jeudi 28 mai 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

FasterXML jackson-databind up to 2.9.6 XML Data XML External Entity

A vulnerability was found in FasterXML jackson-databind up to 2.9.6. It has been classified as critical. Affected is code of the component XML Data Handler. The manipulation with an unknown input leads to a privilege escalation vulnerability...
Auteur: VulDB

FasterXML jackson-databind up to 2.9.6 Deserialization blaze-ds-opt/blaze-ds-core Remote Code Execution

A vulnerability was found in FasterXML jackson-databind up to 2.9.6 and classified as critical. This issue affects the function blaze-ds-opt/blaze-ds-core of the component Deserialization. The manipulation with an unknown input leads to a...
Auteur: VulDB

FasterXML jackson-databind up to 2.9.6 Deserialization slf4j-ext Remote Code Execution

A vulnerability has been found in FasterXML jackson-databind up to 2.9.6 and classified as critical. This vulnerability affects the function slf4j-ext of the component Deserialization. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

Yeswiki Cercopitheque up to 2018-06-19-1 id sql injection

A vulnerability, which was classified as critical, was found in Yeswiki Cercopitheque up to 2018-06-19-1. This affects a function. The manipulation of the argument id as part of a Parameter leads to a sql injection vulnerability. CWE is...
Auteur: VulDB

Simply-Blog up to 2019-01-01 deleteCategories.php delete sql injection

A vulnerability, which was classified as critical, has been found in Simply-Blog up to 2019-01-01. Affected by this issue is some functionality of the file admin/deleteCategories.php. The manipulation of the argument delete as part of a...
Auteur: VulDB

tinyexr 0.9.5 tinyexr.h tinyexr::AllocateImage denial of service

A vulnerability classified as problematic was found in tinyexr 0.9.5. Affected by this vulnerability is the function tinyexr::AllocateImage of the file tinyexr.h. The manipulation with an unknown input leads to a denial of service vulnerability....
Auteur: VulDB

poppler 0.72.0 FileSpec.cc Object::dictLookup denial of service

A vulnerability was found in poppler 0.72.0. It has been rated as problematic. This issue affects the function Object::dictLookup of the file FileSpec.cc. The manipulation with an unknown input leads to a denial of service vulnerability...
Auteur: VulDB

GNU binutils 2.31.1 libbfd elflink.c File Descriptor denial of service

A vulnerability classified as problematic has been found in GNU binutils 2.31.1. Affected is an unknown function of the file elflink.c of the component libbfd. The manipulation as part of a File Descriptor leads to a denial of service...
Auteur: VulDB

ok-file-formats up to 2018-10-16 ok_csv.c ok_csv_decode2 memory corruption

A vulnerability, which was classified as critical, was found in ok-file-formats up to 2018-10-16. This affects the function ok_csv_decode2 of the file ok_csv.c. The manipulation with an unknown input leads to a memory corruption vulnerability...
Auteur: VulDB

ok-file-formats up to 2018-10-16 ok_wav.c ok_wav_decode_ms_adpcm_data memory corruption

A vulnerability, which was classified as critical, has been found in ok-file-formats up to 2018-10-16. Affected by this issue is the function ok_wav_decode_ms_adpcm_data of the file ok_wav.c. The manipulation with an unknown input leads to a...
Auteur: VulDB

Apache NetBeans 9.0 Proxy Auto-Config Remote Code Execution

A vulnerability classified as critical was found in Apache NetBeans 9.0. Affected by this vulnerability is the functionality of the component Proxy Auto-Config. The manipulation with an unknown input leads to a privilege escalation vulnerability...
Auteur: VulDB

McAfee Application Control and Change Control up to 7.0.1 Whitelist Bypass privilege escalation

A vulnerability was found in McAfee Application Control and Change Control up to 7.0.1. It has been declared as critical. This vulnerability affects a code block of the component Whitelist. The manipulation with an unknown input leads to a...
Auteur: VulDB

