New vulnerabilities from the NVD: CVE-2018-13990 | | The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior to 1.35 is vulnerable to brute-force attacks, because of Improper Restriction of Excessive Authentication Attempts. Published at: May 06, 2019 at 10:29PM View on website May 07, 2019 at 01:27AM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2018-13983 | | ImpressCMS 1.3.10 has XSS via the PATH_INFO to htdocs/install/index.php, htdocs/install/page_langselect.php, or htdocs/install/page_modcheck.php. Published at: May 06, 2019 at 10:29PM View on website May 07, 2019 at 01:27AM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2017-18279 | | Lack of check of buffer length before copying can lead to buffer overflow in camera module in Small Cell SoC, Snapdragon Mobile, Snapdragon Wear in FSM9055, FSM9955, IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA9531, QCA9558, QCA9563, QCA9880, QCA9886, QCA9980, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 835, SDM630, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016. Published at: May 07, 2019 at 02:29AM View on website May 07, 2019 at 05:27AM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2017-18278 | | An integer underflow may occur due to lack of check when received data length from font_mgr_qsee_request_service is bigger than the minimal value of the segment header, which may result in a buffer overflow, in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850. Published at: May 07, 2019 at 02:29AM View on website May 07, 2019 at 05:27AM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2017-18276 | | Secure camera logic allows display/secure camera controllers to access HLOS memory during secure display or camera session in Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850 Published at: May 07, 2019 at 02:29AM View on website May 07, 2019 at 05:27AM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2017-18275 | | A new account can be inserted into simContacts service using Android command line tool in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845. Published at: May 07, 2019 at 02:29AM View on website May 07, 2019 at 05:27AM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2017-18274 | | While iterating through the models contained in a fixed-size array in the actData structure, which also stores an incorrect number of models that is greater than the size of the array, a buffer overflow occurs in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835 Published at: May 07, 2019 at 02:29AM View on website May 07, 2019 at 05:27AM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2017-18173 | | In case of using an invalid android verified boot signature with very large length, an integer underflow occurs in Snapdragon Mobile in SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 810, SD 820, SD 835, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016. Published at: May 07, 2019 at 02:29AM View on website May 07, 2019 at 05:27AM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2017-18157 | | A Use After Free Condition can occur in Thermal Engine in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDX20. Published at: May 07, 2019 at 02:29AM View on website May 07, 2019 at 05:27AM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2017-18156 | | While processing camera buffers in camera driver, a use after free condition can occur in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 625, SD 820, SD 820A, SD 835, SDX20. Published at: May 07, 2019 at 02:29AM View on website May 07, 2019 at 05:27AM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2017-18131 | | In QTEE, an incorrect fuse value can be blown in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 820, SD 820A, SD 835, SD 845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016. Published at: May 07, 2019 at 02:29AM View on website May 07, 2019 at 05:27AM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2017-15841 | | When HOST sends a Special command ID packet, Controller triggers a RAM Dump and FW reset in Snapdragon Mobile in version SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, Snapdragon_High_Med_2016. Published at: May 07, 2019 at 02:29AM View on website May 07, 2019 at 05:27AM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2018-14485 | | | New vulnerabilities from the NVD: CVE-2018-14478 (coppermine_photo_gallery) | | ecard.php in Coppermine Photo Gallery (CPG) 1.5.46 has XSS via the sender_name, recipient_email, greetings, or recipient_name parameter. Published at: May 07, 2019 at 09:29PM View on website May 08, 2019 at 01:27AM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2018-13994 | | The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections. Published at: May 07, 2019 at 09:29PM View on website May 08, 2019 at 01:27AM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2018-13993 | | The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is prone to CSRF. Published at: May 07, 2019 at 09:29PM View on website May 08, 2019 at 01:27AM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2018-13992 | | The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 allows for plaintext transmission (HTTP) of user credentials by default. Published at: May 07, 2019 at 09:29PM View on website May 08, 2019 at 01:27AM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2018-13991 | | The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 leaks private information in firmware images. Published at: May 07, 2019 at 09:29PM View on