mercredi 13 novembre 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Microsoft Windows up to Server 2019 DirectWrite information disclosure

A vulnerability was found in Microsoft Windows (Operating System). It has been classified as problematic. Affected is an unknown code block of the component DirectWrite. Applying a patch is able to eliminate this problem. A possible mitigation...
Auteur: VulDB

Microsoft Windows up to Server 2019 Remote Procedure Call information disclosure

A vulnerability was found in Microsoft Windows (Operating System) and classified as problematic. This issue affects an unknown code of the component Remote Procedure Call. Applying a patch is able to eliminate this problem. A possible mitigation...
Auteur: VulDB

Microsoft Windows up to Server 2019 Win32k privilege escalation

A vulnerability has been found in Microsoft Windows (Operating System) and classified as critical. This vulnerability affects an unknown part of the component Win32k. Applying a patch is able to eliminate this problem. A possible mitigation has...
Auteur: VulDB

Microsoft Windows up to Server 2019 Graphics Component memory corruption

A vulnerability, which was classified as critical, was found in Microsoft Windows (Operating System). This affects some unknown functionality of the component Graphics Component. Applying a patch is able to eliminate this problem. A possible...
Auteur: VulDB

Microsoft Windows up to Server 2019 JET Database Engine memory corruption

A vulnerability, which was classified as critical, has been found in Microsoft Windows (Operating System). Affected by this issue is an unknown functionality of the component JET Database Engine. Applying a patch is able to eliminate this...
Auteur: VulDB

Microsoft Windows up to Server 2019 UPnP Service privilege escalation

A vulnerability classified as critical was found in Microsoft Windows (Operating System). Affected by this vulnerability is an unknown function of the component UPnP Service. Applying a patch is able to eliminate this problem. A possible...
Auteur: VulDB

Microsoft Office up to 2019 information disclosure [CVE-2019-1402]

A vulnerability classified as problematic has been found in Microsoft Office up to 2019 (Office Suite Software). Affected is some unknown processing. Applying a patch is able to eliminate this problem. A possible mitigation has been published...
Auteur: VulDB

VMware Releases Security Updates

Original release date: November 12, 2019VMware has released security updates to address vulnerabilities in ESXi, Workstation, and Fusion. An attacker could exploit some of these vulnerabilities to take control of an affected system. The...
Auteur: US Cert

Adobe Releases Security Updates

Original release date: November 12, 2019Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity...
Auteur: US Cert

Intel Releases Security Updates

Original release date: November 12, 2019Intel has released security updates to address vulnerabilities in multiple products. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following...
Auteur: US Cert

Microsoft Releases November 2019 Security Updates

Original release date: November 12, 2019Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The...
Auteur: US Cert

CERTFR-2019-AVI-551 : [SCADA] Multiples vulnérabilités dans les produits Siemens (12 novembre 2019)

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Elles permettent à un attaquant de provoquer un déni de service et une atteinte à l'intégrité des données.

Auteur: Cert FR

CERTFR-2019-AVI-553 : [SCADA] Multiples vulnérabilités dans les produits Schneider Electric (12 novembre 2019)

De multiples vulnérabilités ont été découvertes dans les produits Schneider Electric. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et une atteinte à la...
Auteur: Cert FR

CERTFR-2019-AVI-552 : Multiples vulnérabilités dans Squid (12 novembre 2019)

De multiples vulnérabilités ont été découvertes dans Squid. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une injection de code indirecte à distance...
Auteur: Cert FR

CERTFR-2019-AVI-550 : Vulnérabilité dans Magento Commerce (12 novembre 2019)

Une vulnérabilité a été découverte dans Magento Commerce. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Auteur: Cert FR

WSO2 IS as Key Manager 5.7.0 Content-Type download-userinfo.jag cross site scripting

A vulnerability, which was classified as problematic, was found in WSO2 IS as Key Manager 5.7.0. Affected is some unknown functionality of the file download-userinfo.jag of the component Content-Type Handler. There is no information about...
Auteur: VulDB

WSO2 IS as a Key Manager 5.7.0 Dashboard Reflected cross site scripting

A vulnerability, which was classified as problematic, has been found in WSO2 IS as a Key Manager 5.7.0. This issue affects an unknown functionality of the component Dashboard. There is no information about possible countermeasures known. It may...
Auteur: VulDB

python-psutil up to 5.6.5 refcount Double-Free memory corruption

A vulnerability classified as critical was found in python-psutil up to 5.6.5 (Programming Language Software). This vulnerability affects an unknown function of the component refcount Handler. There is no information about possible...
Auteur: VulDB

FUDForum 3.0.9 admsession.php User-Agent cross site scripting

A vulnerability classified as problematic has been found in FUDForum 3.0.9 (Forum Software). This affects some unknown processing of the file admsession.php. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

GNU Mailutils up to 3.7 maidag privilege escalation

A vulnerability was found in GNU Mailutils up to 3.7. It has been rated as critical. Affected by this issue is an unknown code block of the component maidag. Upgrading to version 3.8 eliminates this vulnerability.
Auteur: VulDB

darylldoyle svg-sanitizer up to 0.11.x Attribute Whitespace cross site scripting

A vulnerability was found in darylldoyle svg-sanitizer up to 0.11.x. It has been declared as problematic. Affected by this vulnerability is an unknown code of the component Attribute Handler. Upgrading to version 0.12.0 eliminates this...
Auteur: VulDB

SVG Sanitizer Module up to 8.x-1.0-alpha1 on Drupal denial of service

A vulnerability was found in SVG Sanitizer Module up to 8.x-1.0-alpha1 on Drupal. It has been classified as problematic. Affected is an unknown part. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

safe-svg up to 1.9.4 on WordPress Attribute denial of service

A vulnerability was found in safe-svg up to 1.9.4 on WordPress (WordPress Plugin) and classified as problematic. This issue affects some unknown functionality. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

safe-svg up to 1.9.4 on WordPress String Recursion denial of service

A vulnerability has been found in safe-svg up to 1.9.4 on WordPress (WordPress Plugin) and classified as problematic. This vulnerability affects an unknown functionality. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

ImageMagick up to 7.0.8 SVG coders/svg.c denial of service

A vulnerability, which was classified as problematic, was found in ImageMagick up to 7.0.8 (Image Processing Software). This affects an unknown function of the file coders/svg.c of the component SVG Handler. Upgrading to version 7.0.9-0...
Auteur: VulDB
12345678910Last

Événements SSI

BLOCKCHAIN

Conférence et exposition sur les applications d'entreprise de la blockchain à Paris, cité universitaire internationale, les 13 et 14 novembre 2019. Organisés par Corp Agency.

TRUSTECH

Cet événement international dédié aux paiements, à l'identification et à la sécurité est organisé à Cannes (palais des festivals) du 26 au 28 novembre 2019. Organisé par Comexposium.

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS