| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-0047 | Hig | 0.57 | 8.8 | 0.02 | Oct 9, 2019 | A persistent Cross-Site Scripting (XSS) vulnerability in Junos OS J-Web interface may allow remote unauthenticated attackers to perform administrative actions on the Junos device. Successful exploitation requires a Junos administrator to first perform certain diagnostic actions… | ||
| CVE-2019-17389 | Hig | 0.00 | 7.5 | 0.01 | Oct 9, 2019 | In RIOT 2019.07, the MQTT-SN implementation (asymcute) mishandles errors occurring during a read operation on a UDP socket. The receive loop ends. This allows an attacker (via a large packet) to prevent a RIOT MQTT-SN client from working until the device is restarted. | ||
| CVE-2019-6469 | Hig | 0.49 | 7.5 | 0.02 | Oct 9, 2019 | An error in the EDNS Client Subnet (ECS) feature for recursive resolvers can cause BIND to exit with an assertion failure when processing a response that has malformed RRSIGs. Versions affected: BIND 9.10.5-S1 -> 9.11.6-S1 of BIND 9 Supported Preview Edition. | ||
| CVE-2019-6468 | Hig | 0.49 | 7.5 | 0.03 | Oct 9, 2019 | In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can occur in versions which support EDNS Client Subnet (ECS) features. In those versions which have ECS support, enabling nxdomain-redirect is likely to lead to BIND exiting due to assertion failure.… | ||
| CVE-2019-6467 | Hig | 0.49 | 7.5 | 0.05 | Oct 9, 2019 | A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to… | ||
| CVE-2019-4558 | Hig | 0.51 | 7.8 | 0.01 | Oct 9, 2019 | A security vulnerability has been identified in all levels of IBM Spectrum Scale V5.0.0.0 through V5.0.3.2 and IBM Spectrum Scale V4.2.0.0 through V4.2.3.17 that could allow a local attacker to obtain root privilege by injecting parameters into setuid files. | ||
| CVE-2019-17375 | Hig | 0.57 | 8.8 | 0.01 | Oct 9, 2019 | cPanel before 82.0.15 allows API token credentials to persist after an account has been renamed or terminated (SEC-517). | ||
| CVE-2019-17128 | Hig | 0.49 | 7.5 | 0.02 | Oct 9, 2019 | Netreo OmniCenter through 12.1.1 allows unauthenticated SQL Injection (Boolean Based Blind) in the redirect parameters and parameter name of the login page through a GET request. The injection allows an attacker to read sensitive information from the database used by the… | ||
| CVE-2019-15226 | Hig | 0.05 | 7.5 | 0.65 | Oct 9, 2019 | Upon receiving each incoming request header data, Envoy will iterate over existing request headers to verify that the total size of the headers stays below a maximum limit. The implementation in versions 1.10.0 through 1.11.1 for HTTP/1.x traffic and all versions of Envoy for… | ||
| CVE-2019-13529 | Hig | 0.60 | 8.8 | 0.03 | Oct 9, 2019 | An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform actions with the permissions of the user on the Sunny WebBox Firmware Version 1.6 and prior. This device uses IP addresses to maintain communication after a… | ||
| CVE-2018-5744 | Hig | 0.49 | 7.5 | 0.03 | Oct 9, 2019 | A failure to free memory can occur when processing messages having a specific combination of EDNS options. Versions affected are: BIND 9.10.7 -> 9.10.8-P1, 9.11.3 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.10.7-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions… | ||
| CVE-2018-5743 | Hig | 0.49 | 7.5 | 0.06 | Oct 9, 2019 | By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to… | ||
| CVE-2018-5732 | Hig | 0.49 | 7.5 | 0.05 | Oct 9, 2019 | Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section.… | ||
| CVE-2019-17372 | Hig | 0.53 | 8.1 | 0.02 | Oct 9, 2019 | Certain NETGEAR devices allow remote attackers to disable all authentication requirements by visiting genieDisableLanChanged.cgi. The attacker can then, for example, visit MNU_accessPassword_recovered.html to obtain a valid new admin password. This affects AC1450, D8500, DC112A,… | ||
| CVE-2019-17370 | Hig | 0.47 | 7.2 | 0.02 | Oct 9, 2019 | OTCMS v3.85 allows arbitrary PHP Code Execution because admin/sysCheckFile_deal.php blocks "into outfile" in a SELECT statement, but does not block the "into/**/outfile" manipulation. Therefore, the attacker can create a .php file. | ||
| CVE-2019-17353 | Hig | 0.54 | 8.2 | 0.03 | Oct 9, 2019 | An issue discovered on D-Link DIR-615 devices with firmware version 20.05 and 20.07. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page. | ||
| CVE-2019-15719 | Hig | 0.52 | 8.0 | 0.02 | Oct 9, 2019 | Altair PBS Professional through 19.1.2 allows Privilege Escalation because an attacker can send a message directly to pbs_mom, which fails to properly authenticate the message. This results in code execution as an arbitrary user. | ||
| CVE-2019-13051 | Hig | 0.01 | 8.8 | 0.12 | Oct 9, 2019 | Pi-Hole 4.3 allows Command Injection. | ||
| CVE-2019-17186 | Hig | 0.58 | 8.8 | 0.06 | Oct 8, 2019 | /var/WEB-GUI/cgi-bin/telnet.cgi on FiberHome HG2201T 1.00.M5007_JS_201804 devices allows pre-authentication remote code execution. | ||
| CVE-2019-14846 | Hig | 0.44 | 7.8 | 0.01 | Oct 8, 2019 | In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not… | ||
| CVE-2019-10969 | Hig | 0.51 | 7.2 | 0.09 | Oct 8, 2019 | Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution. | ||
| CVE-2019-17187 | Hig | 0.50 | 7.5 | 0.11 | Oct 8, 2019 | /var/WEB-GUI/cgi-bin/downloadfile.cgi on FiberHome HG2201T 1.00.M5007_JS_201804 devices allows pre-authentication Directory Traversal for reading arbitrary files. | ||
| CVE-2019-17359 | — | Hig | 0.49 | 7.5 | 0.09 | Oct 8, 2019 | The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64. | |
| CVE-2019-17352 | — | Hig | 0.49 | 7.5 | 0.02 | Oct 8, 2019 | In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile() function: one can upload any type of file. For example, a .jsp file may be stored and almost immediately deleted, but this deletion step does not occur for certain… | |
| CVE-2019-17107 | Hig | 0.50 | 8.8 | 0.04 | Oct 8, 2019 | minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. NOTE: some sources have listed CVE-2019-17017 for this, but that is incorrect. | ||
| CVE-2019-17104 | — | Hig | 0.49 | 7.5 | 0.02 | Oct 8, 2019 | In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set. | |
| CVE-2019-16929 | — | Hig | 0.49 | 7.5 | 0.01 | Oct 8, 2019 | Auth0 auth0.net before 6.5.4 has Incorrect Access Control because IdentityTokenValidator can be accidentally used to validate untrusted ID tokens. | |
| CVE-2019-14657 | Hig | 0.57 | 8.8 | 0.04 | Oct 8, 2019 | Yealink phones through 2019-08-04 have an issue with OpenVPN file upload. They execute tar as root to extract files, but do not validate the extraction directory. Creating a tar file with ../../../../ allows replacement of almost any file on a phone. This leads to password… | ||
| CVE-2019-14656 | Hig | 0.57 | 8.8 | 0.02 | Oct 8, 2019 | Yealink phones through 2019-08-04 do not properly check user roles in POST requests. Consequently, the default User account (with a password of user) can make admin requests via HTTP. | ||
| CVE-2018-21023 | Hig | 0.00 | 8.8 | 0.03 | Oct 8, 2019 | getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter. | ||
| CVE-2018-21022 | Hig | 0.00 | 8.8 | 0.02 | Oct 8, 2019 | makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter. | ||
| CVE-2018-21021 | Hig | 0.00 | 8.8 | 0.02 | Oct 8, 2019 | img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter. | ||
| CVE-2018-21020 | Hig | 0.00 | 7.5 | 0.02 | Oct 8, 2019 | In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass authentication mechanisms in place. | ||
| CVE-2019-17262 | Hig | 0.51 | 7.8 | 0.00 | Oct 8, 2019 | XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001fc0. | ||
| CVE-2019-17261 | Hig | 0.51 | 7.8 | 0.00 | Oct 8, 2019 | XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001e51. | ||
| CVE-2019-17260 | Hig | 0.51 | 7.8 | 0.00 | Oct 8, 2019 | MPC-HC through 1.7.13 allows a Read Access Violation on a Block Data Move starting at mpc_hc!memcpy+0x000000000000004e. | ||
| CVE-2019-17259 | Hig | 0.51 | 7.8 | 0.00 | Oct 8, 2019 | KMPlayer 4.2.2.31 allows a User Mode Write AV starting at utils!src_new+0x000000000014d6ee. | ||
| CVE-2019-17258 | Hig | 0.51 | 7.8 | 0.02 | Oct 8, 2019 | IrfanView 4.53 allows Data from a Faulting Address to control a subsequent Write Address starting at JPEG_LS+0x000000000000839c. | ||
| CVE-2019-17256 | Hig | 0.51 | 7.8 | 0.01 | Oct 8, 2019 | IrfanView 4.53 allows a User Mode Write AV starting at DPX!ReadDPX_W+0x0000000000001203. | ||
| CVE-2019-17255 | Hig | 0.51 | 7.8 | 0.01 | Oct 8, 2019 | IrfanView 4.53 allows a User Mode Write AV starting at EXR!ReadEXR+0x0000000000010836. | ||
| CVE-2019-17254 | Hig | 0.51 | 7.8 | 0.02 | Oct 8, 2019 | IrfanView 4.53 allows Data from a Faulting Address to control a subsequent Write Address starting at FORMATS!Read_BadPNG+0x0000000000000101. | ||
| CVE-2019-17253 | Hig | 0.51 | 7.8 | 0.01 | Oct 8, 2019 | IrfanView 4.53 allows a User Mode Write AV starting at JPEG_LS+0x000000000000a6b8. | ||
| CVE-2019-17252 | Hig | 0.51 | 7.8 | 0.03 | Oct 8, 2019 | IrfanView 4.53 allows a User Mode Write AV starting at FORMATS!Read_BadPNG+0x0000000000000115. | ||
| CVE-2019-17251 | Hig | 0.51 | 7.8 | 0.01 | Oct 8, 2019 | IrfanView 4.53 allows a User Mode Write AV starting at FORMATS!GetPlugInInfo+0x0000000000007d43. | ||
| CVE-2019-17250 | Hig | 0.51 | 7.8 | 0.02 | Oct 8, 2019 | IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x00000000000042f5. | ||
| CVE-2019-17249 | Hig | 0.51 | 7.8 | 0.02 | Oct 8, 2019 | IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000d57b. | ||
| CVE-2019-17248 | Hig | 0.51 | 7.8 | 0.02 | Oct 8, 2019 | IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x00000000000025b6. | ||
| CVE-2019-17247 | Hig | 0.51 | 7.8 | 0.02 | Oct 8, 2019 | IrfanView 4.53 allows Data from a Faulting Address to control a subsequent Write Address starting at JPEG_LS+0x0000000000007da8. | ||
| CVE-2019-17246 | Hig | 0.51 | 7.8 | 0.02 | Oct 8, 2019 | IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000258c. | ||
| CVE-2019-17245 | Hig | 0.51 | 7.8 | 0.01 | Oct 8, 2019 | IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x0000000000004359. |
- risk 0.57cvss 8.8epss 0.02
A persistent Cross-Site Scripting (XSS) vulnerability in Junos OS J-Web interface may allow remote unauthenticated attackers to perform administrative actions on the Junos device. Successful exploitation requires a Junos administrator to first perform certain diagnostic actions…
- risk 0.00cvss 7.5epss 0.01
In RIOT 2019.07, the MQTT-SN implementation (asymcute) mishandles errors occurring during a read operation on a UDP socket. The receive loop ends. This allows an attacker (via a large packet) to prevent a RIOT MQTT-SN client from working until the device is restarted.
