понеделник, 4 май 2020 г.

Weekly Update: a new vulnerability is published on the National Vulnerability Database (106 items)

New vulnerabilities from the NVD: CVE-2018-21058 (android)

An issue was discovered on Samsung mobile devices with N(7.0), O(8.0) (exynos7420 or Exynos 8890/8996 chipsets) software. Cache attacks can occur against the Keymaster AES-GCM implementation because T-Tables are used; the Cryptography Extension (CE) is not used. The Samsung ID is SVE-2018-12761 (September 2018).
Published at: April 08, 2020 at 09:15PM
View on website

April 13, 2020 at 08:59AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-21057 (android)

An issue was discovered on Samsung mobile devices with N(7.x) O(8.x, and P(9.0) (Exynos chipsets) software. There is a stack-based buffer overflow in the Shannon Baseband. The Samsung ID is SVE-2018-12757 (September 2018).
Published at: April 08, 2020 at 09:15PM
View on website

April 13, 2020 at 08:59AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-21056 (android)

An issue was discovered on Samsung mobile devices with O(8.x) software. The Smartwatch displays Secure Folder Notification content. The Samsung ID is SVE-2018-12458 (September 2018).
Published at: April 08, 2020 at 09:15PM
View on website

April 13, 2020 at 08:59AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-21055 (android)

An issue was discovered on Samsung mobile devices with N(7.0) (Qualcomm models using MSM8996 chipsets) software. A device can be rooted with a custom image to execute arbitrary scripts in the INIT context. The Samsung ID is SVE-2018-11940 (September 2018).
Published at: April 08, 2020 at 09:15PM
View on website

April 13, 2020 at 08:59AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-21054 (android)

An issue was discovered on Samsung mobile devices with M(6.0), N(7.x) and O(8.x) except exynos9610/9820 in all Platforms, M(6.0) except MSM8909 SC77xx/9830 exynos3470/5420, N(7.0) except MSM8939, N(7.1) except MSM8996 SDM6xx/M6737T software. There is an integer underflow with a resultant buffer overflow in eCryptFS. The Samsung ID is SVE-2017-11857 (September 2018).
Published at: April 08, 2020 at 09:15PM
View on website

April 13, 2020 at 08:59AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-21053 (android)

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is Clipboard access in the lockscreen state via a physical keyboard. The Samsung ID is SVE-2018-12684 (October 2018).
Published at: April 08, 2020 at 09:15PM
View on website

April 13, 2020 at 08:59AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-21052 (android)

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. There is incorrect usage of shared memory in the vaultkeeper Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2018-12855 (October 2018).
Published at: April 08, 2020 at 09:15PM
View on website

April 13, 2020 at 08:59AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-21051 (android)

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) (Exynos chipsets) software. There is an invalid free in the fingerprint Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2018-12853 (October 2018).
Published at: April 08, 2020 at 09:15PM
View on website

April 13, 2020 at 08:59AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-21050 (android)

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. There is a Buffer overflow in the esecomm Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2018-12852 (October 2018).
Published at: April 08, 2020 at 09:15PM
View on website

April 13, 2020 at 08:59AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-21049 (android)

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. There is an arbitrary memory write in a Trustlet because a secure driver allows access to sensitive APIs. The Samsung ID is SVE-2018-12881 (November 2018).
Published at: April 08, 2020 at 09:15PM
View on website

April 13, 2020 at 08:59AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-21048 (android)

An issue was discovered on Samsung mobile devices with O(8.x) software. There is a Notification leak on a locked device in Standalone Dex mode. The Samsung ID is SVE-2018-12925 (November 2018).
Published at: April 08, 2020 at 09:15PM
View on website

April 13, 2020 at 08:59AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11668 (linux_kernel)

In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.
Published at: April 10, 2020 at 12:15AM
View on website

April 14, 2020 at 08:59AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11647 (wireshark)

In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. This was addressed in epan/dissectors/packet-bacapp.c by limiting the amount of recursion.
Published at: April 11, 2020 at 12:15AM
View on website

April 14, 2020 at 08:59AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11557 (snmpc_online)

