Security News

CVE-2018-11899

National Vulnerability Database - Mon, 02/11/2019 - 10:29
While processing radio connection status change events, Radio index is not properly validated in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Voice & Music in versions MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24.
Categories: Security News

CVE-2018-11962

National Vulnerability Database - Mon, 02/11/2019 - 10:29
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Use-after-free issue in heap while loading audio effects config in audio effects factory.
Categories: Security News

CVE-2018-12006

National Vulnerability Database - Mon, 02/11/2019 - 10:29
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Users with no extra privileges can potentially access leaked data due to uninitialized padding present in display function.
Categories: Security News

CVE-2018-12010

National Vulnerability Database - Mon, 02/11/2019 - 10:29
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Absence of length sanity check may lead to possible stack overflow resulting in memory corruption in trustzone region.
Categories: Security News

CVE-2018-12011

National Vulnerability Database - Mon, 02/11/2019 - 10:29
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Uninitialized data for socket address leads to information exposure.
Categories: Security News

CVE-2018-12014

National Vulnerability Database - Mon, 02/11/2019 - 10:29
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Null pointer dereference vulnerability may occur due to missing NULL assignment in NAT module of freed pointer.
Categories: Security News

CVE-2018-12547

National Vulnerability Database - Mon, 02/11/2019 - 10:29
In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code.
Categories: Security News

CVE-2018-12549

National Vulnerability Database - Mon, 02/11/2019 - 10:29
In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it.
Categories: Security News

CVE-2018-13888

National Vulnerability Database - Mon, 02/11/2019 - 10:29
There is potential for memory corruption in the RIL daemon due to de reference of memory outside the allocated array length in RIL in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in versions MDM9206, MDM9607, MDM9635M, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM439, SDM630, SDM660, ZZ_QCS605.
Categories: Security News

CVE-2018-13889

National Vulnerability Database - Mon, 02/11/2019 - 10:29
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Heap memory was accessed after it was freed
Categories: Security News

CVE-2018-13893

National Vulnerability Database - Mon, 02/11/2019 - 10:29
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Out of bound mask range access caused by using possible old value of msg mask table count while copying masks to userspace.
Categories: Security News

CVE-2019-7722

National Vulnerability Database - Mon, 02/11/2019 - 09:29
PMD 5.8.1 and earlier processes XML external entities in ruleset files it parses as part of the analysis process, allowing attackers tampering it (either by direct modification or MITM attacks when using remote rulesets) to perform information disclosure, denial of service, or request forgery attacks. (PMD 6.x is unaffected because of a 2017-09-15 change.)
Categories: Security News

CVE-2019-6975

National Vulnerability Database - Mon, 02/11/2019 - 08:29
Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function.
Categories: Security News

CVE-2018-20587

National Vulnerability Database - Mon, 02/11/2019 - 07:29
Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control. Local users can exploit this to steal currency by binding the RPC IPv4 localhost port, and forwarding requests to the IPv6 localhost port.
Categories: Security News

Vuln: Multiple Siemens SIPROTEC Products ICSA-16-140-02 Information Disclosure Vulnerabilities

SecurityFocus Vulnerabilities - Mon, 02/11/2019 - 00:00
Multiple Siemens SIPROTEC Products ICSA-16-140-02 Information Disclosure Vulnerabilities
Categories: Security News

Vuln: Siemens EN100 Ethernet Communication Module Multiple Denial of Service Vulnerabilities

SecurityFocus Vulnerabilities - Mon, 02/11/2019 - 00:00
Siemens EN100 Ethernet Communication Module Multiple Denial of Service Vulnerabilities
Categories: Security News

Vuln: Django CVE-2019-6975 Denial of Service Vulnerability

SecurityFocus Vulnerabilities - Mon, 02/11/2019 - 00:00
Django CVE-2019-6975 Denial of Service Vulnerability
Categories: Security News

Vuln: IBM API Connect CVE-2019-4008 Information Disclosure Vulnerability

SecurityFocus Vulnerabilities - Mon, 02/11/2019 - 00:00
IBM API Connect CVE-2019-4008 Information Disclosure Vulnerability
Categories: Security News

CVE-2019-7718 (metinfo)

National Vulnerability Database - Sun, 02/10/2019 - 23:29
An issue was discovered in Metinfo 6.x. An attacker can leverage a race condition in the backend database backup function to execute arbitrary PHP code via admin/index.php?n=databack&c=index&a=dogetsql&tables=<?php and admin/databack/bakup_tables.php?2=file_put_contents URIs because app/system/databack/admin/index.class.php creates bakup_tables.php temporarily.
Categories: Security News

CVE-2019-7719 (nibbleblog)

National Vulnerability Database - Sun, 02/10/2019 - 23:29
Nibbleblog 4.0.5 allows eval injection by placing PHP code in the install.php username parameter and then making a content/private/shadow.php request.
Categories: Security News

Pages