- risk 0.49cvss 7.5epss 0.02
An error in the EDNS Client Subnet (ECS) feature for recursive resolvers can cause BIND to exit with an assertion failure when processing a response that has malformed RRSIGs. Versions affected: BIND 9.10.5-S1 -> 9.11.6-S1 of BIND 9 Supported Preview Edition.
- risk 0.49cvss 7.5epss 0.03
In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can occur in versions which support EDNS Client Subnet (ECS) features. In those versions which have ECS support, enabling nxdomain-redirect is likely to lead to BIND exiting due to assertion failure.…
- risk 0.49cvss 7.5epss 0.05
A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to…
- risk 0.51cvss 7.8epss 0.01
A security vulnerability has been identified in all levels of IBM Spectrum Scale V5.0.0.0 through V5.0.3.2 and IBM Spectrum Scale V4.2.0.0 through V4.2.3.17 that could allow a local attacker to obtain root privilege by injecting parameters into setuid files.
- risk 0.57cvss 8.8epss 0.01
cPanel before 82.0.15 allows API token credentials to persist after an account has been renamed or terminated (SEC-517).
- risk 0.49cvss 7.5epss 0.02
Netreo OmniCenter through 12.1.1 allows unauthenticated SQL Injection (Boolean Based Blind) in the redirect parameters and parameter name of the login page through a GET request. The injection allows an attacker to read sensitive information from the database used by the…
- risk 0.05cvss 7.5epss 0.65
Upon receiving each incoming request header data, Envoy will iterate over existing request headers to verify that the total size of the headers stays below a maximum limit. The implementation in versions 1.10.0 through 1.11.1 for HTTP/1.x traffic and all versions of Envoy for…
- risk 0.60cvss 8.8epss 0.03
An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform actions with the permissions of the user on the Sunny WebBox Firmware Version 1.6 and prior. This device uses IP addresses to maintain communication after a…
- risk 0.49cvss 7.5epss 0.03
A failure to free memory can occur when processing messages having a specific combination of EDNS options. Versions affected are: BIND 9.10.7 -> 9.10.8-P1, 9.11.3 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.10.7-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions…
- risk 0.49cvss 7.5epss 0.06
By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to…
- risk 0.49cvss 7.5epss 0.05
Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section.…
- risk 0.53cvss 8.1epss 0.02
Certain NETGEAR devices allow remote attackers to disable all authentication requirements by visiting genieDisableLanChanged.cgi. The attacker can then, for example, visit MNU_accessPassword_recovered.html to obtain a valid new admin password. This affects AC1450, D8500, DC112A,…
- risk 0.47cvss 7.2epss 0.02
OTCMS v3.85 allows arbitrary PHP Code Execution because admin/sysCheckFile_deal.php blocks "into outfile" in a SELECT statement, but does not block the "into/**/outfile" manipulation. Therefore, the attacker can create a .php file.
- risk 0.54cvss 8.2epss 0.03
An issue discovered on D-Link DIR-615 devices with firmware version 20.05 and 20.07. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page.
- risk 0.52cvss 8.0epss 0.02
Altair PBS Professional through 19.1.2 allows Privilege Escalation because an attacker can send a message directly to pbs_mom, which fails to properly authenticate the message. This results in code execution as an arbitrary user.
- risk 0.01cvss 8.8epss 0.12
Pi-Hole 4.3 allows Command Injection.
- risk 0.58cvss 8.8epss 0.06
/var/WEB-GUI/cgi-bin/telnet.cgi on FiberHome HG2201T 1.00.M5007_JS_201804 devices allows pre-authentication remote code execution.
- risk 0.44cvss 7.8epss 0.01
In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not…
- risk 0.51cvss 7.2epss 0.09
Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution.
