| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-14960 | Hig | 0.51 | 7.8 | 0.00 | Oct 1, 2019 | JetBrains Rider before 2019.1.2 was using an unsigned JetBrains.Rider.Unity.Editor.Plugin.Repacked.dll file. | ||
| CVE-2019-10435 | Hig | 0.49 | 7.5 | 0.01 | Oct 1, 2019 | Jenkins SourceGear Vault Plugin transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. | ||
| CVE-2019-10434 | Hig | 0.49 | 7.5 | 0.01 | Oct 1, 2019 | Jenkins LDAP Email Plugin transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | ||
| CVE-2019-16508 | Hig | 0.51 | 7.8 | 0.01 | Oct 1, 2019 | The Imagination Technologies driver for Chrome OS before R74-11895.B, R75 before R75-12105.B, and R76 before R76-12208.0.0 allows attackers to trigger an Integer Overflow and gain privileges via a malicious application. This occurs because of intentional access for the GPU… | ||
| CVE-2019-3732 | Hig | 0.49 | 7.5 | 0.01 | Sep 30, 2019 | RSA BSAFE Crypto-C Micro Edition, versions prior to 4.0.5.3 (in 4.0.x) and versions prior to 4.1.3.3 (in 4.1.x), and RSA Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) versions prior to 4.1.6.1 (in 4.1.x) and versions prior to 4.3.3 (4.2.x and 4.3.x) are vulnerable to… | ||
| CVE-2019-3731 | Hig | 0.49 | 7.5 | 0.01 | Sep 30, 2019 | RSA BSAFE Crypto-C Micro Edition versions prior to 4.1.4 and RSA Micro Edition Suite versions prior to 4.4 are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving… | ||
| CVE-2019-3730 | Hig | 0.49 | 7.5 | 0.01 | Sep 30, 2019 | RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 (in 4.1.x) and prior to 4.4 (in 4.2.x and 4.3.x), are vulnerable to an Information Exposure Through an Error Message vulnerability, also known as a “padding oracle attack vulnerability”. A malicious remote user could… | ||
| CVE-2019-3728 | Hig | 0.49 | 7.5 | 0.02 | Sep 30, 2019 | RSA BSAFE Crypto-C Micro Edition versions from 4.0.0.0 before 4.0.5.4 and from 4.1.0 before 4.1.4, RSA BSAFE Micro Edition Suite versions from 4.0.0 before 4.0.13 and from 4.1.0 before 4.4 and RSA Crypto-C versions from 6.0.0 through 6.4.* are vulnerable to an out-of-bounds read… | ||
| CVE-2019-17051 | Hig | 0.51 | 7.8 | 0.02 | Sep 30, 2019 | Evernote before 7.13 GA on macOS allows code execution because the com.apple.quarantine attribute is not used for attachment files, as demonstrated by a one-click attack involving a drag-and-drop operation on a crafted Terminal file. | ||
| CVE-2019-13124 | Hig | 0.49 | 7.5 | 0.01 | Sep 30, 2019 | Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs involving 3 functions exhausting available stack memory because of Uncontrolled Recursion in the V8 JavaScript engine (issue 2 of 2). | ||
| CVE-2019-13123 | Hig | 0.49 | 7.5 | 0.01 | Sep 30, 2019 | Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs involving 3 functions exhausting available stack memory because of Uncontrolled Recursion in the V8 JavaScript engine (issue 1 of 2). | ||
| CVE-2019-17050 | Hig | 0.47 | 7.2 | 0.01 | Sep 30, 2019 | An issue was discovered in the Voyager package through 1.2.7 for Laravel. An attacker with admin privileges and Compass access can read or delete arbitrary files, such as the .env file. NOTE: a software maintainer has suggested a solution in which Compass is switched off in a… | ||
| CVE-2019-17049 | Hig | 0.49 | 7.5 | 0.01 | Sep 30, 2019 | NETGEAR SRX5308 4.3.5-3 devices allow SQL Injection, as exploited in the wild in September 2019 to add a new user account. | ||
| CVE-2019-16276 | Hig | 0.42 | 7.5 | 0.05 | Sep 30, 2019 | Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling. | ||
| CVE-2019-13466 | Hig | 0.49 | 7.5 | 0.01 | Sep 30, 2019 | Western Digital SSD Dashboard before 2.5.1.0 and SanDisk SSD Dashboard before 2.5.1.0 have Incorrect Access Control. The “generate reports” archive is protected with a hard-coded password. An application update that addresses the protection of archive encryption is available. | ||
| CVE-2019-2341 | Hig | 0.51 | 7.8 | 0.00 | Sep 30, 2019 | Buffer overflow when the audio buffer size provided by user is larger than the maximum allowable audio buffer size. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon… | ||
| CVE-2019-2333 | Hig | 0.51 | 7.8 | 0.00 | Sep 30, 2019 | Buffer overflow due to improper validation of buffer size while IPA driver processing to perform read operation in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in… | ||
| CVE-2019-2284 | Hig | 0.46 | 7.0 | 0.00 | Sep 30, 2019 | Possible use-after-free issue due to a race condition while calling camera ioctl concurrently in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, QCS405, QCS605, Qualcomm 215,… | ||
| CVE-2019-10510 | Hig | 0.53 | 8.2 | 0.01 | Sep 30, 2019 | BT process died and BT toggled due to null pointer dereference when invalid vendor pass through command sent from remote in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS405, QCS605, SD 636, SD 675, SD 730, SD 820A, SD 835, SD 845 /… | ||
| CVE-2019-10508 | Hig | 0.51 | 7.8 | 0.00 | Sep 30, 2019 | Lack of input validation for data received from user space can lead to OOB access in WLAN in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon… | ||
| CVE-2019-10507 | Hig | 0.51 | 7.8 | 0.00 | Sep 30, 2019 | Lack of check of extscan change results received from firmware can lead to an out of buffer read in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206,… | ||
| CVE-2019-10506 | Hig | 0.51 | 7.8 | 0.00 | Sep 30, 2019 | While processing QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY vendor command, driver does not validate the data obtained from the user space which could be invalid and thus leads to an undesired behaviour in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon… | ||
| CVE-2019-10501 | Hig | 0.51 | 7.8 | 0.00 | Sep 30, 2019 | Possible use after free issue due to improper input validation in volume listener library in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607,… | ||
| CVE-2019-10499 | Hig | 0.51 | 7.8 | 0.00 | Sep 30, 2019 | Improper validation of read and write index of tx and rx fifo`s before using for data copy from fifo can lead to out-of-bound access. in Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, QCS405, SD 665, SD… | ||
| CVE-2019-10498 | Hig | 0.51 | 7.8 | 0.00 | Sep 30, 2019 | Buffer overflow scenario if the client sends more than 5 io_vec requests to the server in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150,… | ||
| CVE-2019-10497 | Hig | 0.51 | 7.8 | 0.00 | Sep 30, 2019 | Use after free issue occurs If another instance of open for voice_svc node has been called from application without closing the previous one. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music,… | ||
| CVE-2019-10492 | Hig | 0.51 | 7.8 | 0.00 | Sep 30, 2019 | Boot image not getting verified by AVB in Snapdragon Auto, Snapdragon Mobile, Snapdragon Wearables in MDM9607, MSM8909W, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 820, SD 820A, SDM439 | ||
| CVE-2019-10489 | Hig | 0.49 | 7.5 | 0.01 | Sep 30, 2019 | Possible null-pointer dereference can occur while parsing avi clip during copy in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607,… | ||
| CVE-2019-17046 | Hig | 0.47 | 7.2 | 0.04 | Sep 30, 2019 | Ilch 2.1.22 allows remote code execution because php is listed under "Allowed files" on the index.php/admin/media/settings/index page. | ||
| CVE-2019-16997 | Hig | 0.51 | 7.2 | 0.49 | Sep 30, 2019 | In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/language/admin/language_general.class.php via the admin/?n=language&c=language_general&a=doExportPack appno parameter. | ||
| CVE-2019-16996 | Hig | 0.48 | 7.2 | 0.12 | Sep 30, 2019 | In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/product_admin.class.php via the admin/?n=product&c=product_admin&a=dopara&app_type=shop id parameter. | ||
| CVE-2019-16995 | Hig | 0.42 | 7.5 | 0.04 | Sep 30, 2019 | In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d. | ||
