| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-14771 | Cri | 0.64 | 9.8 | 0.03 | Aug 8, 2019 | Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 allows the upload of entire-site configuration archives through the user interface or command line. It does not sufficiently check uploaded archives for invalid data, potentially allowing non-configuration scripts to be… | ||
| CVE-2019-1895 | Cri | 0.64 | 9.8 | 0.02 | Aug 7, 2019 | A vulnerability in the Virtual Network Computing (VNC) console implementation of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to access the VNC console session of an administrative user on an affected device. The… | ||
| CVE-2019-5476 | Cri | 0.64 | 9.8 | 0.02 | Aug 7, 2019 | An SQL Injection in the Nextcloud Lookup-Server < v0.3.0 (running on https://lookup.nextcloud.com) caused unauthenticated users to be able to execute arbitrary SQL commands. | ||
| CVE-2019-14537 | — | Cri | 0.00 | 9.8 | 0.06 | Aug 7, 2019 | YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass. | |
| CVE-2019-14746 | Cri | 0.64 | 9.8 | 0.01 | Aug 7, 2019 | A issue was discovered in KuaiFanCMS 5.0. It allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request. | ||
| CVE-2018-20961 | Cri | 0.01 | 9.8 | 0.06 | Aug 7, 2019 | In the Linux kernel before 4.16.4, a double free vulnerability in the f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c in the f_midi driver may allow attackers to cause a denial of service or possibly have unspecified other impact. | ||
| CVE-2019-1913 | Cri | 0.69 | 9.8 | 0.26 | Aug 7, 2019 | Multiple vulnerabilities in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to overflow a buffer, which then allows the execution of arbitrary code with root privileges on the underlying operating… | ||
| CVE-2019-1912 | Cri | 0.64 | 9.1 | 0.17 | Aug 7, 2019 | A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to upload arbitrary files. The vulnerability is due to incomplete authorization checks in the web management interface. An attacker… | ||
| CVE-2019-14709 | Cri | 0.64 | 9.8 | 0.02 | Aug 6, 2019 | A cleartext password storage issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. The file in question is /usr/local/ipsca/mipsca.db. If a camera is compromised, the attacker can gain access to passwords and abuse them to compromise further… | ||
| CVE-2019-14708 | Cri | 0.64 | 9.8 | 0.04 | Aug 6, 2019 | An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. A buffer overflow in the action parameter leads to remote code execution in the context of the nobody account. | ||
| CVE-2019-14704 | Cri | 0.64 | 9.8 | 0.02 | Aug 6, 2019 | An SSRF issue was discovered in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 via FTP commands following a newline character in the uploadfile field. | ||
| CVE-2019-14702 | Cri | 0.64 | 9.8 | 0.02 | Aug 6, 2019 | An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. SQL injection vulnerabilities exist in 13 forms that are reachable through HTTPD. An attacker can, for example, create an admin account. | ||
| CVE-2019-14699 | Cri | 0.64 | 9.8 | 0.06 | Aug 6, 2019 | An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can exploit OS Command Injection in the filename parameter for remote code execution as root. This occurs in the Mainproc executable file, which can be run from the HTTPD web… | ||
| CVE-2019-14698 | Cri | 0.64 | 9.8 | 0.04 | Aug 6, 2019 | An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. In a CGI program running under the HTTPD web server, a buffer overflow in the param parameter leads to remote code execution in the context of the nobody account. | ||
| CVE-2019-5685 | Cri | 0.64 | 9.8 | 0.05 | Aug 6, 2019 | NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access to a shader local temporary array, which may lead to denial of service or code execution. | ||
| CVE-2019-5684 | Cri | 0.65 | 10.0 | 0.05 | Aug 6, 2019 | NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access of an input texture array, which may lead to denial of service or code execution. | ||
| CVE-2019-13143 | Cri | 0.64 | 9.8 | 0.03 | Aug 6, 2019 | An HTTP parameter pollution issue was discovered on Shenzhen Dragon Brothers Fingerprint Bluetooth Round Padlock FB50 2.3. With the user ID, user name, and the lock's MAC address, anyone can unbind the existing owner of the lock, and bind themselves instead. This leads to… | ||
| CVE-2019-14697 | Cri | 0.64 | 9.8 | 0.03 | Aug 6, 2019 | musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code. | ||
| CVE-2019-14695 | Cri | 0.64 | 9.8 | 0.03 | Aug 6, 2019 | A SQL injection vulnerability exists in the Sygnoos Popup Builder plugin before 3.45 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via com/libs/Table.php because Subscribers… | ||
| CVE-2019-5502 | Cri | 0.59 | 9.1 | 0.01 | Aug 5, 2019 | SMB in Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 has weak cryptography which when exploited could lead to information disclosure or addition or modification of data. | ||
| CVE-2019-14348 | Cri | 0.68 | 9.8 | 0.21 | Aug 5, 2019 | The BearDev JoomSport plugin 3.3 for WordPress allows SQL injection to steal, modify, or delete database information via the joomsport_season/new-yorkers/?action=playerlist sid parameter. | ||
| CVE-2019-14551 | Cri | 0.64 | 9.8 | 0.01 | Aug 3, 2019 | Das Q before 2019-08-02 allows web sites to execute arbitrary code on client machines, as demonstrated by a cross-origin /install request with an attacker-controlled releaseUrl, which triggers download and execution of code within a ZIP archive. | ||
| CVE-2019-14544 | — | Cri | 0.57 | 9.8 | 0.02 | Aug 2, 2019 | routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for routes: deploy keys, collaborators, and hooks. | |
| CVE-2019-7163 | Cri | 0.64 | 9.8 | 0.02 | Aug 2, 2019 | The web interface of Alcatel LINKZONE MW40-V-V1.0 MW40_LU_02.00_02 devices is vulnerable to an authentication bypass that allows an unauthenticated user to have access to the web interface without knowing the administrator's password. | ||
| CVE-2019-9141 | Cri | 0.64 | 9.8 | 0.02 | Aug 2, 2019 | ZInsVX.dll ActiveX Control 2018.02 and earlier in Zoneplayer contains a vulnerability that could allow remote attackers to execute arbitrary files by setting the arguments to the ActiveX method. This can be leveraged for remote code execution. | ||
| CVE-2019-14532 | Cri | 0.64 | 9.8 | 0.02 | Aug 2, 2019 | An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off-by-one overwrite due to an underflow on tools/hashtools/hfind.cpp while using a bogus hash table. | ||
| CVE-2019-14531 | Cri | 0.64 | 9.8 | 0.02 | Aug 2, 2019 | An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an out of bounds read on iso9660 while parsing System Use Sharing Protocol data in fs/iso9660.c. | ||
| CVE-2019-14529 | Cri | 0.02 | 9.8 | 0.28 | Aug 2, 2019 | OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php. | ||
| CVE-2019-10938 | Cri | 0.64 | 9.8 | 0.01 | Aug 2, 2019 | A vulnerability has been identified in SIPROTEC 5 devices with CPU variants CP200 (All versions < V7.59), SIPROTEC 5 devices with CPU variants CP300 and CP100 (All versions < V8.01), Siemens Power Meters Series 9410 (All versions < V2.2.1), Siemens Power Meters Series 9810 (All… | ||
| CVE-2016-10817 | Cri | 0.64 | 9.8 | 0.02 | Aug 1, 2019 | cPanel before 57.9999.54 allows SQL Injection via the ModSecurity TailWatch log file (SEC-123). | ||
| CVE-2019-14495 | Cri | 0.00 | 9.8 | 0.02 | Aug 1, 2019 | webadmin.c in 3proxy before 0.8.13 has an out-of-bounds write in the admin interface. | ||
| CVE-2016-10824 | Cri | 0.64 | 9.8 | 0.03 | Aug 1, 2019 | cPanel before 55.9999.141 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-90). | ||
| CVE-2019-13572 | Cri | 0.64 | 9.8 | 0.02 | Aug 1, 2019 | The Adenion Blog2Social plugin through 5.5.0 for WordPress allows SQL Injection. | ||
| CVE-2016-10858 | Cri | 0.64 | 9.8 | 0.03 | Aug 1, 2019 | cPanel before 11.54.0.0 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-64). | ||
| CVE-2016-10855 | Cri | 0.64 | 9.8 | 0.03 | Aug 1, 2019 | cPanel before 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd (SEC-91). | ||
| CVE-2018-20887 | Cri | 0.64 | 9.8 | 0.01 | Aug 1, 2019 | cPanel before 74.0.0 allows SQL injection during database backups (SEC-420). | ||
| CVE-2019-14463 | Cri | 0.00 | 9.1 | 0.02 | Jul 31, 2019 | An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds read for the MODBUS_FC_WRITE_MULTIPLE_REGISTERS case, aka VD-1301. | ||
| CVE-2019-14462 | Cri | 0.00 | 9.1 | 0.02 | Jul 31, 2019 | An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds read for the MODBUS_FC_WRITE_MULTIPLE_COILS case, aka VD-1302. | ||
| CVE-2019-12797 | — | Cri | 0.64 | 9.8 | 0.01 | Jul 31, 2019 | A clone version of an ELM327 OBD2 Bluetooth device has a hardcoded PIN, leading to arbitrary commands to an OBD-II bus of a vehicle. | |
| CVE-2019-14204 | Cri | 0.64 | 9.8 | 0.02 | Jul 31, 2019 | An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_umountall_reply. | ||
| CVE-2019-14203 | Cri | 0.64 | 9.8 | 0.02 | Jul 31, 2019 | An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_mount_reply. | ||
| CVE-2019-14202 | Cri | 0.64 | 9.8 | 0.02 | Jul 31, 2019 | An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_readlink_reply. | ||
| CVE-2019-14201 | Cri | 0.64 | 9.8 | 0.02 | Jul 31, 2019 | An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_lookup_reply. | ||
| CVE-2019-14200 | Cri | 0.64 | 9.8 | 0.02 | Jul 31, 2019 | An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: rpc_lookup_reply. | ||
| CVE-2019-14199 | Cri | 0.64 | 9.8 | 0.02 | Jul 31, 2019 | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an *udp_packet_handler call. | ||
| CVE-2019-14198 | Cri | 0.64 | 9.8 | 0.02 | Jul 31, 2019 | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv3 case. | ||
| CVE-2019-14197 | Cri | 0.59 | 9.1 | 0.02 | Jul 31, 2019 | An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfs_read_reply. | ||
| CVE-2019-14196 | Cri | 0.64 | 9.8 | 0.02 | Jul 31, 2019 | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_lookup_reply. | ||
| CVE-2019-14195 | Cri | 0.64 | 9.8 | 0.02 | Jul 31, 2019 | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with unvalidated length at nfs_readlink_reply in the "else" block after calculating the new path length. | ||
| CVE-2019-14194 | Cri | 0.64 | 9.8 | 0.02 | Jul 31, 2019 | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv2 case. |
- risk 0.64cvss 9.8epss 0.03
Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 allows the upload of entire-site configuration archives through the user interface or command line. It does not sufficiently check uploaded archives for invalid data, potentially allowing non-configuration scripts to be…
- risk 0.64cvss 9.8epss 0.02
A vulnerability in the Virtual Network Computing (VNC) console implementation of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to access the VNC console session of an administrative user on an affected device. The…
- risk 0.64cvss 9.8epss 0.02
An SQL Injection in the Nextcloud Lookup-Server < v0.3.0 (running on https://lookup.nextcloud.com) caused unauthenticated users to be able to execute arbitrary SQL commands.
- risk 0.00cvss 9.8epss 0.06
YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass.
- risk 0.64cvss 9.8epss 0.01
A issue was discovered in KuaiFanCMS 5.0. It allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request.
- risk 0.01cvss 9.8epss 0.06
In the Linux kernel before 4.16.4, a double free vulnerability in the f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c in the f_midi driver may allow attackers to cause a denial of service or possibly have unspecified other impact.
- risk 0.69cvss 9.8epss 0.26
Multiple vulnerabilities in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to overflow a buffer, which then allows the execution of arbitrary code with root privileges on the underlying operating…
- risk 0.64cvss 9.1epss 0.17
A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to upload arbitrary files. The vulnerability is due to incomplete authorization checks in the web management interface. An attacker…
- risk 0.64cvss 9.8epss 0.02
A cleartext password storage issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. The file in question is /usr/local/ipsca/mipsca.db. If a camera is compromised, the attacker can gain access to passwords and abuse them to compromise further…
- risk 0.64cvss 9.8epss 0.04
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. A buffer overflow in the action parameter leads to remote code execution in the context of the nobody account.
- risk 0.64cvss 9.8epss 0.02
An SSRF issue was discovered in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 via FTP commands following a newline character in the uploadfile field.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. SQL injection vulnerabilities exist in 13 forms that are reachable through HTTPD. An attacker can, for example, create an admin account.
- risk 0.64cvss 9.8epss 0.06
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can exploit OS Command Injection in the filename parameter for remote code execution as root. This occurs in the Mainproc executable file, which can be run from the HTTPD web…
- risk 0.64cvss 9.8epss 0.04
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. In a CGI program running under the HTTPD web server, a buffer overflow in the param parameter leads to remote code execution in the context of the nobody account.
- risk 0.64cvss 9.8epss 0.05
NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access to a shader local temporary array, which may lead to denial of service or code execution.
- risk 0.65cvss 10.0epss 0.05
NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access of an input texture array, which may lead to denial of service or code execution.
- risk 0.64cvss 9.8epss 0.03
An HTTP parameter pollution issue was discovered on Shenzhen Dragon Brothers Fingerprint Bluetooth Round Padlock FB50 2.3. With the user ID, user name, and the lock's MAC address, anyone can unbind the existing owner of the lock, and bind themselves instead. This leads to…
- risk 0.64cvss 9.8epss 0.03
musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code.
- risk 0.64cvss 9.8epss 0.03
A SQL injection vulnerability exists in the Sygnoos Popup Builder plugin before 3.45 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via com/libs/Table.php because Subscribers…
- risk 0.59cvss 9.1epss 0.01
SMB in Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 has weak cryptography which when exploited could lead to information disclosure or addition or modification of data.
- risk 0.68cvss 9.8epss 0.21
The BearDev JoomSport plugin 3.3 for WordPress allows SQL injection to steal, modify, or delete database information via the joomsport_season/new-yorkers/?action=playerlist sid parameter.
- risk 0.64cvss 9.8epss 0.01
Das Q before 2019-08-02 allows web sites to execute arbitrary code on client machines, as demonstrated by a cross-origin /install request with an attacker-controlled releaseUrl, which triggers download and execution of code within a ZIP archive.
- risk 0.57cvss 9.8epss 0.02
routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for routes: deploy keys, collaborators, and hooks.
- risk 0.64cvss 9.8epss 0.02
The web interface of Alcatel LINKZONE MW40-V-V1.0 MW40_LU_02.00_02 devices is vulnerable to an authentication bypass that allows an unauthenticated user to have access to the web interface without knowing the administrator's password.
- risk 0.64cvss 9.8epss 0.02
ZInsVX.dll ActiveX Control 2018.02 and earlier in Zoneplayer contains a vulnerability that could allow remote attackers to execute arbitrary files by setting the arguments to the ActiveX method. This can be leveraged for remote code execution.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off-by-one overwrite due to an underflow on tools/hashtools/hfind.cpp while using a bogus hash table.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an out of bounds read on iso9660 while parsing System Use Sharing Protocol data in fs/iso9660.c.
- risk 0.02cvss 9.8epss 0.28
OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php.
- risk 0.64cvss 9.8epss 0.01
A vulnerability has been identified in SIPROTEC 5 devices with CPU variants CP200 (All versions < V7.59), SIPROTEC 5 devices with CPU variants CP300 and CP100 (All versions < V8.01), Siemens Power Meters Series 9410 (All versions < V2.2.1), Siemens Power Meters Series 9810 (All…
- risk 0.64cvss 9.8epss 0.02
cPanel before 57.9999.54 allows SQL Injection via the ModSecurity TailWatch log file (SEC-123).
- risk 0.00cvss 9.8epss 0.02
webadmin.c in 3proxy before 0.8.13 has an out-of-bounds write in the admin interface.
- risk 0.64cvss 9.8epss 0.03
cPanel before 55.9999.141 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-90).
- risk 0.64cvss 9.8epss 0.02
The Adenion Blog2Social plugin through 5.5.0 for WordPress allows SQL Injection.
- risk 0.64cvss 9.8epss 0.03
cPanel before 11.54.0.0 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-64).
- risk 0.64cvss 9.8epss 0.03
cPanel before 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd (SEC-91).
- risk 0.64cvss 9.8epss 0.01
cPanel before 74.0.0 allows SQL injection during database backups (SEC-420).
- risk 0.00cvss 9.1epss 0.02
An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds read for the MODBUS_FC_WRITE_MULTIPLE_REGISTERS case, aka VD-1301.
- risk 0.00cvss 9.1epss 0.02
An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds read for the MODBUS_FC_WRITE_MULTIPLE_COILS case, aka VD-1302.
- risk 0.64cvss 9.8epss 0.01
A clone version of an ELM327 OBD2 Bluetooth device has a hardcoded PIN, leading to arbitrary commands to an OBD-II bus of a vehicle.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_umountall_reply.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_mount_reply.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_readlink_reply.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_lookup_reply.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: rpc_lookup_reply.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an *udp_packet_handler call.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv3 case.
- risk 0.59cvss 9.1epss 0.02
An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfs_read_reply.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_lookup_reply.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with unvalidated length at nfs_readlink_reply in the "else" block after calculating the new path length.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv2 case.