| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-2006 | Cri | 0.64 | 9.8 | 0.01 | Jun 19, 2019 | In serviceDied of HalDeathHandlerHidl.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege in the audio server with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2019-12890 | Cri | 0.64 | 9.8 | 0.06 | Jun 19, 2019 | RedwoodHQ 2.5.5 does not require any authentication for database operations, which allows remote attackers to create admin users via a con.automationframework users insert_one call. | ||
| CVE-2018-17388 | Cri | 0.64 | 9.8 | 0.02 | Jun 19, 2019 | SQL Injection exists in Twilio WEB To Fax Machine System 1.0 via the email or password parameter to login_check.php, or the id parameter to add_email.php or edit_content.php. | ||
| CVE-2018-17386 | Cri | 0.64 | 9.8 | 0.02 | Jun 19, 2019 | SQL Injection exists in the Micro Deal Factory 2.4.0 component for Joomla! via the id parameter, or the PATH_INFO to mydeals/ or listdeals/. | ||
| CVE-2018-17381 | Cri | 0.64 | 9.8 | 0.02 | Jun 19, 2019 | SQL Injection exists in the Dutch Auction Factory 2.0.2 component for Joomla! via the filter_order_Dir or filter_order parameter. | ||
| CVE-2018-17374 | Cri | 0.64 | 9.8 | 0.02 | Jun 19, 2019 | SQL Injection exists in the Auction Factory 4.5.5 component for Joomla! via the filter_order_Dir or filter_order parameter. | ||
| CVE-2018-17148 | Cri | 0.64 | 9.8 | 0.04 | Jun 19, 2019 | An Insufficient Access Control vulnerability (leading to credential disclosure) in coreconfigsnapshot.php (aka configuration snapshot page) in Nagios XI before 5.5.4 allows remote attackers to gain access to configuration files containing confidential credentials. | ||
| CVE-2018-16618 | Cri | 0.64 | 9.8 | 0.08 | Jun 19, 2019 | VTech Storio Max before 56.D3JM6 allows remote command execution via shell metacharacters in an Android activity name. It exposes the storeintenttranslate.x service on port 1668 listening for requests on localhost. Requests submitted to this service are checked for a string of… | ||
| CVE-2018-16613 | Cri | 0.64 | 9.8 | 0.03 | Jun 19, 2019 | An issue was discovered in the update function in the wpForo Forum plugin before 1.5.2 for WordPress. A registered forum is able to escalate privilege to the forum administrator without any form of user interaction. | ||
| CVE-2019-11232 | Cri | 0.64 | 9.8 | 0.02 | Jun 19, 2019 | EXCELLENT INFOTEK BiYan v1.57 ~ v2.8 allows an attacker to leak user information (Password) without being authenticated, by sending an EMP_NO element to the kws_login/asp/query_user.asp URI, and then reading the PWD element. | ||
| CVE-2018-17842 | Cri | 0.64 | 9.8 | 0.02 | Jun 19, 2019 | SQL injection exists in Scriptzee Hotel Booking Engine 1.0 via the hotels h_room_type parameter. | ||
| CVE-2018-17841 | Cri | 0.64 | 9.8 | 0.02 | Jun 19, 2019 | SQL injection exists in Scriptzee Flippa Marketplace Clone 1.0 via the site-search sortBy or sortDir parameter. | ||
| CVE-2018-17840 | Cri | 0.64 | 9.8 | 0.02 | Jun 19, 2019 | SQL injection exists in Scriptzee Education Website 1.0 via the college_list.html subject, city, or country parameter. | ||
| CVE-2018-17399 | Cri | 0.64 | 9.8 | 0.02 | Jun 19, 2019 | SQL Injection exists in the Jimtawl 2.2.7 component for Joomla! via the id parameter. | ||
| CVE-2018-17398 | Cri | 0.64 | 9.8 | 0.02 | Jun 19, 2019 | SQL Injection exists in the AMGallery 1.2.3 component for Joomla! via the filter_category_id parameter. | ||
| CVE-2018-17393 | Cri | 0.64 | 9.8 | 0.02 | Jun 19, 2019 | SQL Injection exists in HealthNode Hospital Management System 1.0 via the id parameter to dashboard/Patient/info.php or dashboard/Patient/patientdetails.php. | ||
| CVE-2018-15506 | Cri | 0.64 | 9.8 | 0.05 | Jun 19, 2019 | In BubbleUPnP 0.9 update 30, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same… | ||
| CVE-2018-18758 | Cri | 0.64 | 9.8 | 0.02 | Jun 19, 2019 | Open Faculty Evaluation System 7 for PHP 7 allows submit_feedback.php SQL Injection, a different vulnerability than CVE-2018-18757. | ||
