New vulnerabilities from the NVD: CVE-2019-17026 | | Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1. Published at: March 02, 2020 at 07:15AM View on website March 02, 2020 at 08:46AM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2018-17058 | | An issue was discovered in JABA XPress Online Shop through 2018-09-14. It contains an arbitrary file upload vulnerability in the picture-upload feature of ProductEdit.aspx. An authenticated attacker may bypass the frontend filename validation and upload an arbitrary file via FileUploader.aspx.cs in FileUploader.aspx by using empty w and h parameters. This file may contain arbitrary aspx code that may be executed by accessing /Jec/ProductImages/<number>/<filename>. Accessing the file once uploaded does not require authentication. Published at: March 02, 2020 at 04:15PM View on website March 02, 2020 at 05:46PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2019-12183 | | Incorrect Access Control in Safescan Timemoto TM-616 and TA-8000 series allows remote attackers to read any file via the administrative API. Published at: March 02, 2020 at 06:15PM View on website March 02, 2020 at 07:46PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2017-12580 | | An issue was discovered in IDM UltraEdit through 24.10.0.32. To exploit the vulnerability, on unpatched Windows systems, an attacker could include in the same directory as the affected executable a DLL using the name of a Windows DLL. This DLL must be preloaded by the executable (for example, "ntmarta.dll"). When the installer EXE is executed by the user, the DLL located in the EXE's current directory will be loaded instead of the Windows DLL, allowing the attacker to run arbitrary code on the affected system. Published at: March 02, 2020 at 06:15PM View on website March 02, 2020 at 07:46PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2015-1583 | | Multiple cross-site request forgery (CSRF) vulnerabilities in ATutor 2.2 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account via a request to mods/_core/users/admins/create.php or (2) create a user account via a request to mods/_core/users/create_user.php. Published at: March 02, 2020 at 06:15PM View on website March 02, 2020 at 07:46PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2019-14892 | | A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code. Published at: March 02, 2020 at 07:15PM View on website March 02, 2020 at 09:46PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2018-14384 | | The Website Manager module in SEO Panel 3.13.0 and earlier is affected by a stored Cross-Site Scripting (XSS) vulnerability, allowing remote authenticated attackers to inject arbitrary web script or HTML via the websites.php name parameter. Published at: March 02, 2020 at 07:15PM View on website March 02, 2020 at 09:46PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2018-11675 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. Published at: March 02, 2020 at 07:15PM View on website March 02, 2020 at 09:46PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2018-19658 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. Published at: March 02, 2020 at 10:15PM View on website March 02, 2020 at 11:46PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2018-19599 | | Monstra CMS 1.6 allows XSS via an uploaded SVG document to the admin/index.php?id=filesmanager&path=uploads/ URI. NOTE: this is a discontinued product. Published at: March 02, 2020 at 10:15PM View on website March 02, 2020 at 11:46PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2018-19284 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. Published at: March 02, 2020 at 10:15PM View on website March 02, 2020 at 11:46PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2018-18479 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. Published at: March 02, 2020 at 10:15PM View on website March 02, 2020 at 11:46PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2018-17572 | | | New vulnerabilities from the NVD: CVE-2018-16357 | | An issue was discovered in PbootCMS. There is a SQL injection via the api.php/Cms/search order parameter. Published at: March 02, 2020 at 10:15PM View on website March 02, 2020 at 11:46PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2018-16356 | | An issue was discovered in PbootCMS. There is a SQL injection via the api.php/List/index order parameter. Published at: March 02, 2020 at 10:15PM View on website March 02, 2020 at 11:46PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2018-15820 | | EasyIO EasyIO-30P devices before 2.0.5.27 allow XSS via the dev.htm GDN parameter. Published at: March 02, 2020 at 09:15PM View on website March 02, 2020 at 11:46PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2018-15819 | | EasyIO EasyIO-30P devices before 2.0.5.27 have Incorrect Access Control, related to webuser.js. Published at: March 02, 2020 at 09:15PM View on website March 02, 2020 at 11:46PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2018-5951 | | An issue was discovered in Mikrotik RouterOS. Crafting a packet that has a size of 1 byte and sending it to an IPv6 address of a RouterOS box with IP Protocol 97 will cause RouterOS to reboot imminently. All versions of RouterOS that supports EoIPv6 are vulnerable to this attack. Published at: March 03, 2020 at 12:15AM View on website March 03, 2020 at 01:46AM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2018-20347 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. Published at: March 03, 2020 at 12:15AM View on website March 03, 2020 at 01:46AM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2018-20343 | | Multiple buffer overflow