An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It includes the username and password values in cleartext within each request's cookie value.
Published at: April 09, 2020 at 04:15PM
View on website

April 14, 2020 at 08:59AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11556 (snmpc_online)

An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. There are multiple persistent (stored) and reflected XSS vulnerabilities.
Published at: April 09, 2020 at 04:15PM
View on website

April 14, 2020 at 08:59AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11555 (snmpc_online)

An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It allows remote attackers to obtain sensitive credential information from backup files.
Published at: April 09, 2020 at 04:15PM
View on website

April 14, 2020 at 08:59AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11554 (snmpc_online)

An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It allows remote attackers to obtain sensitive information via info.php4.
Published at: April 09, 2020 at 04:15PM
View on website

April 14, 2020 at 08:59AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-11480

The pc-kernel snap build process hardcoded the --allow-insecure-repositories and --allow-unauthenticated apt options when creating the build chroot environment. This could allow an attacker who is able to perform a MITM attack between the build environment and the Ubuntu archive to install a malicious package within the build chroot. This issue affects pc-kernel versions prior to and including 2019-07-16
Published at: April 14, 2020 at 05:15AM
View on website

April 14, 2020 at 08:59AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10383

An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated remote code execution in the com_mb24sysapi module.
Published at: April 14, 2020 at 08:15PM
View on website

April 14, 2020 at 10:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10382

An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an authenticated remote code execution in the backup-scheduler.
Published at: April 14, 2020 at 08:15PM
View on website

April 14, 2020 at 10:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10381

An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated SQL injection in DATA24, allowing attackers to discover database and table names.
Published at: April 14, 2020 at 08:15PM
View on website

April 14, 2020 at 10:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-16879

The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has a Missing Authentication for Critical Function (CWE-306) vulnerability. The affected product does not require authentication for TELNET access, which may allow an attacker to change configuration or perform other malicious activities.
Published at: April 14, 2020 at 08:15PM
View on website

April 14, 2020 at 10:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10384 (mbconnect24, mymbconnect24)

An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is a local privilege escalation from the www-data account to the root account.
Published at: April 14, 2020 at 09:15PM
View on website

April 15, 2020 at 12:25AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-18822

A privilege escalation vulnerability in ZOOM Call Recording 6.3.1 allows its user account (i.e., the account under which the program runs - by default, the callrec account) to elevate privileges to root by abusing the callrec-rs@.service. The callrec-rs@.service starts the /opt/callrec/bin/rs binary with root privileges, and this binary is owned by callrec. It can be replaced by a Trojan horse.
Published at: April 14, 2020 at 09:15PM
View on website

April 15, 2020 at 12:25AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-14326

An issue was discovered in AndyOS Andy versions up to 46.11.113. By default, it starts telnet and ssh (ports 22 and 23) with root privileges in the emulated Android system. This can be exploited by remote attackers to gain full access to the device, or by malicious apps installed inside the emulator to perform privilege escalation from a normal user to root (unlike with standard methods of getting root privileges on Android - e.g., the SuperSu program - the user is not asked for consent). There is no authentication performed - access to a root shell is given upon a successful connection. NOTE: although this was originally published with a slightly different CVE ID number, the correct ID for this Andy vulnerability has always been CVE-2019-14326.
Published at: April 14, 2020 at 10:15PM
View on website

April 15, 2020 at 12:25AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-6402

Ecobee Ecobee4 4.2.0.171 devices can be forced to deauthenticate and connect to an unencrypted Wi-Fi network with the same SSID, even if the device settings specify use of encryption such as WPA2, as long as the competing network has a stronger signal. An attacker must be able to set up a nearby SSID, similar to an "Evil Twin" attack.
Published at: April 14, 2020 at 10:15PM
View on website

April 15, 2020 at 12:25AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-19301

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions), SIMATIC CP 443-1 (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variants) (All versions), SIMATIC RF180C (All versions), SIMATIC RF182C (All versions). The VxWorks-based Profinet TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service.
Published at: April 14, 2020 at 11:15PM
View on website