| CVE-2018-18757 | Cri | 0.64 | 9.8 | 0.02 | Jun 19, 2019 | Open Faculty Evaluation System 5.6 for PHP 5.6 allows submit_feedback.php SQL Injection, a different vulnerability than CVE-2018-18758. | ||
| CVE-2018-18472 | Cri | 0.66 | 9.8 | 0.30 | Jun 19, 2019 | Western Digital WD My Book Live and WD My Book Live Duo (all versions) have a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/language_configuration language parameter. It can be triggered by anyone who knows the IP address of the affected device,… | ||
| CVE-2018-18471 | Cri | 0.64 | 9.8 | 0.08 | Jun 19, 2019 | /api/2.0/rest/aggregator/xml in Axentra firmware, used by NETGEAR Stora, Seagate GoFlex Home, and MEDION LifeCloud, has an XXE vulnerability that can be chained with an SSRF bug to gain remote command execution as root. It can be triggered by anyone who knows the IP address of… | ||
| CVE-2018-18406 | Cri | 0.65 | 9.9 | 0.02 | Jun 19, 2019 | An issue was discovered in Tufin SecureTrack 18.1 with TufinOS 2.16 build 1179(Final). The Audit Report module is affected by a blind XXE vulnerability when a new Best Practices Report is saved using a special payload inside the xml input field. The XXE vulnerability is blind… | ||
| CVE-2019-6971 | Cri | 0.68 | 9.8 | 0.14 | Jun 19, 2019 | An issue was discovered on TP-Link TL-WR1043ND V2 devices. An attacker can send a cookie in an HTTP authentication packet to the router management web interface, and fully control the router without knowledge of the credentials. | ||
| CVE-2019-3954 | Cri | 0.64 | 9.8 | 0.04 | Jun 19, 2019 | Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 81024 RPC call. | ||
| CVE-2019-11040 | Cri | 0.59 | 9.1 | 0.04 | Jun 19, 2019 | When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This… | ||
| CVE-2019-11039 | Cri | 0.59 | 9.1 | 0.03 | Jun 19, 2019 | Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash. | ||
| CVE-2019-3953 | Cri | 0.64 | 9.8 | 0.04 | Jun 18, 2019 | Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 10012 RPC call. | ||
| CVE-2019-12874 | Cri | 0.64 | 9.8 | 0.02 | Jun 18, 2019 | An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free. | ||
| CVE-2019-5016 | Cri | 0.59 | 9.1 | 0.04 | Jun 17, 2019 | An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module which enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. A specially crafted index value can cause… | ||
| CVE-2019-7158 | Cri | 0.64 | 9.8 | 0.02 | Jun 17, 2019 | OX App Suite 7.10.0 and earlier has Incorrect Access Control. | ||
| CVE-2017-9385 | Cri | 0.64 | 9.8 | 0.04 | Jun 17, 2019 | An issue was discovered on Vera Veralite 1.7.481 devices. The device has an additional OpenWRT interface in addition to the standard web interface which allows the highest privileges a user can obtain on the device. This web interface uses root as the username and the password… | ||
| CVE-2017-9383 | Cri | 0.65 | 9.9 | 0.03 | Jun 17, 2019 | An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port_3480". It seems that the UPnP services provide "wget" as one of the service… | ||
| CVE-2019-12550 | Cri | 0.64 | 9.8 | 0.03 | Jun 17, 2019 | WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded users and passwords that can be used to login via SSH and TELNET. | ||
| CVE-2019-12549 | Cri | 0.64 | 9.8 | 0.03 | Jun 17, 2019 | WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded private keys for the SSH daemon. The fingerprint of the SSH host key from the corresponding SSH daemon matches the embedded private key. | ||
| CVE-2019-6327 | Cri | 0.64 | 9.8 | 0.02 | Jun 17, 2019 | HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an IPP Parser potentially vulnerable to Buffer Overflow. | ||
| CVE-2018-20469 | Cri | 0.68 | 9.8 | 0.19 | Jun 17, 2019 | An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A parameter in the web reports module is vulnerable to h2 SQL injection. This can be exploited to inject SQL queries and run standard h2 system functions. | ||
