NVD

CVE-2018-12014

NVD Vulnerabilities - Mon, 02/11/2019 - 10:29
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Null pointer dereference vulnerability may occur due to missing NULL assignment in NAT module of freed pointer.
Categories: NVD

CVE-2018-12547

NVD Vulnerabilities - Mon, 02/11/2019 - 10:29
In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code.
Categories: NVD

CVE-2018-12549

NVD Vulnerabilities - Mon, 02/11/2019 - 10:29
In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it.
Categories: NVD

CVE-2018-13888

NVD Vulnerabilities - Mon, 02/11/2019 - 10:29
There is potential for memory corruption in the RIL daemon due to de reference of memory outside the allocated array length in RIL in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in versions MDM9206, MDM9607, MDM9635M, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM439, SDM630, SDM660, ZZ_QCS605.
Categories: NVD

CVE-2018-13889

NVD Vulnerabilities - Mon, 02/11/2019 - 10:29
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Heap memory was accessed after it was freed
Categories: NVD

CVE-2018-13893

NVD Vulnerabilities - Mon, 02/11/2019 - 10:29
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Out of bound mask range access caused by using possible old value of msg mask table count while copying masks to userspace.
Categories: NVD

CVE-2019-7722

NVD Vulnerabilities - Mon, 02/11/2019 - 09:29
PMD 5.8.1 and earlier processes XML external entities in ruleset files it parses as part of the analysis process, allowing attackers tampering it (either by direct modification or MITM attacks when using remote rulesets) to perform information disclosure, denial of service, or request forgery attacks. (PMD 6.x is unaffected because of a 2017-09-15 change.)
Categories: NVD

CVE-2019-6975

NVD Vulnerabilities - Mon, 02/11/2019 - 08:29
Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function.
Categories: NVD

CVE-2018-20587

NVD Vulnerabilities - Mon, 02/11/2019 - 07:29
Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control. Local users can exploit this to steal currency by binding the RPC IPv4 localhost port, and forwarding requests to the IPv6 localhost port.
Categories: NVD

CVE-2019-7718

NVD Vulnerabilities - Sun, 02/10/2019 - 23:29
An issue was discovered in Metinfo 6.x. An attacker can leverage a race condition in the backend database backup function to execute arbitrary PHP code via admin/index.php?n=databack&c=index&a=dogetsql&tables=<?php and admin/databack/bakup_tables.php?2=file_put_contents URIs because app/system/databack/admin/index.class.php creates bakup_tables.php temporarily.
Categories: NVD

CVE-2019-7719

NVD Vulnerabilities - Sun, 02/10/2019 - 23:29
Nibbleblog 4.0.5 allows eval injection by placing PHP code in the install.php username parameter and then making a content/private/shadow.php request.
Categories: NVD

CVE-2019-7720

NVD Vulnerabilities - Sun, 02/10/2019 - 23:29
taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request.
Categories: NVD

CVE-2019-7721

NVD Vulnerabilities - Sun, 02/10/2019 - 23:29
lib/NCCms.class.php in nc-cms 3.5 allows upload of .php files via the index.php?action=save name and editordata parameters.
Categories: NVD

CVE-2018-20774

NVD Vulnerabilities - Sun, 02/10/2019 - 21:29
Frog CMS 0.9.5 has XSS via the admin/?/layout/edit/1 Body field.
Categories: NVD

CVE-2018-20775

NVD Vulnerabilities - Sun, 02/10/2019 - 21:29
admin/?/plugin/file_manager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI.
Categories: NVD

CVE-2018-20776

NVD Vulnerabilities - Sun, 02/10/2019 - 21:29
Frog CMS 0.9.5 provides a directory listing for a /public request.
Categories: NVD

CVE-2018-20777

NVD Vulnerabilities - Sun, 02/10/2019 - 21:29
Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit/1 Body field.
Categories: NVD

CVE-2018-20778

NVD Vulnerabilities - Sun, 02/10/2019 - 21:29
admin/?/plugin/file_manager in Frog CMS 0.9.5 allows XSS by creating a new file containing a crafted attribute of an IMG element.
Categories: NVD

CVE-2018-20779

NVD Vulnerabilities - Sun, 02/10/2019 - 21:29
Traq 3.7.1 allows SQL Injection via a tickets?search= URI.
Categories: NVD

CVE-2018-20780

NVD Vulnerabilities - Sun, 02/10/2019 - 21:29
Traq 3.7.1 allows admin/users/new CSRF to create an admin account (aka group_id=1).
Categories: NVD