April 15, 2020 at 02:25AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-19300

A vulnerability has been identified in KTK ATE530S (All versions), SIDOOR ATD430W (All versions), SIDOOR ATE530S COATED (All versions), SIDOOR ATE531S (All versions), SIMATIC ET 200SP Interfacemodul IM 155-6 MF HF (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions < V2.0), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.0), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC MICRO-DRIVE PDC (All versions), SIMATIC PN/PN Coupler (incl. SIPLUS NET variants) (All versions >= V4.2), SIMATIC S7-1500 CPU family (incl. relate d ET200 CPUs and SIPLUS variants) (All versions < V2.0), SIMATIC S7-1500 Software Controller (All versions < V2.0), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions), SIMATIC TDC CP51M1 (All versions), SIMATIC TDC CPU555 (All versions), SIMATIC WinAC RTX (F) 2010 (All versions), SINAMICS S/G Control Unit w. PROFINET (All versions). The Interniche-based TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service.
Published at: April 14, 2020 at 11:15PM
View on website

April 15, 2020 at 02:25AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-10939

A vulnerability has been identified in TIM 3V-IE (incl. SIPLUS NET variants) (All versions < V2.8), TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions < V2.8), TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.3), TIM 4R-IE (incl. SIPLUS NET variants) (All versions < V2.8), TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.3). The affected versions contain an open debug port that is available under certain specific conditions. The vulnerability is only available if the IP address is configured to 192.168.1.2. If available, the debug port could be exploited by an attacker with network access to the device. No user interaction is required to exploit this vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the affected device. At the stage of publishing this security advisory no public exploitation is known.
Published at: April 14, 2020 at 11:15PM
View on website

April 15, 2020 at 02:25AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10514

iCatch DVR do not validate function parameter properly, resulting attackers executing arbitrary command.
Published at: April 15, 2020 at 10:15AM
View on website

April 15, 2020 at 02:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10513

The file management interface of iCatch DVR contains broken access control which allows the attacker to remotely manipulate arbitrary file.
Published at: April 15, 2020 at 10:15AM
View on website

April 15, 2020 at 02:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10512

HGiga C&Cmail contains a SQL Injection vulnerability which allows attackers to injecting SQL commands in the URL parameter to execute unauthorized commands.
Published at: April 15, 2020 at 10:15AM
View on website

April 15, 2020 at 02:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10511

HGiga C&Cmail contains insecure configurations. Attackers can exploit these flaws to access unauthorized functionality via a crafted URL.
Published at: April 15, 2020 at 10:15AM
View on website

April 15, 2020 at 02:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10507

The School Manage System, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of misconfigured file upload filter. Attackers can upload any format of file to the system.
Published at: April 15, 2020 at 10:15AM
View on website

April 15, 2020 at 02:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10506

The School Manage System, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Path Traversal, allowing attackers to access arbitrary files.
Published at: April 15, 2020 at 10:15AM
View on website

April 15, 2020 at 02:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10505

The School Manage System, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of SQL Injection, allowing attackers to inject SQL commands into the URL.
Published at: April 15, 2020 at 10:15AM
View on website

April 15, 2020 at 02:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-0906

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0979.
Published at: April 15, 2020 at 06:15PM
View on website

April 15, 2020 at 08:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-0900

An elevation of privilege vulnerability exists when the Visual Studio Extension Installer Service improperly handles file operations, aka 'Visual Studio Extension Installer Service Elevation of Privilege Vulnerability'.
Published at: April 15, 2020 at 06:15PM
View on website

April 15, 2020 at 08:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-0899

An elevation of privilege vulnerability exists when Microsoft Visual Studio updater service improperly handles file permissions, aka 'Microsoft Visual Studio Elevation of Privilege Vulnerability'.
Published at: April 15, 2020 at 06:15PM
View on website

April 15, 2020 at 08:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-0895

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'.
Published at: April 15, 2020 at 06:15PM
View on website

April 15, 2020 at 08:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-0889

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008.
Published at: April 15, 2020 at 06:15PM
View on website