| CVE-2019-12835 | Cri | 0.64 | 9.8 | 0.02 | Jun 15, 2019 | formats/xml.cpp in Leanify 0.4.3 allows for a controlled out-of-bounds write in xml_memory_writer::write via characters that require escaping. | ||
| CVE-2019-2259 | Cri | 0.64 | 9.8 | 0.01 | Jun 14, 2019 | Resource allocation error while playing the video whose dimensions are more than supported dimension in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon… | ||
| CVE-2019-2256 | Cri | 0.64 | 9.8 | 0.02 | Jun 14, 2019 | An unprivileged user can craft a bitstream such that the payload encoded in the bitstream gains code execution in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music,… | ||
| CVE-2019-2255 | Cri | 0.64 | 9.8 | 0.02 | Jun 14, 2019 | An unprivileged user can craft a bitstream such that the payload encoded in the bitstream gains code execution in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music,… | ||
| CVE-2018-6350 | Cri | 0.64 | 9.8 | 0.02 | Jun 14, 2019 | An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers. This issue affects WhatsApp for Android prior to 2.18.276, WhatsApp Business for Android prior to 2.18.99, WhatsApp for iOS prior to 2.18.100.6, WhatsApp Business for iOS prior to… | ||
| CVE-2018-6349 | Cri | 0.64 | 9.8 | 0.02 | Jun 14, 2019 | When receiving calls using WhatsApp for Android, a missing size check when parsing a sender-provided packet allowed for a stack-based overflow. This issue affects WhatsApp for Android prior to 2.18.248 and WhatsApp Business for Android prior to 2.18.132. | ||
| CVE-2018-6339 | Cri | 0.64 | 9.8 | 0.02 | Jun 14, 2019 | When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed in. An off-by-one error meant that data was written beyond the allocated space on the stack. This issue affects WhatsApp for Android starting in… | ||
| CVE-2018-20655 | Cri | 0.64 | 9.8 | 0.02 | Jun 14, 2019 | When receiving calls using WhatsApp for iOS, a missing size check when parsing a sender-provided packet allowed for a stack-based overflow. This issue affects WhatsApp for iOS prior to v2.18.90.24 and WhatsApp Business for iOS prior to v2.18.90.24. | ||
| CVE-2018-13911 | Cri | 0.64 | 9.8 | 0.01 | Jun 14, 2019 | Out of bounds memory read and access may lead to unexpected behavior in GNSS XTRA Parser in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150,… | ||
| CVE-2018-13906 | Cri | 0.59 | 9.1 | 0.01 | Jun 14, 2019 | The HMAC authenticating the message from QSEE is vulnerable to timing side channel analysis leading to potentially forged application message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT,… | ||
| CVE-2018-13898 | Cri | 0.64 | 9.8 | 0.01 | Jun 14, 2019 | Out-of-Bounds write due to incorrect array index check in PMIC in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607,… | ||
| CVE-2018-11955 | Cri | 0.64 | 9.8 | 0.01 | Jun 14, 2019 | Lack of check on length of reason-code fetched from payload may lead driver access the memory not allocated to the frame and results in out of bound read in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,… | ||
| CVE-2019-10126 | Cri | 0.64 | 9.8 | 0.07 | Jun 14, 2019 | A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences. | ||
| CVE-2019-10959 | Cri | 0.65 | 10.0 | 0.03 | Jun 13, 2019 | BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build 11, 1.2 Build 15, 1.3.0 Build 14, 1.3.1 Build 13, This does not impact the latest firmware Versions 1.3.2 and 1.6.1, Additionally, the following products using software Version 2.3.6 and below, Alaris GS,… |
- risk 0.64cvss 9.8epss 0.01
In serviceDied of HalDeathHandlerHidl.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege in the audio server with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.64cvss 9.8epss 0.06
RedwoodHQ 2.5.5 does not require any authentication for database operations, which allows remote attackers to create admin users via a con.automationframework users insert_one call.
- risk 0.64cvss 9.8epss 0.02
SQL Injection exists in Twilio WEB To Fax Machine System 1.0 via the email or password parameter to login_check.php, or the id parameter to add_email.php or edit_content.php.
- risk 0.64cvss 9.8epss 0.02
SQL Injection exists in the Micro Deal Factory 2.4.0 component for Joomla! via the id parameter, or the PATH_INFO to mydeals/ or listdeals/.
- risk 0.64cvss 9.8epss 0.02
SQL Injection exists in the Dutch Auction Factory 2.0.2 component for Joomla! via the filter_order_Dir or filter_order parameter.
- risk 0.64cvss 9.8epss 0.02
SQL Injection exists in the Auction Factory 4.5.5 component for Joomla! via the filter_order_Dir or filter_order parameter.
- risk 0.64cvss 9.8epss 0.04
An Insufficient Access Control vulnerability (leading to credential disclosure) in coreconfigsnapshot.php (aka configuration snapshot page) in Nagios XI before 5.5.4 allows remote attackers to gain access to configuration files containing confidential credentials.
- risk 0.64cvss 9.8epss 0.08
VTech Storio Max before 56.D3JM6 allows remote command execution via shell metacharacters in an Android activity name. It exposes the storeintenttranslate.x service on port 1668 listening for requests on localhost. Requests submitted to this service are checked for a string of…
- risk 0.64cvss 9.8epss 0.03
An issue was discovered in the update function in the wpForo Forum plugin before 1.5.2 for WordPress. A registered forum is able to escalate privilege to the forum administrator without any form of user interaction.
- risk 0.64cvss 9.8epss 0.02
EXCELLENT INFOTEK BiYan v1.57 ~ v2.8 allows an attacker to leak user information (Password) without being authenticated, by sending an EMP_NO element to the kws_login/asp/query_user.asp URI, and then reading the PWD element.
- risk 0.64cvss 9.8epss 0.02
SQL injection exists in Scriptzee Hotel Booking Engine 1.0 via the hotels h_room_type parameter.
- risk 0.64cvss 9.8epss 0.02
SQL injection exists in Scriptzee Flippa Marketplace Clone 1.0 via the site-search sortBy or sortDir parameter.
- risk 0.64cvss 9.8epss 0.02
SQL injection exists in Scriptzee Education Website 1.0 via the college_list.html subject, city, or country parameter.
- risk 0.64cvss 9.8epss 0.02
SQL Injection exists in the Jimtawl 2.2.7 component for Joomla! via the id parameter.
- risk 0.64cvss 9.8epss 0.02
SQL Injection exists in the AMGallery 1.2.3 component for Joomla! via the filter_category_id parameter.
- risk 0.64cvss 9.8epss 0.02
SQL Injection exists in HealthNode Hospital Management System 1.0 via the id parameter to dashboard/Patient/info.php or dashboard/Patient/patientdetails.php.
- risk 0.64cvss 9.8epss 0.05
In BubbleUPnP 0.9 update 30, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same…
- risk 0.64cvss 9.8epss 0.02
Open Faculty Evaluation System 7 for PHP 7 allows submit_feedback.php SQL Injection, a different vulnerability than CVE-2018-18757.
- risk 0.64cvss 9.8epss 0.02
Open Faculty Evaluation System 5.6 for PHP 5.6 allows submit_feedback.php SQL Injection, a different vulnerability than CVE-2018-18758.
- risk 0.66cvss 9.8epss 0.30
Western Digital WD My Book Live and WD My Book Live Duo (all versions) have a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/language_configuration language parameter. It can be triggered by anyone who knows the IP address of the affected device,…
- risk 0.64cvss 9.8epss 0.08
/api/2.0/rest/aggregator/xml in Axentra firmware, used by NETGEAR Stora, Seagate GoFlex Home, and MEDION LifeCloud, has an XXE vulnerability that can be chained with an SSRF bug to gain remote command execution as root. It can be triggered by anyone who knows the IP address of…
- risk 0.65cvss 9.9epss 0.02
An issue was discovered in Tufin SecureTrack 18.1 with TufinOS 2.16 build 1179(Final). The Audit Report module is affected by a blind XXE vulnerability when a new Best Practices Report is saved using a special payload inside the xml input field. The XXE vulnerability is blind…
- risk 0.68cvss 9.8epss 0.14
An issue was discovered on TP-Link TL-WR1043ND V2 devices. An attacker can send a cookie in an HTTP authentication packet to the router management web interface, and fully control the router without knowledge of the credentials.
- risk 0.64cvss 9.8epss 0.04
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 81024 RPC call.
- risk 0.59cvss 9.1epss 0.04
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This…
- risk 0.59cvss 9.1epss 0.03
Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash.
- risk 0.64cvss 9.8epss 0.04
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 10012 RPC call.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free.
- risk 0.59cvss 9.1epss 0.04
An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module which enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. A specially crafted index value can cause…
- risk 0.64cvss 9.8epss 0.02
OX App Suite 7.10.0 and earlier has Incorrect Access Control.
- risk 0.64cvss 9.8epss 0.04
An issue was discovered on Vera Veralite 1.7.481 devices. The device has an additional OpenWRT interface in addition to the standard web interface which allows the highest privileges a user can obtain on the device. This web interface uses root as the username and the password…
- risk 0.65cvss 9.9epss 0.03
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port_3480". It seems that the UPnP services provide "wget" as one of the service…
- risk 0.64cvss 9.8epss 0.03
WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded users and passwords that can be used to login via SSH and TELNET.
- risk 0.64cvss 9.8epss 0.03
WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded private keys for the SSH daemon. The fingerprint of the SSH host key from the corresponding SSH daemon matches the embedded private key.
- risk 0.64cvss 9.8epss 0.02
HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an IPP Parser potentially vulnerable to Buffer Overflow.
- risk 0.68cvss 9.8epss 0.19
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A parameter in the web reports module is vulnerable to h2 SQL injection. This can be exploited to inject SQL queries and run standard h2 system functions.
- risk 0.64cvss 9.8epss 0.02
formats/xml.cpp in Leanify 0.4.3 allows for a controlled out-of-bounds write in xml_memory_writer::write via characters that require escaping.
- risk 0.64cvss 9.8epss 0.01
Resource allocation error while playing the video whose dimensions are more than supported dimension in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon…
- risk 0.64cvss 9.8epss 0.02
An unprivileged user can craft a bitstream such that the payload encoded in the bitstream gains code execution in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music,…
- risk 0.64cvss 9.8epss 0.02
An unprivileged user can craft a bitstream such that the payload encoded in the bitstream gains code execution in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music,…
- risk 0.64cvss 9.8epss 0.02
An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers. This issue affects WhatsApp for Android prior to 2.18.276, WhatsApp Business for Android prior to 2.18.99, WhatsApp for iOS prior to 2.18.100.6, WhatsApp Business for iOS prior to…
- risk 0.64cvss 9.8epss 0.02
When receiving calls using WhatsApp for Android, a missing size check when parsing a sender-provided packet allowed for a stack-based overflow. This issue affects WhatsApp for Android prior to 2.18.248 and WhatsApp Business for Android prior to 2.18.132.
- risk 0.64cvss 9.8epss 0.02
When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed in. An off-by-one error meant that data was written beyond the allocated space on the stack. This issue affects WhatsApp for Android starting in…
- risk 0.64cvss 9.8epss 0.02
When receiving calls using WhatsApp for iOS, a missing size check when parsing a sender-provided packet allowed for a stack-based overflow. This issue affects WhatsApp for iOS prior to v2.18.90.24 and WhatsApp Business for iOS prior to v2.18.90.24.
- risk 0.64cvss 9.8epss 0.01
Out of bounds memory read and access may lead to unexpected behavior in GNSS XTRA Parser in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150,…
- risk 0.59cvss 9.1epss 0.01
The HMAC authenticating the message from QSEE is vulnerable to timing side channel analysis leading to potentially forged application message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT,…
- risk 0.64cvss 9.8epss 0.01
Out-of-Bounds write due to incorrect array index check in PMIC in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607,…
- risk 0.64cvss 9.8epss 0.01
Lack of check on length of reason-code fetched from payload may lead driver access the memory not allocated to the frame and results in out of bound read in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,…
- risk 0.64cvss 9.8epss 0.07
A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences.
- risk 0.65cvss 10.0epss 0.03
BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build 11, 1.2 Build 15, 1.3.0 Build 14, 1.3.1 Build 13, This does not impact the latest firmware Versions 1.3.2 and 1.6.1, Additionally, the following products using software Version 2.3.6 and below, Alaris GS,…