jeudi 28 mai 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Snapdragon Mobile/Wear up to Snapdragon_High_Med_2016 UIM API information disclosure

A vulnerability, which was classified as problematic, was found in Snapdragon Mobile and Wear. This affects a function of the component UIM API. The manipulation with an unknown input leads to a information disclosure vulnerability. CWE is...
Auteur: VulDB

Snapdragon Automobile/Mobile/Wear up to SDX24 TEE privilege escalation

A vulnerability, which was classified as critical, has been found in Snapdragon Automobile, Mobile and Wear. Affected by this issue is some functionality of the component TEE Handler. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

Snapdragon Automobile/Mobile/Wear up to SDX24 Register privilege escalation

A vulnerability classified as critical was found in Snapdragon Automobile, Mobile and Wear. Affected by this vulnerability is the functionality of the component Register Handler. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

Foxit Reader/PhantomPDF up to 9.3 on Windows tiff Parser TIFF Data Out-of-Bounds memory corruption

A vulnerability was found in Foxit Reader and PhantomPDF up to 9.3 on Windows. It has been declared as critical. This vulnerability affects a code block of the component tiff Parser. The manipulation as part of a TIFF Data leads to a memory...
Auteur: VulDB

Foxit Reader/PhantomPDF up to 9.3 on Windows PDF Parser NULL Pointer Dereference denial of service

A vulnerability was found in Foxit Reader and PhantomPDF up to 9.3 on Windows. It has been classified as problematic. This affects code of the component PDF Parser. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

Foxit Reader/PhantomPDF up to 9.3 on Windows Image Data Crash denial of service

A vulnerability was found in Foxit Reader and PhantomPDF up to 9.3 on Windows and classified as problematic. Affected by this issue is a part of the component Image Data Handler. The manipulation with an unknown input leads to a denial of...
Auteur: VulDB

Zoho ManageEngine ADSelfService Plus up to 5.x Server-Side Request Forgery

A vulnerability has been found in Zoho ManageEngine ADSelfService Plus up to 5.x and classified as critical. Affected by this vulnerability is a functionality. The manipulation with an unknown input leads to a privilege escalation vulnerability...
Auteur: VulDB

Linux Kernel up to 4.19.13 CAN Frame net/can/gw.c can_can_gw_rcv can_dlc denial of service

A vulnerability, which was classified as critical, was found in Linux Kernel up to 4.19.13. Affected is the function can_can_gw_rcv of the file net/can/gw.c of the component CAN Frame Handler. The manipulation of the argument can_dlc with an...
Auteur: VulDB

Sqla_yaml_fixtures 0.9.1 sqla_yaml_fixtures.load fixture_text Code Execution

A vulnerability, which was classified as problematic, has been found in Sqla_yaml_fixtures 0.9.1. This issue affects the function sqla_yaml_fixtures.load. The manipulation of the argument fixture_text as part of a Argument leads to a privilege...
Auteur: VulDB

Technicolor MediaAccess TG789vac v2 HP v16.3.7190-2761005-20161004084353 Admin Web Interface Referer Header cross site scripting

A vulnerability classified as problematic was found in Technicolor MediaAccess TG789vac v2 HP v16.3.7190-2761005-20161004084353. This vulnerability affects the functionality of the component Admin Web Interface. The manipulation as part of a...
Auteur: VulDB

Webroot BrightCloud SDK Header bc_http_read_header HTTP Header memory corruption

A vulnerability classified as critical has been found in Webroot BrightCloud SDK (the affected version unknown). This affects the function bc_http_read_header of the component Header Handler. The manipulation as part of a HTTP Header leads to a...
Auteur: VulDB

Telegram 4.9.0 on Android Secret Chat Stored information disclosure

A vulnerability was found in Telegram 4.9.0 on Android. It has been rated as problematic. Affected by this issue is some processing of the component Secret Chat. The manipulation with an unknown input leads to a information disclosure...
Auteur: VulDB

Zoho ManageEngine ADSelfService Plus up to 5.x Product License XML External Entity