April 15, 2020 at 08:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-0888

An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0784.
Published at: April 15, 2020 at 06:15PM
View on website

April 15, 2020 at 08:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-0835

An elevation of privilege vulnerability exists when Windows Defender antimalware platform improperly handles hard links, aka 'Windows Defender Antimalware Platform Hard Link Elevation of Privilege Vulnerability'.
Published at: April 15, 2020 at 06:15PM
View on website

April 15, 2020 at 08:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-0821

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1007.
Published at: April 15, 2020 at 06:15PM
View on website

April 15, 2020 at 08:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-0794

A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'.
Published at: April 15, 2020 at 06:15PM
View on website

April 15, 2020 at 08:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-0784

An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0888.
Published at: April 15, 2020 at 06:15PM
View on website

April 15, 2020 at 08:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-0760

A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991.
Published at: April 15, 2020 at 06:15PM
View on website

April 15, 2020 at 08:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-0699

An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0962.
Published at: April 15, 2020 at 06:15PM
View on website

April 15, 2020 at 08:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-0687

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'.
Published at: April 15, 2020 at 06:15PM
View on website

April 15, 2020 at 08:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-2880

Vulnerability in the Oracle Retail Store Inventory Management product of Oracle Retail Applications (component: Security). The supported version that is affected is 16.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Store Inventory Management. Successful attacks of this vulnerability can result in takeover of Oracle Retail Store Inventory Management. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Published at: April 15, 2020 at 05:15PM
View on website

April 15, 2020 at 08:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-20767

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.60, D3600 before 1.0.0.75, D6000 before 1.0.0.75, R9000 before 1.0.4.26, R8900 before 1.0.4.26, R7800 before 1.0.2.52, WNDR4500v3 before 1.0.0.58, WNDR4300v2 before 1.0.0.58, WNDR4300 before 1.0.2.104, WNDR3700v4 before 1.0.2.102, and WNR2000v5 before 1.0.0.66.
Published at: April 15, 2020 at 05:15PM
View on website

April 15, 2020 at 08:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-19500

Matrix42 Workspace Management 9.1.2.2765 allows stored XSS via unfiltered description parameters, as demonstrated by the comment field of a special order for individual software.
Published at: April 15, 2020 at 05:15PM
View on website

April 15, 2020 at 08:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-0600

Improper buffer restrictions in firmware for some Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access.
Published at: April 15, 2020 at 08:15PM
View on website

April 15, 2020 at 10:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-0598

Uncontrolled search path in the installer for the Intel(R) Binary Configuration Tool for Windows, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.
Published at: April 15, 2020 at 08:15PM
View on website

April 15, 2020 at 10:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-0578

Improper conditions check for Intel(R) Modular Server MFS2600KISPP Compute Module may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
Published at: April 15, 2020 at 08:15PM
View on website

April 15, 2020 at 10:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-0577

Insufficient control flow for Intel(R) Modular Server MFS2600KISPP Compute Module may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
Published at: April 15, 2020 at 08:15PM
View on website

April 15, 2020 at 10:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-0576

Buffer overflow in Intel(R) Modular Server MFS2600KISPP Compute Module may allow an unauthenticated user to potentially enable denial of service via adjacent access.
Published at: April 15, 2020 at 08:15PM
View on website

April 15, 2020 at 10:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-0568

Race condition in the Intel(R) Driver and Support Assistant before version 20.1.5 may allow an authenticated user to potentially enable denial of service via local access.
Published at: April 15, 2020 at 08:15PM
View on website

April 15, 2020 at 10:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-0558

Improper buffer restrictions in kernel mode driver for Intel(R) PROSet/Wireless WiFi products before version 21.70 on Windows 10 may allow an unprivileged user to potentially enable denial of service via adjacent access.
Published at: April 15, 2020 at 08:15PM
View on website

April 15, 2020 at 10:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-0557

Insecure inherited permissions in Intel(R) PROSet/Wireless WiFi products before version 21.70 on Windows 10 may allow an authenticated user to potentially enable escalation of privilege via local access.
Published at: April 15, 2020 at 08:15PM
View on website

