| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-15597 | — | Cri | 0.64 | 9.8 | 0.03 | Dec 18, 2019 | A code injection exists in node-df v0.1.4 that can allow an attacker to remote code execution by unsanitized input. | |
| CVE-2019-5081 | Cri | 0.64 | 9.8 | 0.05 | Dec 18, 2019 | An exploitable heap buffer overflow vulnerability exists in the iocheckd service ''I/O-Chec'' functionality of WAGO PFC 200 Firmware version 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer… | ||
| CVE-2019-5077 | Cri | 0.59 | 9.1 | 0.02 | Dec 18, 2019 | An exploitable denial-of-service vulnerability exists in the iocheckd service ‘’I/O-Chec’’ functionality of WAGO PFC 200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC 100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a denial… | ||
| CVE-2019-5074 | Cri | 0.64 | 9.8 | 0.03 | Dec 18, 2019 | An exploitable stack buffer overflow vulnerability exists in the iocheckd service ''I/O-Check'' functionality of WAGO PFC200 Firmware version 03.01.07(13), WAGO PFC200 Firmware version 03.00.39(12) and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets… | ||
| CVE-2019-19690 | Cri | 0.64 | 9.8 | 0.01 | Dec 18, 2019 | Trend Micro Mobile Security for Android (Consumer) versions 10.3.1 and below on Android 8.0+ has an issue in which an attacker could bypass the product's App Password Protection feature. | ||
| CVE-2019-19844 | — | Cri | 0.62 | 9.8 | 0.35 | Dec 18, 2019 | Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token… | |
| CVE-2019-8849 | — | Cri | 0.57 | 9.8 | 0.02 | Dec 18, 2019 | The issue was addressed by signaling that an executable stack is not required. This issue is fixed in SwiftNIO SSL 2.4.1. A SwiftNIO application using TLS may be able to execute arbitrary code. | |
| CVE-2019-8779 | Cri | 0.65 | 10.0 | 0.01 | Dec 18, 2019 | A logic issue applied the incorrect restrictions. This issue was addressed by updating the logic to apply the correct restrictions. This issue is fixed in iOS 13.1.1 and iPadOS 13.1.1. Third party app extensions may not receive the correct sandbox restrictions. | ||
| CVE-2019-8750 | Cri | 0.64 | 9.8 | 0.02 | Dec 18, 2019 | Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in watchOS 6.1, iCloud for Windows 11.0. Multiple issues in libxslt. | ||
| CVE-2019-8662 | Cri | 0.67 | 9.8 | 0.10 | Dec 18, 2019 | This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. An attacker may be able to trigger a use-after-free in an application deserializing an untrusted NSDictionary. | ||
| CVE-2019-8661 | Cri | 0.67 | 9.8 | 0.10 | Dec 18, 2019 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.6. A remote attacker may be able to cause arbitrary code execution. | ||
| CVE-2019-8660 | Cri | 0.68 | 9.8 | 0.14 | Dec 18, 2019 | A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. | ||
| CVE-2019-8648 | Cri | 0.64 | 9.8 | 0.03 | Dec 18, 2019 | A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to cause arbitrary code execution. | ||
| CVE-2019-8647 | Cri | 0.68 | 9.8 | 0.13 | Dec 18, 2019 | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.4, tvOS 12.4, watchOS 5.3. A remote attacker may be able to cause arbitrary code execution. | ||
| CVE-2019-8641 | Cri | 0.68 | 9.8 | 0.17 | Dec 18, 2019 | An out-of-bounds read was addressed with improved input validation. | ||
| CVE-2019-8617 | Cri | 0.62 | 9.6 | 0.01 | Dec 18, 2019 | An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 12.3. A sandboxed process may be able to circumvent sandbox restrictions. | ||
| CVE-2019-8613 | Cri | 0.68 | 9.8 | 0.13 | Dec 18, 2019 | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. A remote attacker may be able to cause arbitrary code execution. | ||
