Weekly Update: a new vulnerability is published on the National Vulnerability Database (29 items)

New vulnerabilities from the NVD: CVE-2019-10581 NULL is assigned to local instance of audio device pointer after free instead of global static pointer and can lead to use after free issue in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, MDM9206, MDM9207C, MDM9607, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8998, Nicobar, QCS605, Rennell, SA6155P, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 Published at: January 21, 2020 at 09:15AM View on website January 21, 2020 at 01:48PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2019-10579 Buffer over-read can occur while playing the video clip which is not standard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 Published at: January 21, 2020 at 09:15AM View on website January 21, 2020 at 01:48PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2019-10578 Null pointer dereference can occur while parsing the clip which is nonstandard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, Rennell, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 Published at: January 21, 2020 at 09:15AM View on website January 21, 2020 at 01:48PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2019-10561 Improper initialization of local variables which are parameters to sfs api may cause invalid pointer dereference and leads to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9206, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QM215, SDA660, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660 Published at: January 21, 2020 at 09:15AM View on website January 21, 2020 at 01:48PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2019-10558 While transferring data from APPS to DSP, Out of bound in FastRPC HLOS Driver due to the data buffer which can be controlled by DSP in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS605, QM215, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM6150, SM8150, SM8250, SXR1130, SXR2130 Published at: January 21, 2020 at 09:15AM View on website January 21, 2020 at 01:48PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2019-10548 While trying to obtain datad ipc handle during DPL initialization, Heap use-after-free issue can occur if modem SSR occurs at same time in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SXR1130 Published at: January 21, 2020 at 09:15AM View on website January 21, 2020 at 01:48PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2019-10532 Null-pointer dereference issue can occur while calculating string length when source string length is zero in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, Nicobar, QCS605, QM215, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR1130, SXR2130 Published at: January 21, 2020 at 09:15AM View on website January 21, 2020 at 01:48PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2012-5190 Prizm Content Connect 5.1 has an Arbitrary File Upload Vulnerability Published at: January 21, 2020 at 06:15PM View on website January 21, 2020 at 07:56PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2011-5282 mIRC prior to 7.22 has a message leak because chopping of outbound messages is mishandled. Published at: January 21, 2020 at 06:15PM View on website January 21, 2020 at 07:56PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2011-4336 (tikiwiki_cms/groupware) Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to snarf_ajax.php. Published at: January 15, 2020 at 04:15PM View on website January 21, 2020 at 07:56PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2011-4322 websitebaker prior to and including 2.8.1 has an authentication error in backup module. Published at: January 21, 2020 at 05:15PM View on website January 21, 2020 at 07:56PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2011-4095 Jara 1.6 has an XSS vulnerability Published at: January 21, 2020 at 05:15PM View on website January 21, 2020 at 07:56PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2011-4094 Jara 1.6 has a SQL injection vulnerability. Published at: January 21, 2020 at 05:15PM View on website January 21, 2020 at 07:56PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2011-2669 Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of certificates. Published at: January 21, 2020 at 05:15PM View on website January 21, 2020 at 07:56PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2011-2668 Mozilla Firefox through 1.5.0.3 has a vulnerability in processing the content-length header Published at: January 21, 2020 at 05:15PM View on website January 21, 2020 at 07:56PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2005-4891 (simple_machine_forum) Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements. Published at: January 15, 2020 at 07:15PM View on website January 21, 2020 at 09:53PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2011-4943 ImpressPages CMS v1.0.12 has Unspecified Remote Code Execution (fixed in v1.0.13) Published at: January 22, 2020 at 03:15PM View on website January 22, 2020 at 05:54PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2011-3610 A Cross-site Scripting (XSS) vulnerability exists in the Serendipity freetag plugin before 3.30 in the tagcloud parameter to plugins/serendipity_event_freetag/tagcloud.swf. Published at: January 22, 2020 at 06:15PM View on website January 22, 2020 at 07:56PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2011-3595 Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! through 1.7.0 in index.php in the search word, extension, asset, and author parameters. Published at: January 22, 2020 at 06:15PM View on website January 22, 2020 at 07:56PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2011-3582 A Cross-site Request Forgery (CSRF) vulnerability exists in Advanced Electron Forums (AEF) through 1.0.9 due to inadequate confirmation for sensitive transactions in the administrator functions. Published at: January 22, 2020 at 05:15PM View on website January 22, 2020 at 07:56PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2011-3621 A reverse proxy issue exists in FluxBB before 1.4.7 when FORUM_BEHIND_REVERSE_PROXY is enabled. Published at: January 22, 2020 at 08:15PM View on website January 22, 2020 at 09:53PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2011-3614 An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before 2.0.17.9. Published at: January 22, 2020 at 08:15PM View on website January 22, 2020 at 09:53PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2011-3613 An issue exists in Vanilla Forums before 2.0.17.9 due to the way cookies are handled. Published at: January 22, 2020 at 08:15PM View on website January 22, 2020 at 09:53PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2011-3612 Cross-Site Request Forgery (CSRF) vulnerability exists in panel.php in UseBB before 1.0.12. Published at: January 22, 2020 at 08:15PM View on website January 22, 2020 at 09:53PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2011-3611 A File Inclusion vulnerability exists in act parameter to admin.php in UseBB before 1.0.12. Published at: January 22, 2020 at 07:15PM View on website January 22, 2020 at 09:53PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2011-3622 A Cross-Site Scripting (XSS) vulnerability exists in the admin login screen in Phorum before 5.2.18. Published at: January 22, 2020 at 10:15PM View on website January 22, 2020 at 11:54PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2010-3295 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. Published at: January 23, 2020 at 06:15PM View on website January 23, 2020 at 07:56PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2008-7314 mIRC before 6.35 allows attackers to cause a denial of service (crash) via a long nickname. Published at: January 23, 2020 at 05:15PM View on website January 23, 2020 at 07:56PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2007-6758 Server-side request forgery (SSRF) vulnerability in feed-proxy.php in extjs 5.0.0. Published at: January 23, 2020 at 06:15PM View on website January 23, 2020 at 07:56PM via National Vulnerability Database