New vulnerabilities from the NVD: CVE-2002-0390 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-0639. Reason: This candidate is a reservation duplicate of CVE-2002-0639. Notes: All CVE users should reference CVE-2002-0639 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Published at: July 21, 2019 at 06:15PM View on website July 21, 2019 at 07:34PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2018-2024 | | IBM QRadar SIEM 7.2 and 7.3 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 155350. Published at: July 22, 2019 at 05:15PM View on website July 22, 2019 at 07:52PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2018-13927 | | Debug policy with invalid signature can be loaded when the debug policy functionality is disabled by using the parallel image loading in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCS404, QCS605, SD 410/12, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SXR1130 Published at: July 22, 2019 at 05:15PM View on website July 22, 2019 at 07:52PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2018-13924 | | Lack of check to prevent the buffer length taking negative values can lead to stack overflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA6174A, QCA8081, QCS404, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130 Published at: July 22, 2019 at 05:15PM View on website July 22, 2019 at 07:52PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2018-13896 | | XBL_SEC image authentication and other crypto related validations are accessible to a compromised OEM XBL Loader due to missing lock at XBL_SEC stage.. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCS404, QCS605, Qualcomm 215, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 Published at: July 22, 2019 at 05:15PM View on website July 22, 2019 at 07:52PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2018-18669 | | GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board title contents" parameter, aka the adm/board_form_update.php bo_subject parameter. Published at: July 23, 2019 at 06:15PM View on website July 23, 2019 at 07:52PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2018-18676 | | GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "mobile board tail contents" parameter, aka the adm/board_form_update.php bo_mobile_content_tail parameter. Published at: July 23, 2019 at 08:15PM View on website July 23, 2019 at 09:52PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2018-18675 | | GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "mobile board title contents" parameter, aka the adm/board_form_update.php bo_mobile_subject parameter. Published at: July 23, 2019 at 08:15PM View on website July 23, 2019 at 09:52PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2018-18673 | | GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "Menu Link" parameter, aka the adm/menu_list_update.php me_link parameter. Published at: July 23, 2019 at 07:15PM View on website July 23, 2019 at 09:52PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2018-18672 | | GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board head contents" parameter, aka the adm/board_form_update.php bo_content_head parameter. Published at: July 23, 2019 at 08:15PM View on website July 23, 2019 at 09:52PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2018-18671 | | GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "mobile board head contents" parameter, aka the adm/board_form_update.php bo_mobile_content_head parameter. Published at: July 23, 2019 at 07:15PM View on website July 23, 2019 at 09:52PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2018-18670 | | GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "Extra Contents" parameter, aka the adm/config_form_update.php cf_1~10 parameter. Published at: July 23, 2019 at 08:15PM View on website July 23, 2019 at 09:52PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2018-13897 | | Clients hostname gets added to DNS record on device which is running dnsmasq resulting in an information exposure in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 855, SDA660, SDM630, SDM660 Published at: July 25, 2019 at 08:15PM View on website July 25, 2019 at 10:49PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2019-0202 | | The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versions 0.9.1-incubating to 1.2.2, it is possible to read files off the host's file system that were not intended to be accessible via these endpoints. Published at: July 26, 2019 at 03:15AM View on website July 26, 2019 at 08:49AM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2018-11779 | | In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class. Published at: July 26, 2019 at 03:15AM View on website July 26, 2019 at 08:49AM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2018-20856 | | An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled. Published at: July 26, 2019 at 08:15AM View on website July 26, 2019 at 02:49PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2018-20855 | | An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace. Published at: July 26, 2019 at 08:15AM View on website July 26, 2019 at 02:49PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2018-20854 | | An issue was discovered in the Linux kernel before 4.20. drivers/phy/mscc/phy-ocelot-serdes.c has an off-by-one error with a resultant ctrl->phys out-of-bounds read. Published at: July 26, 2019 at 08:15AM View on website July 26, 2019 at 02:49PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2018-20857 | | Zendesk Samlr before 2.6.2 allows an XML nodes comment attack such as a name_id node with user@example.com followed by <!---->. and then the attacker's domain name. Published at: July 26, 2019 at 03:15PM View on website July 26, 2019 at 06:49PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2018-17210 (central_print_services) | | An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. The core components that create and launch a print job do not perform complete verification of the session cookie that is supplied to them. As a result, an attacker with guest/pseudo-guest level permissions can bypass the session checks (that would otherwise logout a low-privileged user) by calling the core print job components directly via crafted HTTP GET and POST requests. Published at: July 20, 2019 at 03:15AM View on website July 26, 2019 at 08:49PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2017-18379 | | In the Linux kernel before 4.14, an out of boundary access happened in drivers/nvme/target/fc.c. Published at: July 28, 2019 at 01:15AM View on website July 28, 2019 at 04:49AM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2016-10764 | | In the Linux kernel before 4.9.6, there is an off by one in the drivers/mtd/spi-nor/cadence-quadspi.c cqspi_setup_flash() function. There are CQSPI_MAX_CHIPSELECT elements in the ->f_pdata array so the ">" should be ">=" instead. Published at: July 28, 2019 at 01:15AM View on website July 28, 2019 at 04:49AM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2015-9289 | | In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values such as 23. Published at: July 28, 2019 at 01:15AM View on website July 28, 2019 at 04:49AM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2012-6712 | | In the Linux kernel before 3.4, a buffer overflow occurs in drivers/net/wireless/iwlwifi/iwl-agn-sta.c, which will cause at least memory corruption. Published at: July 28, 2019 at 01:15AM View on website July 28, 2019 at 04:49AM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2011-5327 | | In the Linux kernel before 3.1, an off by one in the drivers/target/loopback/tcm_loop.c tcm_loop_make_naa_tpg() function could result in at least memory corruption. Published at: July 28, 2019 at 01:15AM View on website July 28, 2019 at 04:49AM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2010-5332 | | In the Linux kernel before 2.6.37, an out of bounds array access happened in drivers/net/mlx4/port.c. When searching for a free entry in either mlx4_register_vlan() or mlx4_register_mac(), and there is no free entry, the loop terminates without updating the local variable free thus causing out of array bounds access. Published at: July 28, 2019 at 01:15AM View on website July 28, 2019 at 04:49AM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2010-5331 | | In the Linux kernel before 2.6.34, a range check issue in drivers/gpu/drm/radeon/atombios.c could cause an off by one (buffer overflow) problem. Published at: July 28, 2019 at 01:15AM View on website July 28, 2019 at 04:49AM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2007-6762 | | In the Linux kernel before 2.6.20, there is an off-by-one bug in net/netlabel/netlabel_cipso_v4.c where it is possible to overflow the doi_def->tags[] array. Published at: July 28, 2019 at 01:15AM View on website July 28, 2019 at 04:49AM via National Vulnerability Database |
| | |
Няма коментари:
Публикуване на коментар