четвъртък, 3 юни 2021 г.

Weekly Digest: a new vulnerability is published on the National Vulnerability Database (30 items)

New vulnerabilities from the NVD: CVE-2020-11276

Possible buffer over read while processing P2P IE and NOA attribute of beacon and probe response frames due to improper validation of P2P IE and NOA attribute lengths in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
Published at: February 22, 2021 at 09:15AM
View on website

February 22, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11275

Possible buffer over-read while parsing quiet IE in Rx beacon frame due to improper check of IE length in received beacon in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
Published at: February 22, 2021 at 09:15AM
View on website

February 22, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11272

Before enqueuing a frame to the PE queue for further processing, an entry in a hash table can be deleted and using a stale version later can lead to use after free condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Published at: February 22, 2021 at 09:15AM
View on website

February 22, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11271

Possible out of bounds while accessing global control elements due to race condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Published at: February 22, 2021 at 09:15AM
View on website

February 22, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11270

Possible denial of service due to RTT responder consistently rejects all FTMR by transmitting FTM1 with failure status in the FTM parameter IE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
Published at: February 22, 2021 at 09:15AM
View on website

February 22, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11269

Possible memory corruption while processing EAPOL frames due to lack of validation of key length before using it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Published at: February 22, 2021 at 09:15AM
View on website

February 22, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11253

Arbitrary memory write issue in video driver while setting the internal buffers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
Published at: February 22, 2021 at 09:15AM
View on website

February 22, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11223

Out of bound in camera driver due to lack of check of validation of array index before copying into array in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
Published at: February 22, 2021 at 09:15AM
View on website

February 22, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11204

Possible memory corruption and information leakage in sub-system due to lack of check for validity and boundary compliance for parameters that are read from shared MSG RAM in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Published at: February 22, 2021 at 09:15AM
View on website

February 22, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11203

Stack overflow may occur if GSM/WCDMA broadcast config size received from user is larger than variable length array in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
Published at: February 22, 2021 at 09:15AM
View on website

February 22, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11198

Key material used for TZ diag buffer encryption and other data related to log buffer is not wiped securely due to improper usage of memset in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
Published at: February 22, 2021 at 09:15AM
View on website

February 22, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11195

Out of bound write and read in TA while processing command from NS side due to improper length check on command and response buffers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
Published at: February 22, 2021 at 09:15AM
View on website

February 22, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11194

Possible out of bound access in TA while processing a command from NS side due to improper length check of response buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
Published at: February 22, 2021 at 09:15AM
View on website

February 22, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11187

Possible memory corruption in BSI module due to improper validation of parameter count in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Mobile
Published at: February 22, 2021 at 09:15AM
View on website

February 22, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11177

User can overwrite Security Code NV item without knowing current SPC due to improper validation of SPC code setting and device lock in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Published at: February 22, 2021 at 09:15AM
View on website

February 22, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11170

Out of bound memory access while playing music playbacks with crafted vorbis content due to improper checks in header extraction in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Published at: February 22, 2021 at 09:15AM
View on website

February 22, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11163

Possible buffer overflow while updating ikev2 parameters due to lack of check of input validation for certain parameters received from the ePDG server in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
Published at: February 22, 2021 at 09:15AM
View on website

February 22, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11147

Use after free issue in audio modules while removing and freeing objects during list iteration due to incorrect usage of macro in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile
Published at: February 22, 2021 at 09:15AM
View on website

February 22, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-3633

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Published at: February 26, 2021 at 12:15AM
View on website

February 26, 2021 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-18947

Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to information disclosure.
Published at: February 26, 2021 at 06:15AM
View on website

February 26, 2021 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-18946

Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to session fixation.
Published at: February 26, 2021 at 06:15AM
View on website

February 26, 2021 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-18945

Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation vulnerability.
Published at: February 26, 2021 at 06:15AM
View on website

February 26, 2021 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-18944

Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS.
Published at: February 26, 2021 at 06:15AM
View on website

February 26, 2021 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-18943

Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing (XXE) on certain operations.
Published at: February 26, 2021 at 06:15AM
View on website

February 26, 2021 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-18942

Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to stored XSS. The application reflects previously stored user input without encoding.
Published at: February 26, 2021 at 06:15AM
View on website

February 26, 2021 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-11684

Improper Access Control in the RCP+ server of the Bosch Video Recording Manager (VRM) component allows arbitrary and unauthenticated access to a limited subset of certificates, stored in the underlying Microsoft Windows operating system. The fixed versions implement modified authentication checks. Prior releases of VRM software version 3.70 are considered unaffected. This vulnerability affects VRM v3.70.x, v3.71 < v3.71.0034 and v3.81 < 3.81.0050; DIVAR IP 5000 3.80 < 3.80.0039; BVMS all versions using VRM.
Published at: February 26, 2021 at 06:15PM
View on website

February 26, 2021 at 08:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-25023

An issue was discovered in Scytl sVote 2.1. Because the IP address from an X-Forwarded-For header (which can be manipulated client-side) is used for the internal application logs, an attacker can inject wrong IP addresses into these logs.
Published at: February 27, 2021 at 07:15AM
View on website

February 27, 2021 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-25022

An issue was discovered in Scytl sVote 2.1. An attacker can inject code that gets executed by creating an election-event and injecting a payload over an event alias, because the application calls Runtime.getRuntime().exec() without validation.
Published at: February 27, 2021 at 07:15AM
View on website

February 27, 2021 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-25021

An issue was discovered in Scytl sVote 2.1. Due to the implementation of the database manager, an attacker can access the OrientDB by providing admin as the admin password. A different password cannot be set because of the implementation in code.
Published at: February 27, 2021 at 07:15AM
View on website

February 27, 2021 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-25020

An issue was discovered in Scytl sVote 2.1. Because the sdm-ws-rest API does not require authentication, an attacker can retrieve the administrative configuration by sending a POST request to the /sdm-ws-rest/preconfiguration URI.
Published at: February 27, 2021 at 07:15AM
View on website

February 27, 2021 at 08:36AM

via National Vulnerability Database


Няма коментари:

Публикуване на коментар