| CVE-2019-8600 | Cri | 0.65 | 9.8 | 0.20 | Dec 18, 2019 | A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A maliciously crafted SQL query may lead to arbitrary code execution. | ||
| CVE-2019-8562 | Cri | 0.63 | 9.6 | 0.01 | Dec 18, 2019 | A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows. A sandboxed process may be able to circumvent sandbox restrictions. | ||
| CVE-2019-8527 | Cri | 0.59 | 9.1 | 0.03 | Dec 18, 2019 | A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory. | ||
| CVE-2019-7290 | Cri | 0.65 | 10.0 | 0.01 | Dec 18, 2019 | An access issue was addressed with additional sandbox restrictions. This issue is fixed in Shortcuts 2.1.3 for iOS. A sandboxed process may be able to circumvent sandbox restrictions. | ||
| CVE-2019-4716 | Cri | 0.86 | 9.8 | 0.86 | KEV | Dec 18, 2019 | IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. IBM X-Force ID: 172094. | |
| CVE-2019-11400 | Cri | 0.65 | 9.8 | 0.17 | Dec 18, 2019 | An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. A buffer overflow occurs through the get_set.ccp ccp_act parameter. | ||
| CVE-2019-11399 | Cri | 0.64 | 9.8 | 0.03 | Dec 18, 2019 | An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. OS command injection occurs through the get_set.ccp lanHostCfg_HostName_1.1.1.0.0 parameter. | ||
| CVE-2019-2242 | Cri | 0.64 | 9.8 | 0.01 | Dec 18, 2019 | Device memory may get corrupted because of buffer overflow/underflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon… | ||
| CVE-2019-10614 | Cri | 0.64 | 9.8 | 0.01 | Dec 18, 2019 | Out of boundary access is possible as there is no validation of data accessed against the received size of the packet in case of malicious firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer… | ||
| CVE-2019-10572 | Cri | 0.64 | 9.8 | 0.01 | Dec 18, 2019 | Improper check in video driver while processing data from video firmware can lead to integer overflow and then buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon… | ||
| CVE-2019-10557 | Cri | 0.64 | 9.8 | 0.01 | Dec 18, 2019 | Out-of-bound read in the wireless driver in the Linux kernel due to lack of check of buffer length. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8009,… | ||
| CVE-2019-10525 | Cri | 0.64 | 9.8 | 0.01 | Dec 18, 2019 | Buffer overflow during SIB read when network configures complete sib list along with first and last segment of other SIB in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music,… | ||
| CVE-2019-10516 | Cri | 0.64 | 9.8 | 0.01 | Dec 18, 2019 | Multiple read overflows in MM while decoding service accept,service reject,attach reject and MT detach in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in… | ||
| CVE-2019-10500 | Cri | 0.64 | 9.8 | 0.01 | Dec 18, 2019 | While processing MT Secondary PDP request, Buffer overflow will happen due to incorrect calculation of buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon… | ||
| CVE-2019-10487 | Cri | 0.64 | 9.8 | 0.01 | Dec 18, 2019 | Buffer over read can happen while parsing SMS OTA messages at transport layer if network sends un-intended values in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon… | ||
| CVE-2019-19846 | Cri | 0.64 | 9.8 | 0.02 | Dec 18, 2019 | In Joomla! before 3.9.14, the lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors. | ||
| CVE-2019-18257 | Cri | 0.64 | 9.8 | 0.03 | Dec 17, 2019 | In Advantech DiagAnywhere Server, Versions 3.07.11 and prior, multiple stack-based buffer overflow vulnerabilities exist in the file transfer service listening on the TCP port. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code with the… | ||