website May 08, 2019 at 01:27AM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2017-12788 | | Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in Metinfo 5.3.18 allows remote attackers to inject arbitrary web script or HTML via the (1) class1 parameter or the (2) anyid parameter. Published at: May 09, 2019 at 06:29PM View on website May 09, 2019 at 08:19PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2017-12839 | | A heap-based buffer over-read in the getbits function in src/libmpg123/getbits.h in mpg123 through 1.25.5 allows remote attackers to cause a possible denial-of-service (out-of-bounds read) or possibly have unspecified other impact via a crafted mp3 file. Published at: May 09, 2019 at 08:29PM View on website May 09, 2019 at 10:19PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2017-12806 | | In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which allows attackers to cause a denial of service. Published at: May 09, 2019 at 07:29PM View on website May 09, 2019 at 10:19PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2017-12805 | | In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which allows attackers to cause a denial of service. Published at: May 09, 2019 at 07:29PM View on website May 09, 2019 at 10:19PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2017-12804 (imageworsener) | | The iwgif_init_screen function in imagew-gif.c:510 in ImageWorsener 1.3.2 allows remote attackers to cause a denial of service (hmemory exhaustion) via a crafted file. Published at: May 09, 2019 at 07:29PM View on website May 09, 2019 at 10:19PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2017-12790 | | Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The impact is: Information Disclosure (remote). The component is: admin/index.php. The attack vector is: The administrator clicks on the malicious link in the login state. Published at: May 09, 2019 at 08:29PM View on website May 09, 2019 at 10:19PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2017-12778 | | The UI Lock feature in qBittorrent version 3.3.15 is vulnerable to Authentication Bypass, which allows Attack to gain unauthorized access to qBittorrent functions by tampering the affected flag value of the config file at the C:\Users\<username>\Roaming\qBittorrent pathname. The attacker must change the value of the "locked" attribute to "false" within the "Locking" stanza. Published at: May 09, 2019 at 08:29PM View on website May 09, 2019 at 10:19PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2017-12761 | | | New vulnerabilities from the NVD: CVE-2017-12760 | | | New vulnerabilities from the NVD: CVE-2017-12759 | | | New vulnerabilities from the NVD: CVE-2017-12758 (component_appointment) | | | New vulnerabilities from the NVD: CVE-2017-12757 | | Certain Ambit Technologies Pvt. Ltd products are affected by: SQL Injection. This affects iTech B2B Script 4.42i and Tech Business Networking Script 8.26i and Tech Caregiver Script 2.71i and Tech Classifieds Script 7.41i and Tech Dating Script 3.40i and Tech Freelancer Script 5.27i and Tech Image Sharing Script 4.13i and Tech Job Script 9.27i and Tech Movie Script 7.51i and Tech Multi Vendor Script 6.63i and Tech Social Networking Script 3.08i and Tech Travel Script 9.49. The impact is: Code execution (remote). Published at: May 09, 2019 at 09:29PM View on website May 10, 2019 at 12:19AM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2016-1600 | | The ServiceNow driver in NetIQ Identity Manager versions prior to 4.6 are susceptible to an information disclosure vulnerability. Published at: May 10, 2019 at 12:29AM View on website May 10, 2019 at 02:19AM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2017-12885 | | OX Software GmbH App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS). Published at: May 10, 2019 at 06:29PM View on website May 10, 2019 at 08:18PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2017-12795 | | OpenMRS openmrs-module-htmlformentry 3.3.2 is affected by: (Improper Input Validation). Published at: May 10, 2019 at 06:29PM View on website May 10, 2019 at 08:18PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2017-12789 | | Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The impact is: Information Disclosure (remote). The component is: admin/interface/online/delete.php. The attack vector is: The administrator clicks on the malicious link in the login state. Published at: May 10, 2019 at 06:29PM View on website May 10, 2019 at 08:18PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2015-1006 | | A vulnerable file in Opto 22 PAC Project Professional versions prior to R9.4006, PAC Project Basic versions prior to R9.4006, PAC Display Basic versions prior to R9.4f, PAC Display Professional versions prior to R9.4f, OptoOPCServer versions prior to R9.4c, and OptoDataLink version R9.4d and prior versions that were installed by PAC Project installer, versions prior to R9.4006, is susceptible to a heap-based buffer overflow condition that may allow remote code execution on the target system. Opto 22 suggests upgrading to the new product version as soon as possible. Published at: May 10, 2019 at 05:29PM View on website May 10, 2019 at 08:18PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2017-12884 | | OX Software GmbH App Suite 7.8.4 and earlier is affected by: Information Exposure. Published at: May 10, 2019 at 07:29PM View on website May 10, 2019 at 10:19PM via National Vulnerability Database | | Manage this Applet | |
| |
Няма коментари:
Публикуване на коментар