CVE-2019-1472
published 2019-12-10CVE-2019-1472: An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure…
medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1474.
Affected
64 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10_version_1903_for_32-bit_systems | — | — |
GHSA
GHSA-mfg7-82qv-5fc4: An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosur
ghsa_unreviewed·2022-05-24·CVSS 5.5
CVE-2019-1472 [MEDIUM] GHSA-mfg7-82qv-5fc4: An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosur
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1474.
GHSA
GHSA-5fwm-qx75-j28q: An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosur
ghsa_unreviewed·2022-05-24·CVSS 5.5
CVE-2019-1474 [MEDIUM] GHSA-5fwm-qx75-j28q: An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosur
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1472.
Microsoft
Windows Kernel Information Disclosure Vulnerability
vendor_msrc·2019-12-10·CVSS 5.5
CVE-2019-1472 [MEDIUM] Windows Kernel Information Disclosure Vulnerability
Windows Kernel Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.
To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.
The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
FAQ: What type of information could be disclosed by this vul
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday — Dec. 2019: Vulnerability disclosures and Snort coverage
blogs_talos·2019-12-10·CVSS 7.8
[HIGH] Microsoft Patch Tuesday — Dec. 2019: Vulnerability disclosures and Snort coverage
## Microsoft Patch Tuesday — Dec. 2019: Vulnerability disclosures and Snort coverage
By Jon Munshaw.
Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 25 vulnerabilities, two of which are considered critical.
This month’s security update covers security issues in a variety of Microsoft services and software, including Remote Desktop Protocol, Hyper-V and multiple Microsoft Office products.
Talos also released a new set of SNORTⓇ rules that provide coverage for some of these vulnerabilities. For more, check out the Snort blog post here .
## Critical vulnerabilities Microsoft disclosed two critical vulnerabilities this month, both of which we will highlight b
Talos
Microsoft Patch Tuesday — Dec. 2019: Vulnerability disclosures and Snort coverage
blogs_talos·2019-12-10·CVSS 7.8
[HIGH] Microsoft Patch Tuesday — Dec. 2019: Vulnerability disclosures and Snort coverage
By Jon Munshaw.
Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 25 vulnerabilities, two of which are considered critical.
This month’s security update covers security issues in a variety of Microsoft services and software, including Remote Desktop Protocol, Hyper-V and multiple Microsoft Office products.
Talos also released a new set of SNORTⓇ rules that provide coverage for some of these vulnerabilities. For more, check out the Snort blog post here.
### Critical vulnerabilities Microsoft disclosed two critical vulnerabilities this month, both of which we will highlight below.
CVE-2019-1468 is a remote code execution vulnerability in the Windows font libr
Bugzilla
CVE-2019-11470 ImageMagick: denial of service in cineon parsing component
bugzilla·2019-05-08·CVSS 6.5
CVE-2019-11470 [MEDIUM] CVE-2019-11470 ImageMagick: denial of service in cineon parsing component
CVE-2019-11470 ImageMagick: denial of service in cineon parsing component
The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to
cause a denial-of-service (uncontrolled resource consumption) by crafting a
Cineon image with an incorrect claimed image size. This occurs because
ReadCINImage in coders/cin.c lacks a check for insufficient image data in a
file.
Reference:
https://github.com/ImageMagick/ImageMagick/issues/1472
Upstream commit:
https://github.com/ImageMagick/ImageMagick/commit/e3cdce6fe12193f235b8c0ae5efe6880a25eb957
Discussion:
Created GraphicsMagick tracking bugs for this issue:
Affects: fedora-all [bug 1707774]
Created ImageMagick tracking bugs for this issue:
Affects: fedora-all [bug 1707773]
---
Created GraphicsMagick tracking bugs for this is
2019-12-10
Published