April 15, 2020 at 10:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-0547

Incorrect default permissions in the installer for Intel(R) Data Migration Software versions 3.3 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.
Published at: April 15, 2020 at 08:15PM
View on website

April 15, 2020 at 10:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-4654

IBM QRadar 7.3.0 to 7.3.3 Patch 2 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-ForceID: 170965.
Published at: April 15, 2020 at 07:15PM
View on website

April 15, 2020 at 10:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-4594

IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-ForceID: 167810.
Published at: April 15, 2020 at 07:15PM
View on website

April 15, 2020 at 10:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-4593

IBM QRadar 7.3.0 to 7.3.3 Patch 2 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-ForceID: 167743.
Published at: April 15, 2020 at 07:15PM
View on website

April 15, 2020 at 10:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-19390

The Search parameter of the Software Catalogue section of Matrix42 Workspace Management 9.1.2.2765 and below accepts unfiltered parameters that lead to multiple reflected XSS issues.
Published at: April 15, 2020 at 08:15PM
View on website

April 15, 2020 at 10:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-20648

NETGEAR RN42400 devices before 6.10.2 are affected by incorrect configuration of security settings.
Published at: April 15, 2020 at 09:15PM
View on website

April 16, 2020 at 12:25AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-20647

NETGEAR RAX40 devices before 1.0.3.64 are affected by denial of service.
Published at: April 15, 2020 at 09:15PM
View on website

April 16, 2020 at 12:25AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-20646

NETGEAR RAX40 devices before 1.0.3.64 are affected by disclosure of administrative credentials.
Published at: April 15, 2020 at 09:15PM
View on website

April 16, 2020 at 12:25AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-20645

NETGEAR RAX40 devices before 1.0.3.62 are affected by stored XSS.
Published at: April 15, 2020 at 09:15PM
View on website

April 16, 2020 at 12:25AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-20644

NETGEAR RAX40 devices before 1.0.3.62 are affected by stored XSS.
Published at: April 15, 2020 at 09:15PM
View on website

April 16, 2020 at 12:25AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-20643

NETGEAR RAX40 devices before 1.0.3.64 are affected by disclosure of sensitive information.
Published at: April 15, 2020 at 09:15PM
View on website

April 16, 2020 at 12:25AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-20642

NETGEAR RAX40 devices before 1.0.3.64 are affected by authentication bypass.
Published at: April 15, 2020 at 09:15PM
View on website

April 16, 2020 at 12:25AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-20641

NETGEAR RAX40 devices before 1.0.3.64 are affected by lack of access control at the function level.
Published at: April 15, 2020 at 09:15PM
View on website

April 16, 2020 at 12:25AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-20640

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.32, D7000 before 1.0.1.68, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.18, R6080 before 1.0.0.38, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.40, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, WNR2020 before 1.1.0.62, and XR500 before 2.3.2.32.
Published at: April 15, 2020 at 09:15PM
View on website

April 16, 2020 at 12:25AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-20639

Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.
Published at: April 15, 2020 at 09:15PM
View on website

April 16, 2020 at 12:25AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-20638

NETGEAR MR1100 devices before 12.06.08.00 are affected by disclosure of administrative credentials.
Published at: April 15, 2020 at 09:15PM
View on website

April 16, 2020 at 12:25AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-12524

An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is implemented via url_regex. The handler for url_regex rules URL decodes an incoming request. This allows an attacker to encode their URL to bypass the url_regex check, and gain access to the blocked resource.
Published at: April 15, 2020 at 10:15PM
View on website

April 16, 2020 at 12:25AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-12522

An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child process to escalate their privileges back to root.
Published at: April 15, 2020 at 10:15PM
View on website

April 16, 2020 at 12:25AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-12521

An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing.
Published at: April 15, 2020 at 10:15PM
View on website

April 16, 2020 at 12:25AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-12520

