Security News

CVE-2019-3731

National Vulnerability Database - Mon, 09/30/2019 - 18:15
RSA BSAFE Crypto-C Micro Edition versions prior to 4.1.4 and RSA Micro Edition Suite versions prior to 4.4 are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.
Categories: Security News

CVE-2019-3732

National Vulnerability Database - Mon, 09/30/2019 - 18:15
RSA BSAFE Crypto-C Micro Edition, versions prior to 4.0.5.3 (in 4.0.x) and versions prior to 4.1.3.3 (in 4.1.x), and RSA Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) versions prior to 4.1.6.1 (in 4.1.x) and versions prior to 4.3.3 (4.2.x and 4.3.x) are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.
Categories: Security News

CVE-2019-3733

National Vulnerability Database - Mon, 09/30/2019 - 18:15
RSA BSAFE Crypto-C Micro Edition, all versions prior to 4.1.4, is vulnerable to three (3) different Improper Clearing of Heap Memory Before Release vulnerability, also known as 'Heap Inspection vulnerability'. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.
Categories: Security News

CVE-2019-13123

National Vulnerability Database - Mon, 09/30/2019 - 16:15
Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs involving 3 functions exhausting available stack memory because of Uncontrolled Recursion in the V8 JavaScript engine (issue 1 of 2).
Categories: Security News

CVE-2019-13124

National Vulnerability Database - Mon, 09/30/2019 - 16:15
Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs involving 3 functions exhausting available stack memory because of Uncontrolled Recursion in the V8 JavaScript engine (issue 2 of 2).
Categories: Security News

CVE-2019-17051

National Vulnerability Database - Mon, 09/30/2019 - 16:15
Evernote before 7.13 GA on macOS allows code execution because the com.apple.quarantine attribute is not used for attachment files, as demonstrated by a one-click attack involving a drag-and-drop operation on a crafted Terminal file.
Categories: Security News

CVE-2019-13467

National Vulnerability Database - Mon, 09/30/2019 - 15:15
Description: Western Digital SSD Dashboard before 2.5.1.0 and SanDisk SSD Dashboard before 2.5.1.0 applications are potentially vulnerable to man-in-the-middle attacks when the applications download resources from the Dashboard web service. This vulnerability may allow an attacker to substitute downloaded resources with arbitrary files.
Categories: Security News

CVE-2019-16276

National Vulnerability Database - Mon, 09/30/2019 - 15:15
Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.
Categories: Security News

CVE-2019-17049

National Vulnerability Database - Mon, 09/30/2019 - 15:15
NETGEAR SRX5308 4.3.5-3 devices allow SQL Injection, as exploited in the wild in September 2019 to add a new user account.
Categories: Security News

CVE-2019-17050

National Vulnerability Database - Mon, 09/30/2019 - 15:15
An issue was discovered in the Voyager package through 1.2.7 for Laravel. An attacker with admin privileges and Compass access can read or delete arbitrary files, such as the .env file. NOTE: a software maintainer has suggested a solution in which Compass is switched off in a production environment.
Categories: Security News

CVE-2019-13466

National Vulnerability Database - Mon, 09/30/2019 - 14:15
Western Digital SSD Dashboard before 2.5.1.0 and SanDisk SSD Dashboard before 2.5.1.0 have Incorrect Access Control. The ?generate reports? archive is protected with a hard-coded password. An application update that addresses the protection of archive encryption is available.
Categories: Security News

CVE-2019-15810

National Vulnerability Database - Mon, 09/30/2019 - 13:15
Insufficient sanitization during device search in Netdisco 2.042010 allows for reflected XSS via manipulation of a URL parameter.
Categories: Security News

Building the Azure IoT Edge Security Daemon in Rust

Security Research & Defense - Mon, 09/30/2019 - 12:45

Azure IoT Edge is an open source, cross platform software project from the Azure IoT team at Microsoft that seeks to solve the problem of managing distribution of compute to the edge of your on-premise network from the cloud. This post explains some of the rationale behind our choice of Rust as the implementation programming …

Building the Azure IoT Edge Security Daemon in Rust Read More »

The post Building the Azure IoT Edge Security Daemon in Rust appeared first on Microsoft Security Response Center.

Categories: Security News

CVE-2019-10539

National Vulnerability Database - Mon, 09/30/2019 - 12:15
Possible buffer overflow issue due to lack of length check when parsing the extended cap IE header length in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574, QCA6574AU, QCA6584, QCA8081, QCA9379, QCS404, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, SXR1130
Categories: Security News

CVE-2019-10540

National Vulnerability Database - Mon, 09/30/2019 - 12:15
Buffer overflow in WLAN NAN function due to lack of check of count value received in NAN availability attribute in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8074, MSM8996AU, QCA6174A, QCA6574AU, QCA8081, QCA9377, QCA9379, QCS404, QCS405, QCS605, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SXR1130
Categories: Security News

CVE-2019-16683

National Vulnerability Database - Mon, 09/30/2019 - 12:15
An issue was discovered in the image-manager in Xoops 2.5.10. When the breadcrumb showing the category name is hovered over while editing any image, a JavaScript payload executes.
Categories: Security News

CVE-2019-16684

National Vulnerability Database - Mon, 09/30/2019 - 12:15
An issue was discovered in the image-manager in Xoops 2.5.10. When any image with a JavaScript payload as its name is hovered over in the list or in the Edit page, the payload executes.
Categories: Security News

CVE-2019-16932

National Vulnerability Database - Mon, 09/30/2019 - 12:15
A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data.
Categories: Security News

CVE-2019-2252

National Vulnerability Database - Mon, 09/30/2019 - 12:15
Classic buffer overflow vulnerability while playing the specific video whose Decode picture buffer size is more than 16 in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130
Categories: Security News

CVE-2019-2284

National Vulnerability Database - Mon, 09/30/2019 - 12:15
Possible use-after-free issue due to a race condition while calling camera ioctl concurrently in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, QCS405, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855, SDM439, SDX24
Categories: Security News

Pages