vulnerabilities have been found in Ken Silverman Build Engine 1. An attacker could craft a special map file to execute arbitrary code when the map file is loaded. Published at: March 02, 2020 at 11:15PM View on website March 03, 2020 at 01:46AM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2018-19798 | | Fleetco Fleet Maintenance Management (FMM) 1.2 and earlier allows uploading an arbitrary ".php" file with the application/x-php Content-Type to the accidents_add.php?submit=1 URI, as demonstrated by the value_Images_1 field, which leads to remote command execution on the remote server. Any authenticated user can exploit this. Published at: March 02, 2020 at 11:15PM View on website March 03, 2020 at 01:46AM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2019-10587 | | Possible Stack overflow can occur when processing a large SDP body or non standard SDP body without right delimiters in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130 Published at: March 05, 2020 at 11:15AM View on website March 05, 2020 at 02:19PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2019-10586 | | Filling media attribute tag names without validating the destination buffer size which can result in the buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130 Published at: March 05, 2020 at 11:15AM View on website March 05, 2020 at 02:19PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2019-10577 | | Improper input validation while processing SIP URI received from the network will lead to buffer over-read and then to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 Published at: March 05, 2020 at 11:15AM View on website March 05, 2020 at 02:19PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2019-10569 | | Stack buffer overflow due to instance id is misplaced inside definition of hardware accelerated effects in makefile in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile in APQ8053, APQ8098, MDM9607, MDM9640, MSM8998, QCS605, SC8180X, SDM439, SDM630, SDM636, SDM660, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130 Published at: March 05, 2020 at 11:15AM View on website March 05, 2020 at 02:19PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2019-10554 | | Multiple Read overflows issue due to improper length check while decoding Identity Request in CSdomain/Authentication Reject in CS domain/ PRAU accept/while logging DL message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130 Published at: March 05, 2020 at 11:15AM View on website March 05, 2020 at 02:19PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2019-10553 | | Multiple Read overflows due to improper length checks while decoding authentication in Cs domain/RAU Reject and TC cmd in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130 Published at: March 05, 2020 at 11:15AM View on website March 05, 2020 at 02:19PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2019-10552 | | Multiple Buffer Over-read issue can happen due to improper length checks while decoding Service Reject/RAU Reject/PTMSI Realloc cmd in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130 Published at: March 05, 2020 at 11:15AM View on website March 05, 2020 at 02:19PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2019-10550 | | Buffer Over-read when UE is trying to process the message received form the network without zero termination in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130 Published at: March 05, 2020 at 11:15AM View on website March 05, 2020 at 02:19PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2019-10549 | | Null pointer dereference issue can happen due to improper validation of CSEQ header response received from network in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, Nicobar, QCM2150, QM215, Rennell, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM632, SDX24, SDX55, SM6150, SM7150, SM8150 Published at: March 05, 2020 at 11:15AM View on website March 05, 2020 at 02:19PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2019-10546 | | Buffer overflow can occur in WLAN firmware while parsing beacon/probe_response frames during roaming in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in APQ8096, APQ8096AU, IPQ6018, IPQ8074, MDM9607, MDM9640, MDM9650, MSM8996AU, Nicobar, QCA6174A, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCS404, QCS605, Rennell, SA6155P, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 Published at: March 05, 2020 at 11:15AM View on website March 05, 2020 at 02:19PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2019-10526 | | Out of bound write in WLAN driver due to NULL character not properly placed after SSID name in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8009, APQ8017, APQ8053, APQ8096AU, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS405, QCS605, SC8180X, SDA845, SDM450, SDX20, SDX24, SDX55, SXR1130 Published at: March 05, 2020 at 11:15AM View on website March 05, 2020 at 02:19PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2018-11838 | | Possible double free issue in WLAN due to lack of checking memory free condition. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8053, MDM9640, SDA660, SDM636, SDM660, SDX20 Published at: March 05, 2020 at 11:15AM View on website March 05, 2020 at 02:19PM via National Vulnerability Database | New vulnerabilities from the NVD: CVE-2017-14208 | | | New vulnerabilities from the NVD: CVE-2017-14207 | | | New vulnerabilities from the NVD: CVE-2017-14206 | | | New vulnerabilities from the NVD: CVE-2017-14205 | | | New vulnerabilities from the NVD: CVE-2017-14204 | | | New vulnerabilities from the NVD: CVE-2017-14203 | | |
|
| | |
Няма коментари:
Публикуване на коментар