An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The absolute URL can include the decoded UserInfo (username and password) for certain protocols. This decoded info is prepended to the domain. This allows an attacker to provide a username that has special characters to delimit the domain, and treat the rest of the URL as a path or query string. An attacker could first make a request to their domain using an encoded username, then when a request for the target domain comes in that decodes to the exact URL, it will serve the attacker's HTML instead of the real HTML. On Squid servers that also act as reverse proxies, this allows an attacker to gain access to features that only reverse proxies can use, such as ESI.
Published at: April 15, 2020 at 11:15PM
View on website

April 16, 2020 at 02:25AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-12519

An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won't overflow.
Published at: April 15, 2020 at 11:15PM
View on website

April 16, 2020 at 02:25AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-14009

Out of bound memory access while processing TZ command handler due to improper input validation on response length received from user in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8098, MDM9150, MDM9607, MDM9650, MSM8905, MSM8909, MSM8998, SDA660, SDA845, SDM630, SDM636, SDM660, SDM845, SDM850, SXR2130
Published at: April 16, 2020 at 02:15PM
View on website

April 16, 2020 at 04:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-14007

Due to the use of non-time-constant comparison functions there is issue in timing side channels which can be used as a potential side channel for SUI corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS404, QCS405, QCS605, QM215, Rennell, SA6155P, SC7180, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130, SXR2130
Published at: April 16, 2020 at 02:15PM
View on website

April 16, 2020 at 04:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-14001

Wrong public key usage from existing oem_keystore for hash generation in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996AU, QM215, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDX20
Published at: April 16, 2020 at 02:15PM
View on website

April 16, 2020 at 04:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-10625

Out of bound access in diag services when DCI command buffer reallocation is not done properly with required capacity in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, QCS605, Rennell, SC8180X, SDM429W, SDM710, SDX55, SM7150, SM8150
Published at: April 16, 2020 at 02:15PM
View on website

April 16, 2020 at 04:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-10624

While handling the vendor command there is an integer truncation issue that could yield a buffer overflow due to int data type copied to u8 data type in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8096AU, MSM8996AU, QCA6574AU, QCN7605, Rennell, SC8180X, SDM710, SDX55, SM7150, SM8150, SM8250, SXR2130
Published at: April 16, 2020 at 02:15PM
View on website

April 16, 2020 at 04:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-10623

Possible integer overflow can happen in host driver while processing user controlled string due to improper validation on data received. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCN7605, QCS605, Rennell, SC8180X, SDA845, SDM710, SDX24, SDX55, SM7150, SM8150, SM8250, SXR2130
Published at: April 16, 2020 at 02:15PM
View on website

April 16, 2020 at 04:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-10622

Out of bound memory access can happen while parsing ADSP message due to lack of check of size of payload received from userspace in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8096AU, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, QCN7605, QCS605, SC8180X, SDM710, SDX24, SDX55, SM8150, SM8250, SXR2130
Published at: April 16, 2020 at 02:15PM
View on website

April 16, 2020 at 04:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-10621

Use after free issue when MAP and UNMAP calls at same time as data structure used my MAP may be freed by UNMAP function in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in Nicobar, QCS405, Rennell, Saipan, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130
Published at: April 16, 2020 at 02:15PM
View on website

April 16, 2020 at 04:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-10620

Kernel memory error in debug module due to improper check of user data length before copying into memory in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8096AU, APQ8098, MSM8996AU, QCN7605, SDM439, SDX24, SM8150
Published at: April 16, 2020 at 02:15PM
View on website

April 16, 2020 at 04:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-10610

Possible buffer over read when trying to process SDP message Video media line with frame-size attribute in video Media line in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130
Published at: April 16, 2020 at 02:15PM
View on website

April 16, 2020 at 04:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-10609

Out of bound write can happen due to lack of check of array index value while calculating it. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130
Published at: April 16, 2020 at 02:15PM
View on website

April 16, 2020 at 04:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-10608

Information disclosure issue occurs as there is no binding between the secure keypad session and the secure display session that allows user to take control of the REE to stop the secure keypad session and read the keypad input. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, MSM8905, MSM8909
Published at: April 16, 2020 at 02:15PM
View on website