- risk 0.50cvss 7.5epss 0.11
/var/WEB-GUI/cgi-bin/downloadfile.cgi on FiberHome HG2201T 1.00.M5007_JS_201804 devices allows pre-authentication Directory Traversal for reading arbitrary files.
- risk 0.49cvss 7.5epss 0.09
The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.
- risk 0.49cvss 7.5epss 0.02
In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile() function: one can upload any type of file. For example, a .jsp file may be stored and almost immediately deleted, but this deletion step does not occur for certain…
- risk 0.50cvss 8.8epss 0.04
minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. NOTE: some sources have listed CVE-2019-17017 for this, but that is incorrect.
- risk 0.49cvss 7.5epss 0.02
In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set.
- risk 0.49cvss 7.5epss 0.01
Auth0 auth0.net before 6.5.4 has Incorrect Access Control because IdentityTokenValidator can be accidentally used to validate untrusted ID tokens.
- risk 0.57cvss 8.8epss 0.04
Yealink phones through 2019-08-04 have an issue with OpenVPN file upload. They execute tar as root to extract files, but do not validate the extraction directory. Creating a tar file with ../../../../ allows replacement of almost any file on a phone. This leads to password…
- risk 0.57cvss 8.8epss 0.02
Yealink phones through 2019-08-04 do not properly check user roles in POST requests. Consequently, the default User account (with a password of user) can make admin requests via HTTP.
- risk 0.00cvss 8.8epss 0.03
getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter.
- risk 0.00cvss 8.8epss 0.02
makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter.
- risk 0.00cvss 8.8epss 0.02
img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter.
- risk 0.00cvss 7.5epss 0.02
In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass authentication mechanisms in place.
- risk 0.51cvss 7.8epss 0.00
XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001fc0.
- risk 0.51cvss 7.8epss 0.00
XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001e51.
- risk 0.51cvss 7.8epss 0.00
MPC-HC through 1.7.13 allows a Read Access Violation on a Block Data Move starting at mpc_hc!memcpy+0x000000000000004e.
- risk 0.51cvss 7.8epss 0.00
KMPlayer 4.2.2.31 allows a User Mode Write AV starting at utils!src_new+0x000000000014d6ee.
- risk 0.51cvss 7.8epss 0.02
IrfanView 4.53 allows Data from a Faulting Address to control a subsequent Write Address starting at JPEG_LS+0x000000000000839c.
- risk 0.51cvss 7.8epss 0.01
IrfanView 4.53 allows a User Mode Write AV starting at DPX!ReadDPX_W+0x0000000000001203.
- risk 0.51cvss 7.8epss 0.01
IrfanView 4.53 allows a User Mode Write AV starting at EXR!ReadEXR+0x0000000000010836.
- risk 0.51cvss 7.8epss 0.02
IrfanView 4.53 allows Data from a Faulting Address to control a subsequent Write Address starting at FORMATS!Read_BadPNG+0x0000000000000101.
- risk 0.51cvss 7.8epss 0.01
IrfanView 4.53 allows a User Mode Write AV starting at JPEG_LS+0x000000000000a6b8.
- risk 0.51cvss 7.8epss 0.03
IrfanView 4.53 allows a User Mode Write AV starting at FORMATS!Read_BadPNG+0x0000000000000115.
- risk 0.51cvss 7.8epss 0.01
IrfanView 4.53 allows a User Mode Write AV starting at FORMATS!GetPlugInInfo+0x0000000000007d43.
- risk 0.51cvss 7.8epss 0.02
IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x00000000000042f5.
- risk 0.51cvss 7.8epss 0.02
IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000d57b.
- risk 0.51cvss 7.8epss 0.02
IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x00000000000025b6.
- risk 0.51cvss 7.8epss 0.02
IrfanView 4.53 allows Data from a Faulting Address to control a subsequent Write Address starting at JPEG_LS+0x0000000000007da8.
- risk 0.51cvss 7.8epss 0.02
IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000258c.
- risk 0.51cvss 7.8epss 0.01
IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x0000000000004359.