| CVE-2019-16745 | Hig | 0.57 | 8.8 | 0.02 | Sep 30, 2019 | eBrigade before 5.0 has evenement_choice.php chxCal SQL Injection. | ||
| CVE-2019-16744 | Hig | 0.57 | 8.8 | 0.02 | Sep 30, 2019 | eBrigade before 5.0 has evenements.php cid SQL Injection. | ||
| CVE-2019-16743 | Hig | 0.57 | 8.8 | 0.02 | Sep 30, 2019 | eBrigade before 5.0 has evenement_ical.php evenement SQL Injection. | ||
| CVE-2017-18636 | Hig | 0.49 | 7.5 | 0.02 | Sep 30, 2019 | CDG through 2017-01-01 allows downloadDocument.jsp?command=download&pathAndName= directory traversal. | ||
| CVE-2019-16993 | — | Hig | 0.50 | 8.8 | 0.01 | Sep 30, 2019 | In phpBB before 3.1.7-PL1, includes/acp/acp_bbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator… | |
| CVE-2019-16992 | Hig | 0.49 | 7.5 | 0.01 | Sep 30, 2019 | The Keybase app 2.13.2 for iOS provides potentially insufficient notice that it is employing a user's private key to sign a certain cryptocurrency attestation (that an address at keybase.io can be used for Stellar payments to the user), which might be incompatible with a user's… | ||
| CVE-2019-3746 | Hig | 0.57 | 8.8 | 0.02 | Sep 27, 2019 | Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do not limit the number of authentication attempts to the ACM API. An authenticated remote user may exploit this vulnerability to launch a brute-force authentication attack in order to gain access to the system. | ||
| CVE-2019-3736 | Hig | 0.47 | 7.2 | 0.01 | Sep 27, 2019 | Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a password storage vulnerability in the ACM component. A remote authenticated malicious user with root privileges may potentially use a support tool to decrypt encrypted passwords stored locally on the… | ||
| CVE-2019-11927 | Hig | 0.51 | 7.8 | 0.01 | Sep 27, 2019 | An integer overflow in WhatsApp media parsing libraries allows a remote attacker to perform an out-of-bounds write on the heap via specially-crafted EXIF tags in WEBP images. This issue affects WhatsApp for Android before version 2.19.143 and WhatsApp for iOS before version… | ||
| CVE-2019-9463 | Hig | 0.47 | 7.3 | 0.00 | Sep 27, 2019 | In Platform, there is a possible bypass of user interaction requirements due to background app interception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions:… | ||
| CVE-2019-9462 | Hig | 0.49 | 7.5 | 0.01 | Sep 27, 2019 | In Bluetooth, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID:… | ||
| CVE-2019-9432 | Hig | 0.49 | 7.5 | 0.01 | Sep 27, 2019 | In Bluetooth, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure in the Bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation. Product:… | ||
| CVE-2019-9430 | Hig | 0.49 | 7.5 | 0.01 | Sep 27, 2019 | In Bluetooth, there is a possible null pointer dereference due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID:… | ||
| CVE-2019-9429 | Hig | 0.51 | 7.8 | 0.00 | Sep 27, 2019 | In profman, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID:… | ||
| CVE-2019-9425 | Hig | 0.49 | 7.5 | 0.01 | Sep 27, 2019 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID:… | ||
| CVE-2019-9424 | Hig | 0.49 | 7.5 | 0.00 | Sep 27, 2019 | In the Screen Lock, there is a possible information disclosure due to an unusual root cause. In certain circumstances, the setting to hide the unlock pattern can be ignored. Product: AndroidVersions: Android-10Android ID: A-110941092 | ||
| CVE-2019-9423 | — | Hig | 0.51 | 7.8 | 0.00 | Sep 27, 2019 | In opencv calls that use libpng, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges required. User interaction is not required for exploitation. Product: AndroidVersions:… | |
| CVE-2019-9422 | Hig | 0.49 | 7.5 | 0.01 | Sep 27, 2019 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID:… |
- risk 0.51cvss 7.8epss 0.00
JetBrains Rider before 2019.1.2 was using an unsigned JetBrains.Rider.Unity.Editor.Plugin.Repacked.dll file.
- risk 0.49cvss 7.5epss 0.01
Jenkins SourceGear Vault Plugin transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure.