| CVE-2019-19634 | — | Cri | 0.64 | 9.8 | 0.04 | Dec 17, 2019 | class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576. | |
| CVE-2019-18956 | Cri | 0.64 | 9.8 | 0.06 | Dec 17, 2019 | Divisa Proxia Suite 9 < 9.12.16, 9.11.19, 9.10.26, 9.9.8, 9.8.43 and 9.7.10, 10.0 < 10.0.32, and 10.1 < 10.1.5, SparkSpace 1.0 < 1.0.30, 1.1 < 1.1.2, and 1.2 < 1.2.4, and Proxia PHR 1.0 < 1.0.30 and 1.1 < 1.1.2 allows remote code execution via untrusted Java deserialization. The… | ||
| CVE-2019-19826 | Cri | 0.64 | 9.8 | 0.02 | Dec 16, 2019 | The Views Dynamic Fields module through 7.x-1.0-alpha4 for Drupal makes insecure unserialize calls in handlers/views_handler_filter_dynamic_fields.inc, as demonstrated by PHP object injection, involving a field_names object and an Archive_Tar object, for file deletion. Code… | ||
| CVE-2019-18269 | Cri | 0.64 | 9.8 | 0.01 | Dec 16, 2019 | Omron’s CS and CJ series PLCs have an unrestricted externally accessible lock vulnerability. | ||
| CVE-2019-18261 | Cri | 0.64 | 9.8 | 0.01 | Dec 16, 2019 | In Omron PLC CS series, all versions, Omron PLC CJ series, all versions, and Omron PLC NJ series, all versions, the software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to… | ||
| CVE-2019-18259 | Cri | 0.64 | 9.8 | 0.02 | Dec 16, 2019 | In Omron PLC CJ series, all versions and Omron PLC CS series, all versions, an attacker could spoof arbitrary messages or execute commands. | ||
| CVE-2019-18830 | Cri | 0.64 | 9.8 | 0.04 | Dec 16, 2019 | Barco ClickShare Button R9861500D01 devices before 1.9.0 allow OS Command Injection. The embedded 'dongle_bridge' program used to expose the functionalities of the ClickShare Button to a USB host, is vulnerable to OS command injection vulnerabilities. These vulnerabilities could… | ||
| CVE-2019-18826 | Cri | 0.64 | 9.8 | 0.01 | Dec 16, 2019 | Barco ClickShare Button R9861500D01 devices before 1.9.0 have Improper Following of a Certificate's Chain of Trust. The embedded 'dongle_bridge' program used to expose the functionalities of the ClickShare Button to a USB host, does not properly validate the whole certificate… | ||
| CVE-2014-8650 | — | Cri | 0.57 | 9.8 | 0.04 | Dec 15, 2019 | python-requests-Kerberos through 0.5 does not handle mutual authentication | |
| CVE-2014-3699 | Cri | 0.64 | 9.8 | 0.02 | Dec 15, 2019 | eDeploy has RCE via cPickle deserialization of untrusted data | ||
| CVE-2019-17364 | Cri | 0.64 | 9.8 | 0.04 | Dec 13, 2019 | The processCommandUploadLog() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. | ||
| CVE-2019-16737 | Cri | 0.64 | 9.8 | 0.04 | Dec 13, 2019 | The processCommandSetMac() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. | ||
| CVE-2019-16736 | Cri | 0.64 | 9.8 | 0.03 | Dec 13, 2019 | A stack-based buffer overflow in processCommandUploadSnapshot in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to cause denial of service or run arbitrary code as the root user. | ||
| CVE-2019-16735 | Cri | 0.64 | 9.8 | 0.03 | Dec 13, 2019 | A stack-based buffer overflow in processCommandUploadLog in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to cause denial of service or run arbitrary code as the root user. | ||
| CVE-2019-16734 | Cri | 0.64 | 9.8 | 0.03 | Dec 13, 2019 | Use of default credentials for the TELNET server in Petwant PF-103 firmware 4.3.2.50 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. | ||
| CVE-2019-16733 | Cri | 0.64 | 9.8 | 0.04 | Dec 13, 2019 | processCommandSetUid() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. |
- risk 0.64cvss 9.8epss 0.03
A code injection exists in node-df v0.1.4 that can allow an attacker to remote code execution by unsanitized input.
