Emergency Response Archives - Página 72 de 90

TortoiseSVN Remote Code Execution Vulnerability (CVE-2019-14422) Threat Alert

Por NSFOCUSPostou 3 de setembro de 2019

Overview On August 13, local time, a researcher from a vulnerability laboratory (vxrl team) disclosed a remote code execution vulnerability (CVE-2019-14422) in TortoiseSVN. The URI handler of TortoiseSVN (Tsvncmd:) allows a customized diff operation on Excel workbooks. This vulnerability could be used to open remote workbooks without protection from macro...

Hacker in hoodie with computer code background.

Ghostscript -dSAFER Multiple Sandbox Bypass Vulnerabilities Threat Alert

Por NSFOCUSPostou 2 de setembro de 2019

Vulnerability Description On August 28, 2019, Artifex submitted "Bug 701446: Avoid divide by zero in shading" on the master branch of Ghostscript and announced remediation of four -dSAFER sandbox bypass vulnerabilities. -dSAFER is a security sandbox used by Ghostscript for prevention of insecure PostScript operations. (mais…)

Ghostscript -dSAFER Sandbox Bypass Vulnerability (CVE-2019-10216) Threat Alert

Por NSFOCUSPostou 30 de agosto de 2019

Overview Recently, Ghostscript announced the discovery of the -dSAFER sandbox bypass vulnerability (CVE-2019-10216). The .buildfont1 procedure in Ghostscript does not properly restrict privileged calls, which allows attackers to escalate privileges and access files beyond the restricted domain. (mais…)

Adobe Security Bulletins for August 2019 Security Updates Threat Alert

Por NSFOCUSPostou 26 de agosto de 2019

Overview On August 13, 2019, local time, Adobe officially released August's security updates to fix multiple vulnerabilities in its various products, including Adobe Photoshop CC , Adobe Experience Manager, Adobe Acrobat and Reader, Adobe Creative Cloud Desktop Application, Adobe Prelude CC, Adobe Premiere Pro CC, Adobe Character Animator CC, and Adobe After Effects CC....

Illustration of a web browser with a magnifying glass symbolizing search.

Microsoft’s Security Patches for August Fix 95 Security Vulnerabilities Threat Alert

Por NSFOCUSPostou 20 de agosto de 2019

OverviewÂ Microsoft released August 2019 security patches on Tuesday that fix 95 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including Active Directory, HTTP/2, Microsoft Bluetooth Driver, Microsoft Browsers, Microsoft Dynamics, Microsoft Edge, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Malware Protection Engine, Microsoft...

Abstract geometric digital shapes and patterns.

KDE Frameworks Command Execution Vulnerability (CVE-2019-14744) Threat Alert

Por NSFOCUSPostou 19 de agosto de 2019

Overview Recently, a security researcher took to Twitter to disclose a KDE Frameworks command injection vulnerability, which stems from the KDesktopfile class handling .desktop, .directory, and configuration files. An attacker could create malicious files of these types, which, once being viewed with the KDE file viewer, could trigger the vulnerability,...