- risk 0.49cvss 7.5epss 0.01
Jenkins LDAP Email Plugin transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
- risk 0.51cvss 7.8epss 0.01
The Imagination Technologies driver for Chrome OS before R74-11895.B, R75 before R75-12105.B, and R76 before R76-12208.0.0 allows attackers to trigger an Integer Overflow and gain privileges via a malicious application. This occurs because of intentional access for the GPU…
- risk 0.49cvss 7.5epss 0.01
RSA BSAFE Crypto-C Micro Edition, versions prior to 4.0.5.3 (in 4.0.x) and versions prior to 4.1.3.3 (in 4.1.x), and RSA Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) versions prior to 4.1.6.1 (in 4.1.x) and versions prior to 4.3.3 (4.2.x and 4.3.x) are vulnerable to…
- risk 0.49cvss 7.5epss 0.01
RSA BSAFE Crypto-C Micro Edition versions prior to 4.1.4 and RSA Micro Edition Suite versions prior to 4.4 are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving…
- risk 0.49cvss 7.5epss 0.01
RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 (in 4.1.x) and prior to 4.4 (in 4.2.x and 4.3.x), are vulnerable to an Information Exposure Through an Error Message vulnerability, also known as a “padding oracle attack vulnerability”. A malicious remote user could…
- risk 0.49cvss 7.5epss 0.02
RSA BSAFE Crypto-C Micro Edition versions from 4.0.0.0 before 4.0.5.4 and from 4.1.0 before 4.1.4, RSA BSAFE Micro Edition Suite versions from 4.0.0 before 4.0.13 and from 4.1.0 before 4.4 and RSA Crypto-C versions from 6.0.0 through 6.4.* are vulnerable to an out-of-bounds read…
- risk 0.51cvss 7.8epss 0.02
Evernote before 7.13 GA on macOS allows code execution because the com.apple.quarantine attribute is not used for attachment files, as demonstrated by a one-click attack involving a drag-and-drop operation on a crafted Terminal file.
- risk 0.49cvss 7.5epss 0.01
Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs involving 3 functions exhausting available stack memory because of Uncontrolled Recursion in the V8 JavaScript engine (issue 2 of 2).
- risk 0.49cvss 7.5epss 0.01
Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs involving 3 functions exhausting available stack memory because of Uncontrolled Recursion in the V8 JavaScript engine (issue 1 of 2).
- risk 0.47cvss 7.2epss 0.01
An issue was discovered in the Voyager package through 1.2.7 for Laravel. An attacker with admin privileges and Compass access can read or delete arbitrary files, such as the .env file. NOTE: a software maintainer has suggested a solution in which Compass is switched off in a…
- risk 0.49cvss 7.5epss 0.01
NETGEAR SRX5308 4.3.5-3 devices allow SQL Injection, as exploited in the wild in September 2019 to add a new user account.
- risk 0.42cvss 7.5epss 0.05
Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.
- risk 0.49cvss 7.5epss 0.01
Western Digital SSD Dashboard before 2.5.1.0 and SanDisk SSD Dashboard before 2.5.1.0 have Incorrect Access Control. The “generate reports” archive is protected with a hard-coded password. An application update that addresses the protection of archive encryption is available.
- risk 0.51cvss 7.8epss 0.00
Buffer overflow when the audio buffer size provided by user is larger than the maximum allowable audio buffer size. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon…
- risk 0.51cvss 7.8epss 0.00
Buffer overflow due to improper validation of buffer size while IPA driver processing to perform read operation in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in…
- risk 0.46cvss 7.0epss 0.00
Possible use-after-free issue due to a race condition while calling camera ioctl concurrently in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, QCS405, QCS605, Qualcomm 215,…
- risk 0.53cvss 8.2epss 0.01
BT process died and BT toggled due to null pointer dereference when invalid vendor pass through command sent from remote in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS405, QCS605, SD 636, SD 675, SD 730, SD 820A, SD 835, SD 845 /…
- risk 0.51cvss 7.8epss 0.00
Lack of input validation for data received from user space can lead to OOB access in WLAN in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon…
- risk 0.51cvss 7.8epss 0.00
Lack of check of extscan change results received from firmware can lead to an out of buffer read in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206,…
- risk 0.51cvss 7.8epss 0.00
While processing QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY vendor command, driver does not validate the data obtained from the user space which could be invalid and thus leads to an undesired behaviour in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon…
- risk 0.51cvss 7.8epss 0.00
Possible use after free issue due to improper input validation in volume listener library in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607,…
- risk 0.51cvss 7.8epss 0.00
Improper validation of read and write index of tx and rx fifo`s before using for data copy from fifo can lead to out-of-bound access. in Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, QCS405, SD 665, SD…
- risk 0.51cvss 7.8epss 0.00
Buffer overflow scenario if the client sends more than 5 io_vec requests to the server in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150,…
- risk 0.51cvss 7.8epss 0.00
Use after free issue occurs If another instance of open for voice_svc node has been called from application without closing the previous one. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music,…
- risk 0.51cvss 7.8epss 0.00
Boot image not getting verified by AVB in Snapdragon Auto, Snapdragon Mobile, Snapdragon Wearables in MDM9607, MSM8909W, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 820, SD 820A, SDM439
- risk 0.49cvss 7.5epss 0.01
Possible null-pointer dereference can occur while parsing avi clip during copy in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607,…
- risk 0.47cvss 7.2epss 0.04
Ilch 2.1.22 allows remote code execution because php is listed under "Allowed files" on the index.php/admin/media/settings/index page.