April 16, 2020 at 04:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-10589

Lack of length check of response buffer can lead to buffer over-flow while GP command response buffer handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8017, APQ8053, APQ8098, MDM9206, MDM9607, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, QM215, SDA660, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660
Published at: April 16, 2020 at 02:15PM
View on website

April 16, 2020 at 04:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-10588

Copying RTCP messages into the output buffer without checking the destination buffer size which could lead to a remote stack overflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, QCM2150, QCS605, QM215, Rennell, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130
Published at: April 16, 2020 at 02:15PM
View on website

April 16, 2020 at 04:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-10575

Wlan binary which is not signed with OEMs RoT is working on secure device without authentication failure in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in SDA845, SDM845, SDM850
Published at: April 16, 2020 at 02:15PM
View on website

April 16, 2020 at 04:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-10574

Lack of boundary checks for data offsets received from HLOS can lead to out-of-bound read in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8016, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCM2150, QCS605, QM215, Rennell, SC7180, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130, SXR2130
Published at: April 16, 2020 at 02:15PM
View on website

April 16, 2020 at 04:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-10556

Missing length check before copying the data from kernel space to userspace through the copy function can lead to buffer overflow in some cases in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, MSM8909W, MSM8917, MSM8953, Nicobar, QCN7605, QCS405, QCS605, QM215, Rennell, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130
Published at: April 16, 2020 at 02:15PM
View on website

April 16, 2020 at 04:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-10551

String error while processing non standard SIP messages received can lead to buffer overread and then denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130
Published at: April 16, 2020 at 02:15PM
View on website

April 16, 2020 at 04:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-10547

When issuing IOCTL calls to ION, Memory leak can occur due to failure in unassign pages under certain conditions in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, APQ8096AU, APQ8098, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8953, MSM8996AU, Nicobar, QCN7605, QCS605, Rennell, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM710, SDX24, SDX55, SM7150, SM8150, SM8250, SXR2130
Published at: April 16, 2020 at 02:15PM
View on website

April 16, 2020 at 04:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-10523

Target specific data is being sent to remote server and leads to information exposure in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, QCA6574AU, QCS605, Rennell, SDA660, SDM429W, SDM439, SDM450, SDM710, SDM845, SM7150, SM8150, SM8250, SXR2130
Published at: April 16, 2020 at 02:15PM
View on website

April 16, 2020 at 04:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-10483

Side channel issue in QTEE due to usage of non-time-constant comparison function such as memcmp or strcmp in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8016, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, IPQ8074, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA8081, QCS404, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX55, SM6150, SM7150, SM8150, SXR1130, SXR2130
Published at: April 16, 2020 at 02:15PM
View on website

April 16, 2020 at 04:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-11999

Potential security vulnerabilities have been identified in HPE OpenCall Media Platform (OCMP) resulting in remote arbitrary file download and cross site scripting. HPE has made the following updates available to resolve the vulnerability in the impacted versions of OCMP. * For OCMP version 4.4.X - please upgrade to OCMP 4.4.8 and then install RP806 * For OCMP 4.5.x please contact HPE Technical Support to obtain the necessary software updates.
Published at: April 16, 2020 at 10:15PM
View on website

April 17, 2020 at 12:25AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-11285

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Published at: April 17, 2020 at 01:15AM
View on website

April 17, 2020 at 04:25AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-12002

A remote session reuse vulnerability leading to access restriction bypass was discovered in HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage version(s): GL225P001 and earlier; GL225P001 and earlier; VE270R001-01 and earlier; GL225P001 and earlier; VL270R001-01 and earlier; VL270R001-01 and earlier.
Published at: April 17, 2020 at 05:15PM
View on website

April 17, 2020 at 08:25PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-12001

A remote session reuse vulnerability leading to access restriction bypass was discovered in HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage version(s): GL225P001 and earlier; GL225P001 and earlier; VE270R001-01 and earlier; GL225P001 and earlier; VL270R001-01 and earlier; VL270R001-01 and earlier.
Published at: April 17, 2020 at 05:15PM
View on website

April 17, 2020 at 08:25PM

via National Vulnerability Database


Няма коментари:

Публикуване на коментар