2 and Homematic CCU3 (the affected version is unknown). It has been declared as critical. This vulnerability affects some unknown functionality of the file save.cgi of the component Web Interface....
Auteur: VulDB

eQ-3 Homematic CCU2/Homematic CCU3 Web Interface exec.cgi HTTP POST Request Code Execution

A vulnerability was found in eQ-3 Homematic CCU2 and Homematic CCU3 (the affected version unknown). It has been classified as critical. This affects an unknown functionality of the file exec.cgi of the component Web Interface. There is no...
Auteur: VulDB

Scanguard up to 2019-11-12 on Windows privilege escalation [CVE-2019-18895]

A vulnerability was found in Scanguard up to 2019-11-12 on Windows and classified as critical. Affected by this issue is an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Linux Kernel up to 5.0 fs/btrfs/volumes.c denial of service

A vulnerability has been found in Linux Kernel up to 5.0 (Operating System) and classified as problematic. Affected by this vulnerability is some unknown processing of the file fs/btrfs/volumes.c. Upgrading to version 5.1 eliminates this...
Auteur: VulDB

3xLogic Infinias Access Control up to 6.6.9586.0 cross site request forgery

A vulnerability, which was classified as problematic, was found in 3xLogic Infinias Access Control up to 6.6.9586.0. Affected is an unknown code block. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB
12345678910Last

Événements SSI

TRUSTECH

Cet événement international dédié aux paiements, à l'identification et à la sécurité est organisé à Cannes (palais des festivals) du 26 au 28 novembre 2019. Organisé par Comexposium.

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS