Monthly Archive: February 2019

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Absence of length sanity check may lead to possible stack overflow resulting in memory corruption in...

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Users with no extra privileges can potentially access leaked data due to uninitialized padding present in...

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Use-after-free issue in heap while loading audio effects config in audio effects factory. Date published :...

While processing radio connection status change events, Radio index is not properly validated in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Voice & Music in versions MDM9206,...

Unauthorized access may be allowed by the SCP11 Crypto Services TA will processing commands from other TA in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,...

If an end user makes use of SCP11 sample OCE code without modification it could lead to a buffer overflow when transmitting a CAPDU in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics...

Malicious TA can tag QSEE kernel memory and map to EL0, there by corrupting the physical memory as well it can be used to corrupt the QSEE kernel and compromise the whole TEE in...

_includesonline.php in DbNinja 3.2.7 allows XSS via the data.php task parameter if _users/admin/tasks.php exists. Date published : 2019-02-11 https://github.com/eddietcc/CVEnotes/blob/master/DBNinja/Reflect_XSS/readme.md

DbNinja 3.2.7 allows session fixation via the data.php sessid parameter. Date published : 2019-02-11 https://github.com/eddietcc/CVEnotes/blob/master/DBNinja/Broken_Authentication/readme.md

C.P.Sub before 5.3 allows CSRF via a manage.php?p=article_del&id= URI. Date published : 2019-02-11 https://github.com/cooltey/C.P.Sub/commit/b2be52fd89b6fd4d69d63d504bc11742cd679ebe https://github.com/cooltey/C.P.Sub/issues/3

A CSRF vulnerability was found in Verydows v2.0 that can add an admin account via index.php?m=backend&c=admin&a=add&step=submit. Date published : 2019-02-11 https://github.com/Verytops/verydows/issues/10

D-Link DIR-600M C1 3.04 devices allow authentication bypass via a direct request to the wan.htm page. NOTE: this may overlap CVE-2019-13101. Date published : 2019-02-11 https://www.youtube.com/watch?v=uaT8vX06Jjs

In Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove. Date published : 2019-02-11 https://security.gentoo.org/glsa/202005-06 https://github.com/rgaufman/live555/issues/21

In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance...