Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

ImageMagick up to 7.0.8-67 /MagickCore/enhance.c GammaImage gamma divide by zero

A vulnerability was found in ImageMagick up to 7.0.8-67 (Image Processing Software). It has been classified as problematic. This affects the function GammaImage of the file /MagickCore/enhance.c. Upgrading to version 7.0.8-68 eliminates this...
Auteur: VulDB

ImageMagick up to 7.0.8-67 /MagickCore/quantize.c IntensityCompare integer overflow

A vulnerability was found in ImageMagick up to 7.0.8-67 (Image Processing Software) and classified as problematic. Affected by this issue is the function IntensityCompare of the file /MagickCore/quantize.c. Upgrading to version 7.0.8-68...
Auteur: VulDB

CERTFR-2020-AVI-791 : Multiples vulnérabilités dans Google Chrome OS (04 décembre 2020)

De multiples vulnérabilités ont été découvertes dans Google Chrome OS. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Auteur: Cert FR

Infinispan REST API access control [CVE-2020-25711]

A vulnerability has been found in Infinispan (affected version unknown) and classified as critical. Affected by this vulnerability is some unknown processing of the component REST API. There is no information about possible countermeasures known....
Auteur: VulDB

CImg up to 2.9.2 load_pnm heap-based buffer overflow

A vulnerability, which was classified as critical, was found in CImg up to 2.9.2. Affected is the function load_pnm. Upgrading to version 2.9.3 eliminates this vulnerability.
Auteur: VulDB

FasterXML Jackson Databind xml external entity reference [CVE-2020-25649]

A vulnerability, which was classified as critical, has been found in FasterXML Jackson Databind (Programming Language Software) (unknown version). This issue affects an unknown code. There is no information about possible countermeasures known....
Auteur: VulDB

Saibo Game Accelerator 3.7.9 access control [CVE-2020-23735]

A vulnerability classified as critical was found in Saibo Game Accelerator 3.7.9. This vulnerability affects an unknown part. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

Antiy Zhijia Terminal Defense System 5.0.2.101215 denial of service

A vulnerability classified as problematic has been found in Antiy Zhijia Terminal Defense System 5.0.2.101215. This affects some unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

Wise Care 365 5.5.4 denial of service [CVE-2020-23726]

A vulnerability was found in Wise Care 365 5.5.4. It has been rated as problematic. Affected by this issue is an unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

CVS Plugin up to 2.16 on Jenkins XML Parser xml external entity reference

A vulnerability was found in CVS Plugin up to 2.16 on Jenkins (Jenkins Plugin). It has been declared as critical. Affected by this vulnerability is an unknown function of the component XML Parser. There is no information about possible...
Auteur: VulDB

Chaos Monkey Plugin up to 0.4 on Jenkins authorization [CVE-2020-2323]

A vulnerability was found in Chaos Monkey Plugin up to 0.4 on Jenkins (Jenkins Plugin). It has been classified as critical. Affected is some unknown processing. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Chaos Monkey Plugin up to 0.3 on Jenkins Overall/Read memory leak

A vulnerability was found in Chaos Monkey Plugin up to 0.3 on Jenkins (Jenkins Plugin) and classified as problematic. This issue affects an unknown code block of the file Overall/Read. There is no information about possible countermeasures known....
Auteur: VulDB

Shelve Project Plugin up to 3.0 on Jenkins cross-site request forgery

A vulnerability has been found in Shelve Project Plugin up to 3.0 on Jenkins (Project Management Software) and classified as problematic. This vulnerability affects an unknown code. There is no information about possible countermeasures known. It...
Auteur: VulDB

Plugin Installation Manager Tool up to 2.1.3 on Jenkins Plugin Download code download

A vulnerability, which was classified as problematic, was found in Plugin Installation Manager Tool up to 2.1.3 on Jenkins (Jenkins Plugin). This affects an unknown part of the component Plugin Download Handler. There is no information about...
Auteur: VulDB

Linux Kernel futex use after free [CVE-2020-14381]

A vulnerability, which was classified as problematic, has been found in Linux Kernel (Operating System) (affected version not known). Affected by this issue is some unknown functionality of the component futex. Applying a patch is able to...
Auteur: VulDB

Linux Kernel perf Subsystem use after free [CVE-2020-14351]

A vulnerability classified as critical was found in Linux Kernel (Operating System) (affected version unknown). Affected by this vulnerability is an unknown functionality of the component perf Subsystem. There is no information about possible...
Auteur: VulDB

libvirt File Descriptor /dev/mapper/control missing release of resource

A vulnerability classified as critical has been found in libvirt (Virtualization Software) (version unknown). Affected is an unknown function of the file /dev/mapper/control of the component File Descriptor Handler. There is no information about...
Auteur: VulDB

Samba privileges assignment [CVE-2020-14318]

A vulnerability was found in Samba (File Transfer Software) (unknown version). It has been rated as problematic. This issue affects some unknown processing. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

WebKit WebKitGTK up to 2.30.1 on 64-bit Web Page use after free

A vulnerability was found in WebKit WebKitGTK up to 2.30.1 on 64-bit (Web Browser). It has been declared as critical. This vulnerability affects an unknown code block of the component Web Page Handler. There is no information about possible...
Auteur: VulDB

WebKit WebKitGTK up to 2.30.0 Websocket use after free

A vulnerability was found in WebKit WebKitGTK up to 2.30.0 (Web Browser). It has been classified as critical. This affects an unknown code of the component Websocket Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

LogicalDoc 8.5.1 permission [CVE-2020-13542]

A vulnerability was found in LogicalDoc 8.5.1 and classified as critical. Affected by this issue is an unknown part. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

Pixar OpenUSD 20.08 USD File Ha USD File Handler use after free

A vulnerability has been found in Pixar OpenUSD 20.08 and classified as critical. Affected by this vulnerability is some unknown functionality of the file USD File Handler of the component USD File Ha. There is no information about possible...
Auteur: VulDB

ProcessMaker 3.4.11 reportTables_Ajax sort sql injection

A vulnerability, which was classified as critical, was found in ProcessMaker 3.4.11. Affected is an unknown functionality of the file /sysworkflow/en/neoclassic/reportTables/reportTables_Ajax. There is no information about possible...
Auteur: VulDB

Pixar OpenUSD 20.05 USD File out-of-bounds read

A vulnerability, which was classified as problematic, has been found in Pixar OpenUSD 20.05. This issue affects an unknown function of the component USD File Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

EC-CUBE up to 3.0.18 denial of service [CVE-2020-5680]

A vulnerability classified as problematic was found in EC-CUBE up to 3.0.18 (E-Commerce Management Software). This vulnerability affects some unknown processing. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB
12345678910Last

Événements SSI