Design/Logic Flaw

A missing permission check in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

CVE-2019-10456

CVE-2019-10456 is a CSRF vulnerability in the Jenkins Oracle Cloud Infrastructure Compute Classic Plugin. The issue arises because a method implementing form validation lacks proper permission checks, allowing users with Overall/Read access to initiate a connection test to an attacker‑specified U...

CVE-2019-10457

CVE-2019-10457 : The Jenkins Oracle Cloud Infrastructure Compute Classic Plugin has a missing permission check that allows attackers with Overall/Read to trigger connections to an attacker-specified URL using attacker-specified credentials. Affected component: Jenkins plugin for Oracle Cloud Infr...

CVE-2019-10456

A cross-site request forgery vulnerability in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

PT-2019-11850 · Jenkins · Jenkins Oracle Cloud Infrastructure Compute Classic Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Oracle Cloud Infrastructure Compute Classic Plugin affected versions not specified Description: A cross-site request forgery issue exists, allowing attackers to connect to a specified URL using specified credentials. The plugin does n...

CVE-2019-12714

A vulnerability in the web-based management interface of Cisco IC3000 Industrial Compute Gateway could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability exists because the affected software improperly manages system...

Design/Logic Flaw

A vulnerability in the web-based management interface of Cisco IC3000 Industrial Compute Gateway could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability exists because the affected software improperly manages system...

CVE-2019-12714

The CVE-2019-12714 issue affects Cisco IC3000 Industrial Compute Gateway, specifically the web-based management interface. The vulnerability arises from improper resource management, allowing an authenticated, remote attacker to open many simultaneous sessions and cause a DoS on the web interface...

CVE-2019-12714 Cisco IC3000 Industrial Compute Gateway Denial of Service Vulnerability

A vulnerability in the web-based management interface of Cisco IC3000 Industrial Compute Gateway could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability exists because the affected software improperly manages system...

Cisco IC3000 Industrial Compute Gateway CVE-2019-12714 Denial of Service Vulnerability

Description Cisco IC3000 Industrial Compute Gateway is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. This issue is being tracked by Cisco Bug IDs CSCvq92705. Technologies Affected Cisco...

Building the Azure IoT Edge Security Daemon in Rust

Azure IoT Edge is an open source, cross platform software project from the Azure IoT team at Microsoft that seeks to solve the problem of managing distribution of compute to the edge of your on-premise network from the cloud. This post explains some of the rationale behind our choice of Rust as t...

CVE-2019-2341

Buffer overflow when the audio buffer size provided by user is larger than the maximum allowable audio buffer size. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in...

Null pointer dereference

Possible null-pointer dereference can occur while parsing avi clip during copy in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, MSM8996AU,...

CVE-2019-10498

CVE-2019-10498 describes a buffer overflow in a Qualcomm closed‑source component triggered when a client sends more than 5 io_vec requests to the server. Affected products span Snapdragon Auto/Compute, Snapdragon IoT devices, and related Snapdragon/SDM families (e.g., SD 210–855, various Snapdrag...

CVE-2019-2333

Technical details about CVE-2019-2333 are not publicly provided in the supplied documents. Monitor for updates as more specifics (affected components, root cause, remediation) may be disclosed in future disclosures.

CVE-2019-2341

CVE-2019-2341 describes a buffer overflow in the audio subsystem when a user-provided audio buffer size exceeds the maximum allowed. Affected: Snapdragon SoCs and families listed in the entry (e.g., Snapdragon Auto/Compute/IoT, Snapdragon Mobile, Wearables, etc.). Root cause: unchecked size in au...

CVE-2019-10509

Device record of the pairing device used after free during ACL disconnection in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCA6574AU,...

CVE-2019-2294

Usage of hard-coded magic number for calculating heap guard bytes can allow users to corrupt heap blocks without heap algorithm knowledge in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial...

CVE-2019-10501

Possible use after free issue due to improper input validation in volume listener library in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W,...

CVE-2019-10540

Buffer overflow in WLAN NAN function due to lack of check of count value received in NAN availability attribute in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,...