- risk 0.51cvss 7.2epss 0.49
In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/language/admin/language_general.class.php via the admin/?n=language&c=language_general&a=doExportPack appno parameter.
- risk 0.48cvss 7.2epss 0.12
In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/product_admin.class.php via the admin/?n=product&c=product_admin&a=dopara&app_type=shop id parameter.
- risk 0.42cvss 7.5epss 0.04
In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d.
- risk 0.57cvss 8.8epss 0.02
eBrigade before 5.0 has evenement_choice.php chxCal SQL Injection.
- risk 0.57cvss 8.8epss 0.02
eBrigade before 5.0 has evenements.php cid SQL Injection.
- risk 0.57cvss 8.8epss 0.02
eBrigade before 5.0 has evenement_ical.php evenement SQL Injection.
- risk 0.49cvss 7.5epss 0.02
CDG through 2017-01-01 allows downloadDocument.jsp?command=download&pathAndName= directory traversal.
- risk 0.50cvss 8.8epss 0.01
In phpBB before 3.1.7-PL1, includes/acp/acp_bbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator…
- risk 0.49cvss 7.5epss 0.01
The Keybase app 2.13.2 for iOS provides potentially insufficient notice that it is employing a user's private key to sign a certain cryptocurrency attestation (that an address at keybase.io can be used for Stellar payments to the user), which might be incompatible with a user's…
- risk 0.57cvss 8.8epss 0.02
Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do not limit the number of authentication attempts to the ACM API. An authenticated remote user may exploit this vulnerability to launch a brute-force authentication attack in order to gain access to the system.
- risk 0.47cvss 7.2epss 0.01
Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a password storage vulnerability in the ACM component. A remote authenticated malicious user with root privileges may potentially use a support tool to decrypt encrypted passwords stored locally on the…
- risk 0.51cvss 7.8epss 0.01
An integer overflow in WhatsApp media parsing libraries allows a remote attacker to perform an out-of-bounds write on the heap via specially-crafted EXIF tags in WEBP images. This issue affects WhatsApp for Android before version 2.19.143 and WhatsApp for iOS before version…
- risk 0.47cvss 7.3epss 0.00
In Platform, there is a possible bypass of user interaction requirements due to background app interception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions:…
- risk 0.49cvss 7.5epss 0.01
In Bluetooth, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID:…
- risk 0.49cvss 7.5epss 0.01
In Bluetooth, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure in the Bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation. Product:…
- risk 0.49cvss 7.5epss 0.01
In Bluetooth, there is a possible null pointer dereference due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID:…
- risk 0.51cvss 7.8epss 0.00
In profman, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID:…
- risk 0.49cvss 7.5epss 0.01
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID:…
- risk 0.49cvss 7.5epss 0.00
In the Screen Lock, there is a possible information disclosure due to an unusual root cause. In certain circumstances, the setting to hide the unlock pattern can be ignored. Product: AndroidVersions: Android-10Android ID: A-110941092
- risk 0.51cvss 7.8epss 0.00
In opencv calls that use libpng, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges required. User interaction is not required for exploitation. Product: AndroidVersions:…
- risk 0.49cvss 7.5epss 0.01
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID:…