CVE-2019-0622
published 2019-01-08CVE-2019-0622: An elevation of privilege vulnerability exists when Skype for Andriod fails to properly handle specific authentication requests, aka "Skype for Android…
PriorityP422medium4.6CVSS 3.0
AVPACLPRNUINSUCHINAN
EPSS
1.97%
77.9th percentile
An elevation of privilege vulnerability exists when Skype for Andriod fails to properly handle specific authentication requests, aka "Skype for Android Elevation of Privilege Vulnerability." This affects Skype 8.35.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | skype | — | — |
| microsoft | skype | — | — |
| msrc | skype_8.35_when_installed_on_android_devices | — | — |
CVSS provenance
nvdv3.04.6MEDIUMCVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
vendor_msrc4.6MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Skype for Android Elevation of Privilege Vulnerability
vendor_msrc·2019-01-08·CVSS 4.6
CVE-2019-0622 [MEDIUM] Skype for Android Elevation of Privilege Vulnerability
Skype for Android Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when Skype for Andriod fails to properly handle specific authentication requests.
An attacker who successfully exploited this vulnerability could bypass Android's lockscreen and access a victim's personal information.
To exploit the vulnerability, an attacker would need have physical access to the phone.
The security update addresses the vulnerability by correcting how Skype for Android handles authentication requests.
FAQ: How do I get the update for Skype for Android?
Tap the Google Play icon on your home screen.
Swipe in from the left edge of the screen.
Tap My apps & games.
Tap the Update box next to the Skype app.
FAQ: Does the vulnerability exist in Skype for Busine
GHSA
GHSA-65j8-j9v8-cm3q: An elevation of privilege vulnerability exists when Skype for Andriod fails to properly handle specific authentication requests, aka "Skype for Androi
ghsa_unreviewed·2022-05-13
CVE-2019-0622 [MEDIUM] CWE-287 GHSA-65j8-j9v8-cm3q: An elevation of privilege vulnerability exists when Skype for Andriod fails to properly handle specific authentication requests, aka "Skype for Androi
An elevation of privilege vulnerability exists when Skype for Andriod fails to properly handle specific authentication requests, aka "Skype for Android Elevation of Privilege Vulnerability." This affects Skype 8.35.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2019-9791 Mozilla: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey
bugzilla·2019-03-20·CVSS 9.8
CVE-2019-9791 [CRITICAL] CVE-2019-9791 Mozilla: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey
CVE-2019-9791 Mozilla: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey
The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and writing of objects during an exploitable crash.
External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9791
Discussion:
Acknowledgments:
Name: the Mozilla project
Upstream: Samuel Groß (Google Project Zero)
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2019:0622 https:/
Bugzilla
CVE-2019-9790 Mozilla: Use-after-free when removing in-use DOM elements
bugzilla·2019-03-20·CVSS 9.8
CVE-2019-9790 [CRITICAL] CVE-2019-9790 Mozilla: Use-after-free when removing in-use DOM elements
CVE-2019-9790 Mozilla: Use-after-free when removing in-use DOM elements
A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially exploitable crash.
External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9790
Discussion:
Acknowledgments:
Name: the Mozilla project
Upstream: Brandon Wieser
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2019:0622 https://access.redhat.com/errata/RHSA-2019:0622
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Via RHSA-2019:0623 https://access.redhat.com/errata/RHSA-2019:0623
---
Sta
Bugzilla
CVE-2019-9788 Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6
bugzilla·2019-03-20·CVSS 9.8
CVE-2019-9788 [CRITICAL] CVE-2019-9788 Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6
CVE-2019-9788 Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6
Mozilla developers and community members reported memory safety bugs present in Firefox 65 and Firefox ESR 60.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.
External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9788
Discussion:
Acknowledgments:
Name: the Mozilla project
Upstream: Bob Clary, Chun-Min Chang, Aral Yaman, Andreea Pavel, Jonathan Kew, Gary Kwong, Alex Gaynor, Masayuki Nakano, Anne van Kesteren
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2019:0622 https://access.redhat.com/errata/RHSA-20
Bugzilla
CVE-2019-9792 Mozilla: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script
bugzilla·2019-03-20·CVSS 9.8
CVE-2019-9792 [CRITICAL] CVE-2019-9792 Mozilla: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script
CVE-2019-9792 Mozilla: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script
The IonMonkey just-in-time (JIT) compiler can leak an internal `JS_OPTIMIZED_OUT` magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash.
External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9792
Discussion:
Acknowledgments:
Name: the Mozilla project
Upstream: Samuel Groß (Google Project Zero)
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2019:0622 https://access.redhat.com/errata/RHSA-2019:0622
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Via RH
Bugzilla
CVE-2019-9796 Mozilla: Use-after-free with SMIL animation controller
bugzilla·2019-03-20·CVSS 9.8
CVE-2019-9796 [CRITICAL] CVE-2019-9796 Mozilla: Use-after-free with SMIL animation controller
CVE-2019-9796 Mozilla: Use-after-free with SMIL animation controller
A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller element, the refresh driver incorrectly leaves a dangling pointer to the driver's observer array.
External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9796
Discussion:
Acknowledgments:
Name: the Mozilla project
Upstream: Nils
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2019:0622 https://access.redhat.com/errata/RHSA-2019:0622
---
This issue has been addressed in the foll
Bugzilla
CVE-2019-9795 Mozilla: Type-confusion in IonMonkey JIT compiler
bugzilla·2019-03-20·CVSS 9.8
CVE-2019-9795 [CRITICAL] CVE-2019-9795 Mozilla: Type-confusion in IonMonkey JIT compiler
CVE-2019-9795 Mozilla: Type-confusion in IonMonkey JIT compiler
A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash.
External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9795
Discussion:
Acknowledgments:
Name: the Mozilla project
Upstream: Nils
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2019:0622 https://access.redhat.com/errata/RHSA-2019:0622
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Via RHSA-2019:0623 https://access.redhat.com/errata/RHSA-2019:0623
---
Statement:
In general, this flaw be exploited through email i
2019-01-08
Published