- risk 0.64cvss 9.8epss 0.05
An exploitable heap buffer overflow vulnerability exists in the iocheckd service ''I/O-Chec'' functionality of WAGO PFC 200 Firmware version 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer…
- risk 0.59cvss 9.1epss 0.02
An exploitable denial-of-service vulnerability exists in the iocheckd service ‘’I/O-Chec’’ functionality of WAGO PFC 200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC 100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a denial…
- risk 0.64cvss 9.8epss 0.03
An exploitable stack buffer overflow vulnerability exists in the iocheckd service ''I/O-Check'' functionality of WAGO PFC200 Firmware version 03.01.07(13), WAGO PFC200 Firmware version 03.00.39(12) and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets…
- risk 0.64cvss 9.8epss 0.01
Trend Micro Mobile Security for Android (Consumer) versions 10.3.1 and below on Android 8.0+ has an issue in which an attacker could bypass the product's App Password Protection feature.
- risk 0.62cvss 9.8epss 0.35
Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token…
- risk 0.57cvss 9.8epss 0.02
The issue was addressed by signaling that an executable stack is not required. This issue is fixed in SwiftNIO SSL 2.4.1. A SwiftNIO application using TLS may be able to execute arbitrary code.
- risk 0.65cvss 10.0epss 0.01
A logic issue applied the incorrect restrictions. This issue was addressed by updating the logic to apply the correct restrictions. This issue is fixed in iOS 13.1.1 and iPadOS 13.1.1. Third party app extensions may not receive the correct sandbox restrictions.
- risk 0.64cvss 9.8epss 0.02
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in watchOS 6.1, iCloud for Windows 11.0. Multiple issues in libxslt.
- risk 0.67cvss 9.8epss 0.10
This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. An attacker may be able to trigger a use-after-free in an application deserializing an untrusted NSDictionary.
- risk 0.67cvss 9.8epss 0.10
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.6. A remote attacker may be able to cause arbitrary code execution.
- risk 0.68cvss 9.8epss 0.14
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
- risk 0.64cvss 9.8epss 0.03
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to cause arbitrary code execution.
- risk 0.68cvss 9.8epss 0.13
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.4, tvOS 12.4, watchOS 5.3. A remote attacker may be able to cause arbitrary code execution.
- risk 0.68cvss 9.8epss 0.17
An out-of-bounds read was addressed with improved input validation.
- risk 0.62cvss 9.6epss 0.01
An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 12.3. A sandboxed process may be able to circumvent sandbox restrictions.
- risk 0.68cvss 9.8epss 0.13
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. A remote attacker may be able to cause arbitrary code execution.
- risk 0.65cvss 9.8epss 0.20
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A maliciously crafted SQL query may lead to arbitrary code execution.
- risk 0.63cvss 9.6epss 0.01
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows. A sandboxed process may be able to circumvent sandbox restrictions.
- risk 0.59cvss 9.1epss 0.03
A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.
- risk 0.65cvss 10.0epss 0.01
An access issue was addressed with additional sandbox restrictions. This issue is fixed in Shortcuts 2.1.3 for iOS. A sandboxed process may be able to circumvent sandbox restrictions.
- risk 0.86cvss 9.8epss 0.86
IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. IBM X-Force ID: 172094.
- risk 0.65cvss 9.8epss 0.17
An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. A buffer overflow occurs through the get_set.ccp ccp_act parameter.
- risk 0.64cvss 9.8epss 0.03
An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. OS command injection occurs through the get_set.ccp lanHostCfg_HostName_1.1.1.0.0 parameter.
- risk 0.64cvss 9.8epss 0.01
Device memory may get corrupted because of buffer overflow/underflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon…
- risk 0.64cvss 9.8epss 0.01
Out of boundary access is possible as there is no validation of data accessed against the received size of the packet in case of malicious firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer…
- risk 0.64cvss 9.8epss 0.01
Improper check in video driver while processing data from video firmware can lead to integer overflow and then buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon…
- risk 0.64cvss 9.8epss 0.01
Out-of-bound read in the wireless driver in the Linux kernel due to lack of check of buffer length. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8009,…
- risk 0.64cvss 9.8epss 0.01
Buffer overflow during SIB read when network configures complete sib list along with first and last segment of other SIB in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music,…
- risk 0.64cvss 9.8epss 0.01
Multiple read overflows in MM while decoding service accept,service reject,attach reject and MT detach in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in…
- risk 0.64cvss 9.8epss 0.01
While processing MT Secondary PDP request, Buffer overflow will happen due to incorrect calculation of buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon…
- risk 0.64cvss 9.8epss 0.01
Buffer over read can happen while parsing SMS OTA messages at transport layer if network sends un-intended values in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon…
- risk 0.64cvss 9.8epss 0.02
In Joomla! before 3.9.14, the lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors.
- risk 0.64cvss 9.8epss 0.03
In Advantech DiagAnywhere Server, Versions 3.07.11 and prior, multiple stack-based buffer overflow vulnerabilities exist in the file transfer service listening on the TCP port. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code with the…
- risk 0.64cvss 9.8epss 0.04
class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576.
- risk 0.64cvss 9.8epss 0.06
Divisa Proxia Suite 9 < 9.12.16, 9.11.19, 9.10.26, 9.9.8, 9.8.43 and 9.7.10, 10.0 < 10.0.32, and 10.1 < 10.1.5, SparkSpace 1.0 < 1.0.30, 1.1 < 1.1.2, and 1.2 < 1.2.4, and Proxia PHR 1.0 < 1.0.30 and 1.1 < 1.1.2 allows remote code execution via untrusted Java deserialization. The…
- risk 0.64cvss 9.8epss 0.02
The Views Dynamic Fields module through 7.x-1.0-alpha4 for Drupal makes insecure unserialize calls in handlers/views_handler_filter_dynamic_fields.inc, as demonstrated by PHP object injection, involving a field_names object and an Archive_Tar object, for file deletion. Code…
- risk 0.64cvss 9.8epss 0.01
Omron’s CS and CJ series PLCs have an unrestricted externally accessible lock vulnerability.
- risk 0.64cvss 9.8epss 0.01
In Omron PLC CS series, all versions, Omron PLC CJ series, all versions, and Omron PLC NJ series, all versions, the software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to…
- risk 0.64cvss 9.8epss 0.02
In Omron PLC CJ series, all versions and Omron PLC CS series, all versions, an attacker could spoof arbitrary messages or execute commands.
- risk 0.64cvss 9.8epss 0.04
Barco ClickShare Button R9861500D01 devices before 1.9.0 allow OS Command Injection. The embedded 'dongle_bridge' program used to expose the functionalities of the ClickShare Button to a USB host, is vulnerable to OS command injection vulnerabilities. These vulnerabilities could…
- risk 0.64cvss 9.8epss 0.01
Barco ClickShare Button R9861500D01 devices before 1.9.0 have Improper Following of a Certificate's Chain of Trust. The embedded 'dongle_bridge' program used to expose the functionalities of the ClickShare Button to a USB host, does not properly validate the whole certificate…
- risk 0.57cvss 9.8epss 0.04
python-requests-Kerberos through 0.5 does not handle mutual authentication
- risk 0.64cvss 9.8epss 0.02
eDeploy has RCE via cPickle deserialization of untrusted data
- risk 0.64cvss 9.8epss 0.04
The processCommandUploadLog() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.
- risk 0.64cvss 9.8epss 0.04
The processCommandSetMac() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.
- risk 0.64cvss 9.8epss 0.03
A stack-based buffer overflow in processCommandUploadSnapshot in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to cause denial of service or run arbitrary code as the root user.
- risk 0.64cvss 9.8epss 0.03
A stack-based buffer overflow in processCommandUploadLog in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to cause denial of service or run arbitrary code as the root user.
- risk 0.64cvss 9.8epss 0.03
Use of default credentials for the TELNET server in Petwant PF-103 firmware 4.3.2.50 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.
- risk 0.64cvss 9.8epss 0.04
processCommandSetUid() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.