samedi 16 novembre 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Symantec Endpoint Protection Manager up to 14.2 privilege escalation

A vulnerability classified as critical was found in Symantec Endpoint Protection Manager up to 14.2. This vulnerability affects an unknown code. Applying the patch 14.2 RU1 is able to eliminate this problem.
Auteur: VulDB

NSS up to 3.25 denial of service [CVE-2016-5285]

A vulnerability classified as problematic has been found in NSS up to 3.25. This affects the function K11_SignWithSymKey/ssl3_ComputeRecordMACConstantTime. Upgrading to version 3.26 eliminates this vulnerability. A possible mitigation has been...
Auteur: VulDB

openshift Install Script Code Execution [CVE-2014-0023]

A vulnerability was found in openshift (affected version not known). It has been rated as critical. Affected by this issue is some unknown functionality of the component Install Script. There is no information about possible countermeasures...
Auteur: VulDB

Chrony up to 1.29.0 cmdmon Protocol Amplification privilege escalation

A vulnerability was found in Chrony up to 1.29.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component cmdmon Protocol Handler. Upgrading to version 1.29.1 eliminates this vulnerability. A...
Auteur: VulDB

ClamAV up to 0.97.6 dbg_printhex information disclosure

A vulnerability was found in ClamAV up to 0.97.6. It has been classified as problematic. Affected is the function dbg_printhex. Upgrading to version 0.97.7 eliminates this vulnerability. A possible mitigation has been published even before and...
Auteur: VulDB

ClamAV up to 0.97.6 libclamav Code Execution memory corruption

A vulnerability was found in ClamAV up to 0.97.6 and classified as critical. This issue affects some unknown processing of the component libclamav. Upgrading to version 0.97.7 eliminates this vulnerability. A possible mitigation has been...
Auteur: VulDB

ClamAV up to 0.97.6 WWPack Heap-based memory corruption

A vulnerability has been found in ClamAV up to 0.97.6 and classified as critical. This vulnerability affects an unknown code block of the component WWPack. Upgrading to version 0.97.7 eliminates this vulnerability. A possible mitigation has been...
Auteur: VulDB

Perdition up to 2.1 IMAP Server/POP Server ssl_outgoing_ciphers weak encryption

A vulnerability, which was classified as problematic, was found in Perdition up to 2.1. This affects the function ssl_outgoing_ciphers of the component IMAP Server/POP Server. Upgrading to version 2.2 eliminates this vulnerability.
Auteur: VulDB

qtnx 0.9 Configuration File Key information disclosure

A vulnerability, which was classified as problematic, has been found in qtnx 0.9. Affected by this issue is an unknown part of the component Configuration File. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

ax25-tools up to 0.0.8-12 AX.25 Daemon setuid() Return Value privilege escalation

A vulnerability classified as critical was found in ax25-tools up to 0.0.8-12. Affected by this vulnerability is the function setuid() of the component AX.25 Daemon. Upgrading to version 0.0.8-13 eliminates this vulnerability.
Auteur: VulDB

Drupal 7.0/7.1/7.2/7.3/7.4 File Upload directory traversal

A vulnerability classified as critical has been found in Drupal 7.0/7.1/7.2/7.3/7.4. Affected is an unknown functionality of the component File Upload. Upgrading to version 7.5 eliminates this vulnerability.
Auteur: VulDB

gksu-polkit up to 0.0.2 xauth privilege escalation

A vulnerability was found in gksu-polkit up to 0.0.2. It has been rated as critical. This issue affects an unknown function of the component xauth. Upgrading to version 0.0.3 eliminates this vulnerability.
Auteur: VulDB

Jetty up to 6.1.21 Cookie Dump Servlet /test/cookie/ privilege escalation

A vulnerability was found in Jetty up to 6.1.21. It has been declared as critical. This vulnerability affects some unknown processing of the file /test/cookie/ of the component Cookie Dump Servlet. Upgrading to version 6.1.22 eliminates this...
Auteur: VulDB

Reminder: Malware Can Exploit Improper Configurations

Original release date: November 15, 2019Protect yourself from unwanted—and potentially harmful—files or programs by adhering to vendor-recommended configurations for hardware and software. Doing so in addition to maintaining regular patch...
Auteur: US Cert

CERTFR-2019-AVI-574 : Multiples vulnérabilités dans F5 BIG-IP (15 novembre 2019)

De multiples vulnérabilités ont été découvertes dans F5 BIG-IP. Elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2019-AVI-573 : Multiples vulnérabilités dans Fortinet FortiOS (15 novembre 2019)

De multiples vulnérabilités ont été découvertes dans Fortinet FortiOS. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des...
Auteur: Cert FR

CERTFR-2019-AVI-572 : Multiples vulnérabilités dans les produits Symantec (15 novembre 2019)

De multiples vulnérabilités ont été découvertes dans les produits Symantec. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un contournement de la politique de sécurité et une élévation de privilèges.

Auteur: Cert FR

Adobe Illustrator CC up to 23.1 Code Execution memory corruption

A vulnerability was found in Adobe Illustrator CC up to 23.1 and classified as critical. Affected by this issue is an unknown code. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Adobe Illustrator CC up to 23.1 Code Execution memory corruption

A vulnerability has been found in Adobe Illustrator CC up to 23.1 and classified as critical. Affected by this vulnerability is an unknown part. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Adobe Media Encoder up to 13.1 Out-of-Bounds memory corruption

A vulnerability, which was classified as critical, was found in Adobe Media Encoder up to 13.1. Affected is some unknown functionality. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Adobe Media Encoder up to 13.1 Out-of-Bounds memory corruption

A vulnerability, which was classified as critical, has been found in Adobe Media Encoder up to 13.1. This issue affects an unknown functionality. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Adobe Media Encoder up to 13.1 Out-of-Bounds memory corruption

A vulnerability classified as critical was found in Adobe Media Encoder up to 13.1. This vulnerability affects an unknown function. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Adobe Media Encoder up to 13.1 Out-of-Bounds memory corruption

A vulnerability classified as critical has been found in Adobe Media Encoder up to 13.1. This affects some unknown processing. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Adobe Media Encoder up to 13.1 Out-of-Bounds memory corruption

A vulnerability was found in Adobe Media Encoder up to 13.1. It has been rated as critical. Affected by this issue is an unknown code block. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Adobe Bridge CC up to 9.1 memory corruption [CVE-2019-8240]

A vulnerability was found in Adobe Bridge CC up to 9.1. It has been declared as critical. Affected by this vulnerability is an unknown code. Applying a patch is able to eliminate this problem.
Auteur: VulDB
12345678910Last

Événements SSI

TRUSTECH

Cet événement international dédié aux paiements, à l'identification et à la sécurité est organisé à Cannes (palais des festivals) du 26 au 28 novembre 2019. Organisé par Comexposium.

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS