| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-10979 | Cri | 0.64 | 9.8 | 0.03 | Jul 1, 2019 | SICK MSC800 all versions prior to Version 4.0, the affected firmware versions contain a hard-coded customer account password. | ||
| CVE-2019-7276 | Cri | 0.74 | 9.8 | 0.93 | Jul 1, 2019 | Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console. | ||
| CVE-2019-7668 | Cri | 0.64 | 9.8 | 0.02 | Jul 1, 2019 | Prima Systems FlexAir devices have Default Credentials. | ||
| CVE-2019-7667 | Cri | 0.64 | 9.8 | 0.04 | Jul 1, 2019 | Prima Systems FlexAir, Versions 2.3.38 and prior. The application generates database backup files with a predictable name, and an attacker can use brute force to identify the database backup file name. A malicious actor can exploit this issue to download the database file and… | ||
| CVE-2019-13131 | Cri | 0.64 | 9.8 | 0.04 | Jul 1, 2019 | Super Micro SuperDoctor 5, when restrictions are not implemented in agent.cfg, allows remote attackers to execute arbitrary commands via NRPE. | ||
| CVE-2019-4336 | Cri | 0.64 | 9.8 | 0.02 | Jul 1, 2019 | IBM Robotic Process Automation with Automation Anywhere 11 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161411. | ||
| CVE-2019-13107 | Cri | 0.00 | 9.8 | 0.02 | Jun 30, 2019 | Multiple integer overflows exist in MATIO before 1.5.16, related to mat.c, mat4.c, mat5.c, mat73.c, and matvar_struct.c | ||
| CVE-2019-13086 | Cri | 0.66 | 9.8 | 0.32 | Jun 30, 2019 | core/MY_Security.php in CSZ CMS 1.2.2 before 2019-06-20 has member/login/check SQL injection by sending a crafted HTTP User-Agent header and omitting the csrf_csz parameter. | ||
| CVE-2019-13082 | Cri | 0.64 | 9.8 | 0.04 | Jun 30, 2019 | Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lp_upload.php unauthenticated file upload feature. It extracts a ZIP archive before checking its content, and once it has been extracted, does not check files in a recursive way. This means that by putting a .php… | ||
| CVE-2019-13067 | Cri | 0.64 | 9.8 | 0.02 | Jun 30, 2019 | njs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. This issue occurs after the fix for CVE-2019-12207 is in place. | ||
| CVE-2019-10993 | Cri | 0.65 | 9.8 | 0.11 | Jun 28, 2019 | In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code. | ||
| CVE-2019-10991 | Cri | 0.64 | 9.8 | 0.09 | Jun 28, 2019 | In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. | ||
| CVE-2019-10989 | Cri | 0.64 | 9.8 | 0.09 | Jun 28, 2019 | In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. Note: A different vulnerability… | ||
| CVE-2019-10985 | Cri | 0.59 | 9.1 | 0.03 | Jun 28, 2019 | In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnerability is caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage this vulnerability to delete files while posing as an administrator. | ||
| CVE-2018-20813 | Cri | 0.64 | 9.8 | 0.03 | Jun 28, 2019 | An input validation issue has been found with login_meeting.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R2. | ||
| CVE-2018-20810 | Cri | 0.64 | 9.8 | 0.02 | Jun 28, 2019 | Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX, PPS 5.2RX, or stand-alone devices. | ||
| CVE-2018-14916 | Cri | 0.61 | 9.1 | 0.17 | Jun 28, 2019 | LOYTEC LGATE-902 6.3.2 devices allow Arbitrary file deletion. | ||
| CVE-2018-14885 | Cri | 0.64 | 9.8 | 0.02 | Jun 28, 2019 | Incorrect access control in the database manager component in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows a remote attacker to restore a database dump without knowing the super-admin password. An arbitrary password succeeds. | ||
| CVE-2018-15519 | Cri | 0.64 | 9.8 | 0.01 | Jun 28, 2019 | Various Lexmark devices have a Buffer Overflow (issue 1 of 2). | ||
| CVE-2018-15520 | Cri | 0.64 | 9.8 | 0.01 | Jun 28, 2019 | Various Lexmark devices have a Buffer Overflow (issue 2 of 2). | ||
| CVE-2018-15555 | Cri | 0.64 | 9.8 | 0.03 | Jun 28, 2019 | On Telus Actiontec WEB6000Q v1.1.02.22 devices, an attacker can login with root level access with the user "root" and password "admin" by using the enabled onboard UART headers. | ||
| CVE-2018-15556 | Cri | 0.64 | 9.8 | 0.03 | Jun 27, 2019 | The Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 allows login with root level access with the user "root" and an empty password by using the enabled onboard UART headers. | ||
| CVE-2019-12583 | Cri | 0.63 | 9.1 | 0.44 | Jun 27, 2019 | Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial of Service. | ||
| CVE-2019-1620 | Cri | 0.73 | 9.8 | 0.84 | Jun 27, 2019 | A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect permission settings in affected DCNM software.… | ||
| CVE-2019-1619 | Cri | 0.73 | 9.8 | 0.83 | Jun 27, 2019 | A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability is due… | ||
| CVE-2019-9039 | — | Cri | 0.57 | 9.8 | 0.03 | Jun 26, 2019 | In Couchbase Sync Gateway 2.1.2, an attacker with access to the Sync Gateway’s public REST API was able to issue additional N1QL statements and extract sensitive data or call arbitrary N1QL functions through the parameters "startkey" and "endkey" on the "_all_docs" endpoint.… | |
| CVE-2019-6168 | Cri | 0.64 | 9.8 | 0.02 | Jun 26, 2019 | A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution. | ||
| CVE-2019-6167 | Cri | 0.64 | 9.8 | 0.02 | Jun 26, 2019 | A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution. | ||
| CVE-2019-12966 | Cri | 0.64 | 9.8 | 0.02 | Jun 26, 2019 | FeHelper through 2019-06-19 allows arbitrary code execution during a JSON format operation, as demonstrated by the {"a":(function(){confirm(1)})()} input. | ||
| CVE-2019-12960 | Cri | 0.64 | 9.8 | 0.01 | Jun 25, 2019 | LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in functions.internal.build.inc.php via the parameter p_dt_s_d. | ||
| CVE-2019-12951 | Cri | 0.00 | 9.8 | 0.02 | Jun 24, 2019 | An issue was discovered in Mongoose before 6.15. The parse_mqtt() function in mg_mqtt.c has a critical heap-based buffer overflow. | ||
| CVE-2017-17945 | Cri | 0.59 | 9.1 | 0.01 | Jun 24, 2019 | The ASUS HiVivo aspplication before 5.6.27 for ASUS Watch has Missing SSL Certificate Validation. | ||
| CVE-2019-12939 | Cri | 0.64 | 9.8 | 0.01 | Jun 24, 2019 | LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in server.php via the p_ext_rse parameter. | ||
| CVE-2019-12292 | Cri | 0.64 | 9.8 | 0.01 | Jun 24, 2019 | Citrix AppDNA before 7 1906.1.0.472 has Incorrect Access Control. | ||
| CVE-2019-12929 | Cri | 0.64 | 9.8 | 0.05 | Jun 24, 2019 | The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a… | ||
| CVE-2019-12928 | Cri | 0.69 | 9.8 | 0.23 | Jun 24, 2019 | The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been… | ||
| CVE-2019-11011 | Cri | 0.64 | 9.8 | 0.03 | Jun 21, 2019 | Akamai CloudTest before 58.30 allows remote code execution. | ||
| CVE-2018-15868 | Cri | 0.64 | 9.8 | 0.02 | Jun 21, 2019 | SQL injection vulnerability in ChronoScan version 1.5.4.3 and earlier allows an unauthenticated attacker to execute arbitrary SQL commands via the wcr_machineid cookie. | ||
| CVE-2018-15747 | — | Cri | 0.64 | 9.8 | 0.04 | Jun 21, 2019 | The default configuration of glot-www through 2018-05-19 allows remote attackers to execute arbitrary code because glot-code-runner supports os.system within a "python" "files" "content" JSON file. | |
| CVE-2016-7404 | — | Cri | 0.57 | 9.8 | 0.02 | Jun 21, 2019 | OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to… | |
| CVE-2019-12920 | Cri | 0.64 | 9.8 | 0.02 | Jun 20, 2019 | On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices, an attacker on the network can login remotely to the camera and gain root access. The device ships with a hardcoded 12345678 password for the root account, accessible from a TELNET login prompt. | ||
| CVE-2019-8459 | Cri | 0.64 | 9.8 | 0.01 | Jun 20, 2019 | Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process without using quotes in the path. This can cause loading of a previously placed executable with a name similar to the parts of the path, instead of the intended one. | ||
| CVE-2018-15890 | — | Cri | 0.64 | 9.8 | 0.03 | Jun 20, 2019 | An issue was discovered in EthereumJ 1.8.2. There is Unsafe Deserialization in ois.readObject in mine/Ethash.java and decoder.readObject in crypto/ECKey.java. When a node syncs and mines a new block, arbitrary OS commands can be run on the server. | |
| CVE-2017-17944 | Cri | 0.59 | 9.1 | 0.01 | Jun 20, 2019 | The ASUS Vivobaby application before 1.1.09 for Android has Missing SSL Certificate Validation. | ||
| CVE-2019-1848 | Cri | 0.61 | 9.3 | 0.01 | Jun 20, 2019 | A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, adjacent attacker to bypass authentication and access critical internal services. The vulnerability is due to insufficient access restriction to ports necessary for system… | ||
| CVE-2019-2729 | Cri | 0.74 | 9.8 | 0.89 | Jun 19, 2019 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access… | ||
| CVE-2019-12900 | Cri | 0.64 | 9.8 | 0.08 | Jun 19, 2019 | BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. | ||
| CVE-2019-12899 | Cri | 0.64 | 9.8 | 0.02 | Jun 19, 2019 | Delta Electronics DeviceNet Builder 2.04 has a User Mode Write AV starting at ntdll!RtlQueueWorkItem+0x00000000000005e3. | ||
| CVE-2019-12898 | Cri | 0.64 | 9.8 | 0.02 | Jun 19, 2019 | Delta Electronics DeviceNet Builder 2.04 has a User Mode Write AV starting at image00400000+0x000000000017a45e. | ||
| CVE-2019-2007 | Cri | 0.64 | 9.8 | 0.01 | Jun 19, 2019 | In getReadIndex and getWriteIndex of FifoControllerBase.cpp, there is a possible out-of-bounds write due to an integer overflow. This could lead to local escalation of privilege in the audio server with no additional execution privileges needed. User interaction is not needed… |
- risk 0.64cvss 9.8epss 0.03
SICK MSC800 all versions prior to Version 4.0, the affected firmware versions contain a hard-coded customer account password.
- risk 0.74cvss 9.8epss 0.93
Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console.
- risk 0.64cvss 9.8epss 0.02
Prima Systems FlexAir devices have Default Credentials.
- risk 0.64cvss 9.8epss 0.04
Prima Systems FlexAir, Versions 2.3.38 and prior. The application generates database backup files with a predictable name, and an attacker can use brute force to identify the database backup file name. A malicious actor can exploit this issue to download the database file and…
- risk 0.64cvss 9.8epss 0.04
Super Micro SuperDoctor 5, when restrictions are not implemented in agent.cfg, allows remote attackers to execute arbitrary commands via NRPE.
- risk 0.64cvss 9.8epss 0.02
IBM Robotic Process Automation with Automation Anywhere 11 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161411.
- risk 0.00cvss 9.8epss 0.02
Multiple integer overflows exist in MATIO before 1.5.16, related to mat.c, mat4.c, mat5.c, mat73.c, and matvar_struct.c
- risk 0.66cvss 9.8epss 0.32
core/MY_Security.php in CSZ CMS 1.2.2 before 2019-06-20 has member/login/check SQL injection by sending a crafted HTTP User-Agent header and omitting the csrf_csz parameter.
- risk 0.64cvss 9.8epss 0.04
Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lp_upload.php unauthenticated file upload feature. It extracts a ZIP archive before checking its content, and once it has been extracted, does not check files in a recursive way. This means that by putting a .php…
- risk 0.64cvss 9.8epss 0.02
njs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. This issue occurs after the fix for CVE-2019-12207 is in place.
- risk 0.65cvss 9.8epss 0.11
In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code.
- risk 0.64cvss 9.8epss 0.09
In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.
- risk 0.64cvss 9.8epss 0.09
In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. Note: A different vulnerability…
- risk 0.59cvss 9.1epss 0.03
In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnerability is caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage this vulnerability to delete files while posing as an administrator.
- risk 0.64cvss 9.8epss 0.03
An input validation issue has been found with login_meeting.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R2.
- risk 0.64cvss 9.8epss 0.02
Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX, PPS 5.2RX, or stand-alone devices.
- risk 0.61cvss 9.1epss 0.17
LOYTEC LGATE-902 6.3.2 devices allow Arbitrary file deletion.
- risk 0.64cvss 9.8epss 0.02
Incorrect access control in the database manager component in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows a remote attacker to restore a database dump without knowing the super-admin password. An arbitrary password succeeds.
- risk 0.64cvss 9.8epss 0.01
Various Lexmark devices have a Buffer Overflow (issue 1 of 2).
- risk 0.64cvss 9.8epss 0.01
Various Lexmark devices have a Buffer Overflow (issue 2 of 2).
- risk 0.64cvss 9.8epss 0.03
On Telus Actiontec WEB6000Q v1.1.02.22 devices, an attacker can login with root level access with the user "root" and password "admin" by using the enabled onboard UART headers.
- risk 0.64cvss 9.8epss 0.03
The Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 allows login with root level access with the user "root" and an empty password by using the enabled onboard UART headers.
- risk 0.63cvss 9.1epss 0.44
Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial of Service.
- risk 0.73cvss 9.8epss 0.84
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect permission settings in affected DCNM software.…
- risk 0.73cvss 9.8epss 0.83
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability is due…
- risk 0.57cvss 9.8epss 0.03
In Couchbase Sync Gateway 2.1.2, an attacker with access to the Sync Gateway’s public REST API was able to issue additional N1QL statements and extract sensitive data or call arbitrary N1QL functions through the parameters "startkey" and "endkey" on the "_all_docs" endpoint.…
- risk 0.64cvss 9.8epss 0.02
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution.
- risk 0.64cvss 9.8epss 0.02
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution.
- risk 0.64cvss 9.8epss 0.02
FeHelper through 2019-06-19 allows arbitrary code execution during a JSON format operation, as demonstrated by the {"a":(function(){confirm(1)})()} input.
- risk 0.64cvss 9.8epss 0.01
LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in functions.internal.build.inc.php via the parameter p_dt_s_d.
- risk 0.00cvss 9.8epss 0.02
An issue was discovered in Mongoose before 6.15. The parse_mqtt() function in mg_mqtt.c has a critical heap-based buffer overflow.
- risk 0.59cvss 9.1epss 0.01
The ASUS HiVivo aspplication before 5.6.27 for ASUS Watch has Missing SSL Certificate Validation.
- risk 0.64cvss 9.8epss 0.01
LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in server.php via the p_ext_rse parameter.
- risk 0.64cvss 9.8epss 0.01
Citrix AppDNA before 7 1906.1.0.472 has Incorrect Access Control.
- risk 0.64cvss 9.8epss 0.05
The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a…
- risk 0.69cvss 9.8epss 0.23
The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been…
- risk 0.64cvss 9.8epss 0.03
Akamai CloudTest before 58.30 allows remote code execution.
- risk 0.64cvss 9.8epss 0.02
SQL injection vulnerability in ChronoScan version 1.5.4.3 and earlier allows an unauthenticated attacker to execute arbitrary SQL commands via the wcr_machineid cookie.
- risk 0.64cvss 9.8epss 0.04
The default configuration of glot-www through 2018-05-19 allows remote attackers to execute arbitrary code because glot-code-runner supports os.system within a "python" "files" "content" JSON file.
- risk 0.57cvss 9.8epss 0.02
OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to…
- risk 0.64cvss 9.8epss 0.02
On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices, an attacker on the network can login remotely to the camera and gain root access. The device ships with a hardcoded 12345678 password for the root account, accessible from a TELNET login prompt.
- risk 0.64cvss 9.8epss 0.01
Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process without using quotes in the path. This can cause loading of a previously placed executable with a name similar to the parts of the path, instead of the intended one.
- risk 0.64cvss 9.8epss 0.03
An issue was discovered in EthereumJ 1.8.2. There is Unsafe Deserialization in ois.readObject in mine/Ethash.java and decoder.readObject in crypto/ECKey.java. When a node syncs and mines a new block, arbitrary OS commands can be run on the server.
- risk 0.59cvss 9.1epss 0.01
The ASUS Vivobaby application before 1.1.09 for Android has Missing SSL Certificate Validation.
- risk 0.61cvss 9.3epss 0.01
A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, adjacent attacker to bypass authentication and access critical internal services. The vulnerability is due to insufficient access restriction to ports necessary for system…
- risk 0.74cvss 9.8epss 0.89
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access…
- risk 0.64cvss 9.8epss 0.08
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
- risk 0.64cvss 9.8epss 0.02
Delta Electronics DeviceNet Builder 2.04 has a User Mode Write AV starting at ntdll!RtlQueueWorkItem+0x00000000000005e3.
- risk 0.64cvss 9.8epss 0.02
Delta Electronics DeviceNet Builder 2.04 has a User Mode Write AV starting at image00400000+0x000000000017a45e.
- risk 0.64cvss 9.8epss 0.01
In getReadIndex and getWriteIndex of FifoControllerBase.cpp, there is a possible out-of-bounds write due to an integer overflow. This could lead to local escalation of privilege in the audio server with no additional execution privileges needed. User interaction is not needed…