Proxygen prior 2018.12.31.00 HTTP2 Parser Header/Trailer denial of service

A vulnerability was found in Proxygen. It has been classified as problematic. This affects code of the component HTTP2 Parser. The manipulation as part of a Header/Trailer leads to a denial of service vulnerability. CWE is classifying the issue...
Auteur: VulDB

Proxygen prior 2018.12.31.00 HTTP2 Priority Setting denial of service

A vulnerability was found in Proxygen and classified as problematic. Affected by this issue is a part of the component HTTP2 Priority Setting Handler. The manipulation with an unknown input leads to a denial of service vulnerability. Using CWE...
Auteur: VulDB

WhatsApp Messenger up to 2.18 on Android/iOS/Windows Phone RTP Packet Heap-based denial of service

A vulnerability has been found in WhatsApp Messenger up to 2.18 on Android/iOS/Windows Phone and classified as problematic. Affected by this vulnerability is a functionality of the component RTP Packet Handler. The manipulation with an unknown...
Auteur: VulDB

Proxygen up to 2018.11.19.00 Certificate Validation denial of service

A vulnerability, which was classified as problematic, was found in Proxygen up to 2018.11.19.00. Affected is a function of the component Certificate Validation Handler. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

React up to 16.0.0/16.1.1/16.2.0/16.3.2/16.4.1 ReactDOMServer API Application cross site scripting

A vulnerability classified as problematic was found in React up to 16.0.0/16.1.1/16.2.0/16.3.2/16.4.1. This vulnerability affects the functionality of the component ReactDOMServer API. The manipulation as part of a Application leads to a cross...
Auteur: VulDB

HHVM up to 3.27.4/3.30 getextendedstats Hostname/Port memory corruption

A vulnerability classified as critical has been found in HHVM up to 3.27.4/3.30. This affects the function Memcache::getextendedstats. The manipulation as part of a Hostname/Port leads to a memory corruption vulnerability (Out-of-Bounds). CWE is...
Auteur: VulDB

HHVM 3.26.0/3.26.1/3.26.2 folly::secureRandom unknown vulnerability

A vulnerability was found in HHVM 3.26.0/3.26.1/3.26.2. It has been rated as problematic. The impact remains unknown. CVE summarizes:folly::secureRandom will re-use a buffer between parent and child processes when fork() is called. That will...
Auteur: VulDB

osquery up to 3.2.6 Code Signing privilege escalation

A vulnerability was found in osquery up to 3.2.6. It has been declared as critical. Affected by this vulnerability is a code block of the component Code Signing Handler. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

HHVM up to 3.21.9/3.24.5/3.25.1 Proxygen std::out_of_range Request denial of service

A vulnerability was found in HHVM up to 3.21.9/3.24.5/3.25.1. It has been classified as problematic. Affected is the function std::out_of_range of the component Proxygen. The manipulation as part of a Request leads to a denial of service...
Auteur: VulDB

HHVM up to 3.21.9/3.24.5/3.25.1 Multipart File Upload Variable unknown vulnerability

A vulnerability was found in HHVM up to 3.21.9/3.24.5/3.25.1 and classified as critical. This issue affects a part of the component Multipart File Upload. The manipulation as part of a Variable leads to a unknown weakness. The impact remains...
Auteur: VulDB

Nuclide prior v0.290.0 Deep Link hostname Code Execution cross site scripting

A vulnerability has been found in Nuclide and classified as problematic. This vulnerability affects a functionality of the component Deep Link Handler. The manipulation of the argument hostname as part of a Parameter leads to a cross site...
Auteur: VulDB

Buck prior v2018.06.25.01 Java Serialized Object Code Execution

A vulnerability, which was classified as critical, was found in Buck. This affects a function of the component Java Serialized Object Handler. The manipulation with an unknown input leads to a privilege escalation vulnerability (Code Execution)....
Auteur: VulDB

GNU binutils 2.31.1 elfcomm.c process_archive ELF File memory corruption

A vulnerability, which was classified as critical, has been found in GNU binutils 2.31.1. Affected by this issue is the function process_archive of the file elfcomm.c. The manipulation as part of a ELF File leads to a memory corruption...
Auteur: VulDB
First1005100610071008100910101011101210131014Last

Événements SSI