NVD

CVE-2019-7747

NVD Vulnerabilities - Mon, 02/11/2019 - 16:29
DbNinja 3.2.7 allows session fixation via the data.php sessid parameter.
Categories: NVD

CVE-2019-7748

NVD Vulnerabilities - Mon, 02/11/2019 - 16:29
_includes\online.php in DbNinja 3.2.7 allows XSS via the data.php task parameter if _users/admin/tasks.php exists.
Categories: NVD

CVE-2018-17542

NVD Vulnerabilities - Mon, 02/11/2019 - 15:29
SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request.
Categories: NVD

CVE-2019-5736

NVD Vulnerabilities - Mon, 02/11/2019 - 14:29
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
Categories: NVD

CVE-2018-15586

NVD Vulnerabilities - Mon, 02/11/2019 - 12:29
Enigmail before 2.0.6 is prone to to OpenPGP signatures being spoofed for arbitrary messages using a PGP/INLINE signature wrapped within a specially crafted multipart HTML email.
Categories: NVD

CVE-2018-15587

NVD Vulnerabilities - Mon, 02/11/2019 - 12:29
GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment.
Categories: NVD

CVE-2018-15588

NVD Vulnerabilities - Mon, 02/11/2019 - 12:29
MailMate before 1.11.3 mishandles a suspicious HTML/MIME structure in a signed/encrypted email.
Categories: NVD

CVE-2019-7730

NVD Vulnerabilities - Mon, 02/11/2019 - 12:29
MyWebSQL 3.7 has a Cross-site request forgery (CSRF) vulnerability for deleting a database via the /?q=wrkfrm&type=databases URI.
Categories: NVD

CVE-2019-7731

NVD Vulnerabilities - Mon, 02/11/2019 - 12:29
MyWebSQL 3.7 has a remote code execution (RCE) vulnerability after an attacker writes shell code into the database, and executes the Backup Database function with a .php filename for the backup's archive file.
Categories: NVD

CVE-2019-7732

NVD Vulnerabilities - Mon, 02/11/2019 - 12:29
In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance can ever be freed.
Categories: NVD

CVE-2019-7733

NVD Vulnerabilities - Mon, 02/11/2019 - 12:29
In Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove.
Categories: NVD

CVE-2019-7736

NVD Vulnerabilities - Mon, 02/11/2019 - 12:29
D-Link DIR-600M C1 3.04 devices allow authentication bypass via a direct request to the wan.htm page.
Categories: NVD

CVE-2018-11847

NVD Vulnerabilities - Mon, 02/11/2019 - 10:29
Malicious TA can tag QSEE kernel memory and map to EL0, there by corrupting the physical memory as well it can be used to corrupt the QSEE kernel and compromise the whole TEE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables and Snapdragon Wired Infrastructure and Networking in versions IPQ8074, MDM9206, MDM9607, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 650/52, SD 820, SD 820A, SD 835, SD 8CX, SDM439 and Snapdragon_High_Med_2016
Categories: NVD

CVE-2018-11855

NVD Vulnerabilities - Mon, 02/11/2019 - 10:29
If an end user makes use of SCP11 sample OCE code without modification it could lead to a buffer overflow when transmitting a CAPDU in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT and Snapdragon Mobile in versions MDM9607, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 636, SD 820, SD 820A, SD 835, SD 8CX, SDA660, SDM630, SDM660.
Categories: NVD

CVE-2018-11888

NVD Vulnerabilities - Mon, 02/11/2019 - 10:29
Unauthorized access may be allowed by the SCP11 Crypto Services TA will processing commands from other TA in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Voice & Music in versions MDM9607, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 650/52, SD 820, SD 820A, SD 835, SD 8CX, SDM439, Snapdragon_High_Med_2016.
Categories: NVD

CVE-2018-11899

NVD Vulnerabilities - Mon, 02/11/2019 - 10:29
While processing radio connection status change events, Radio index is not properly validated in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Voice & Music in versions MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24.
Categories: NVD

CVE-2018-11962

NVD Vulnerabilities - Mon, 02/11/2019 - 10:29
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Use-after-free issue in heap while loading audio effects config in audio effects factory.
Categories: NVD

CVE-2018-12006

NVD Vulnerabilities - Mon, 02/11/2019 - 10:29
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Users with no extra privileges can potentially access leaked data due to uninitialized padding present in display function.
Categories: NVD

CVE-2018-12010

NVD Vulnerabilities - Mon, 02/11/2019 - 10:29
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Absence of length sanity check may lead to possible stack overflow resulting in memory corruption in trustzone region.
Categories: NVD

CVE-2018-12011

NVD Vulnerabilities - Mon, 02/11/2019 - 10:29
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Uninitialized data for socket address leads to information exposure.
Categories: NVD