A vulnerability was found in Zoho ManageEngine ADSelfService Plus up to 5.x. It has been declared as critical. Affected by this vulnerability is a code block of the component Product License Handler. The manipulation with an unknown input leads...
Auteur: VulDB

Reporting Addon up to 6.10.x on CUBA Platform name Persistent cross site scripting

A vulnerability was found in Reporting Addon up to 6.10.x on CUBA Platform. It has been classified as problematic. Affected is code of the component Reporting. The manipulation of the argument name with an unknown input leads to a cross site...
Auteur: VulDB

poppler 0.72.0 PDF File PDFDoc.cc PDFDoc::setup denial of service

A vulnerability was found in poppler 0.72.0 and classified as problematic. This issue affects the function PDFDoc::setup of the file PDFDoc.cc of the component PDF File Handler. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

EPON CPE-WiFi 2.0.4-X000 Privileges Cookie privilege escalation

A vulnerability has been found in EPON CPE-WiFi 2.0.4-X000 and classified as critical. This vulnerability affects a functionality of the component Privileges. The manipulation as part of a Cookie leads to a privilege escalation vulnerability....
Auteur: VulDB

Dolibarr 8.0.2 user/card.php employee sql injection

A vulnerability, which was classified as critical, was found in Dolibarr 8.0.2. This affects a function of the file user/card.php. The manipulation of the argument employee as part of a Parameter leads to a sql injection vulnerability. CWE is...
Auteur: VulDB

Dolibarr 8.0.2 user/card.php address/town cross site scripting

A vulnerability, which was classified as problematic, has been found in Dolibarr 8.0.2. Affected by this issue is some functionality of the file user/card.php. The manipulation of the argument address/town as part of a POST Parameter leads to a...
Auteur: VulDB

Dolibarr 8.0.2 product/card.php desiredstock sql injection

A vulnerability classified as critical was found in Dolibarr 8.0.2. Affected by this vulnerability is the functionality of the file product/card.php. The manipulation of the argument desiredstock as part of a Parameter leads to a sql injection...
Auteur: VulDB

Dolibarr 8.0.2 public/notice.php transphrase cross site scripting

A vulnerability classified as problematic has been found in Dolibarr 8.0.2. Affected is an unknown function of the file public/notice.php. The manipulation of the argument transphrase as part of a Parameter leads to a cross site scripting...
Auteur: VulDB

Dolibarr 8.0.2 adherents/type.php address/town cross site scripting

A vulnerability was found in Dolibarr 8.0.2. It has been rated as problematic. This issue affects some processing of the file adherents/type.php. The manipulation of the argument address/town as part of a Parameter leads to a cross site...
Auteur: VulDB

MiniShare up to 1.4.1 HTTP POST Request memory corruption

A vulnerability was found in MiniShare up to 1.4.1. It has been declared as critical. This vulnerability affects a code block. The manipulation as part of a HTTP POST Request leads to a memory corruption vulnerability. The CWE definition for the...
Auteur: VulDB

MiniShare up to 1.4.1 HTTP HEAD Request memory corruption

A vulnerability was found in MiniShare up to 1.4.1. It has been classified as critical. This affects code. The manipulation as part of a HTTP HEAD Request leads to a memory corruption vulnerability. CWE is classifying the issue as CWE-119. This...
Auteur: VulDB

Adobe Acrobat Reader Bypass privilege escalation [CVE-2018-16018]

A vulnerability was found in Adobe Acrobat Reader up to 2015.006.30461/2017.011.30110/2019.010.20064 (Document Reader Software). It has been classified as critical. This affects code. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

Adobe Acrobat Reader Use-After-Free memory corruption [CVE-2018-16011]

A vulnerability was found in Adobe Acrobat Reader up to 2015.006.30461/2017.011.30110/2019.010.20064 (Document Reader Software) and classified as critical. Affected by this issue is a part. The manipulation with an unknown input leads to a...
Auteur: VulDB
First1003100410051006100710081009101010111012Last

Événements SSI