Skip to main content
CVE-2019-12327 CRITICAL POC Act Now

Hardcoded credentials in the Akuvox R50P VoIP phone 50.0.6.156 allow an attacker to get access to the device via telnet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Sp R50P Firmware
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2019-13096 CRITICAL POC Act Now

TronLink Wallet 2.2.0 stores user wallet keystore in plaintext and places them in insecure storage. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Wallet
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2019-12326 CRITICAL POC Act Now

Missing file and path validation in the ringtone upload function of the Akuvox R50P VoIP phone 50.0.6.156 allows an attacker to upload a manipulated ringtone file, with an executable payload (shell. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Sp R50P Firmware
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2019-1010228 CRITICAL POC Act Now

OFFIS.de DCMTK 3.6.3 and below is affected by: Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow RCE Memory Corruption Dcmtk +1
NVD
CVSS 3.1
9.8
EPSS
7.6%
CVE-2019-1010234 CRITICAL POC Act Now

The Linux Foundation ONOS 1.15.0 and ealier is affected by: Improper Input Validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Open Network Operating System
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-12328 HIGH POC This Week

A command injection (missing input validation) issue in the remote phonebook configuration URI in the web interface of the Atcom A10W VoIP phone with firmware 2.6.1a2421 allows an authenticated. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A10W Firmware
NVD
CVSS 3.0
8.8
EPSS
4.2%
CVE-2019-12325 HIGH POC This Week

The Htek UC902 VoIP phone web management interface contains several buffer overflow vulnerabilities in the firmware version 2.0.4.4.46, which allow an attacker to crash the device (DoS) without. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Uc902 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2019-1010218 HIGH POC This Week

Cherokee Webserver Latest Cherokee Web server Upto Version 1.2.103 (Current stable) is affected by: Buffer Overflow - CWE-120. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Cherokee Web Server
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-13097 HIGH POC This Week

The application API of Cat Runner Decorate Home version 2.8.0 for Android does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Decorate Home Project
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-12324 HIGH POC This Week

A command injection (missing input validation) issue in the IP address field for the logging server in the configuration web interface on the Akuvox R50P VoIP phone with firmware 50.0.6.156 allows an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Sp R50P Firmware
NVD
CVSS 3.0
7.2
EPSS
4.3%
CVE-2019-13100 MEDIUM POC This Month

The Send Anywhere application 9.4.18 for Android stores confidential information insecurely on the system (i.e., in cleartext), which allows a non-root user to find out the username/password of a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Send Anywhere
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2019-13099 MEDIUM POC This Month

The Momo application 2.1.9 for Android stores confidential information insecurely on the system (i.e., in cleartext), which allows a non-root user to find out the username/password of a valid user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Momo
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2019-13098 MEDIUM POC This Month

The user password via the registration form of TronLink Wallet 2.2.0 is stored in the log when the class CreateWalletTwoActivity is called. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Wallet
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2019-1010232 MEDIUM POC This Month

Juniper juniper/libslax libslax latest version (as of commit 084ddf6ab4a55b59dfa9a53f9c5f14d192c4f8e5 Commits on Sep 1, 2018) is affected by: Buffer Overflow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Juniper Buffer Overflow Memory Corruption Libslax
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2019-2287 CRITICAL PATCH Act Now

Improper validation for inputs received from firmware can lead to an out of bound write issue in video driver. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Qualcomm Memory Corruption Mdm9150 Firmware Mdm9206 Firmware +40
NVD
CVSS 3.0
9.8
EPSS
0.9%
CVE-2019-2279 CRITICAL PATCH Act Now

Shared memory gets updated with invalid data and may lead to access beyond the allocated memory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Qualcomm Memory Corruption Mdm9150 Firmware Mdm9607 Firmware +36
NVD
CVSS 3.0
9.8
EPSS
0.9%
CVE-2019-2269 CRITICAL PATCH Act Now

Possible buffer overflow while processing the high level lim process action frame due to improper buffer length validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Qualcomm Mdm9150 Firmware Mdm9650 Firmware Msm8996au Firmware +21
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2019-12552 MEDIUM POC This Month

In SweetScape 010 Editor 9.0.1, an integer overflow during the initialization of variables could allow an attacker to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Integer Overflow 010 Editor
NVD GitHub
CVSS 3.0
5.5
EPSS
1.5%
CVE-2019-12551 MEDIUM POC This Month

In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the Memcpy function (provided by the scripting engine) allows an attacker to overwrite arbitrary. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption 010 Editor
NVD GitHub
CVSS 3.0
5.5
EPSS
2.1%
CVE-2019-1010235 MEDIUM POC This Month

Frog CMS 1.1 is affected by: Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Frog Cms
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2019-4267 HIGH PATCH This Week

The IBM Spectrum Protect 7.1 and 8.1 Backup-Archive Client is vulnerable to a buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow IBM RCE Spectrum Protect
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-2292 HIGH PATCH This Week

Out of bound access can occur due to buffer copy without checking size of input received from WLAN firmware in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Qualcomm Memory Corruption Mdm9150 Firmware Mdm9650 Firmware +29
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-2277 HIGH PATCH This Week

Out of bound read can happen due to lack of NULL termination on user controlled data in WLAN in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure Msm8996au Firmware Qcs405 Firmware +26
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-2264 HIGH PATCH This Week

Null pointer dereference occurs for channel context while opening glink channel in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Use After Free Qualcomm Memory Corruption Mdm9607 Firmware +25
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-2260 HIGH PATCH This Week

A race condition occurs while processing perf-event which can lead to a use after free condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated high severity (CVSS 7.0).

Race Condition Denial Of Service Qualcomm Mdm9150 Firmware Mdm9206 Firmware +37
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2019-9959 MEDIUM This Month

The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Poppler Debian Linux Fedora +4
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2019-1010237 MEDIUM PATCH This Month

Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site Scripting (XSS) - CWE-79 Type 2: Stored XSS (or Persistent). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ilias
NVD GitHub
CVSS 3.0
6.1
EPSS
1.7%
CVE-2019-2261 MEDIUM This Month

Unauthorized access from GPU subsystem to HLOS or other non secure subsystem memory can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Qualcomm Information Disclosure Ipq8074 Firmware Mdm9150 Firmware +40
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2019-2243 MEDIUM This Month

Possible buffer overflow at the end of iterating loop while getting the version info and lead to information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure Mdm9206 Firmware Mdm9607 Firmware +36
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2019-3414 MEDIUM This Month

All versions up to V1.19.20.02 of ZTE OTCP product are impacted by XSS vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

XSS Zte Otcp Firmware
NVD
CVSS 3.0
4.8
EPSS
0.5%
CVE-2019-4236 MEDIUM PATCH This Month

A IBM Spectrum Protect 7.l client backup or archive operation running for an HP-UX VxFS object is silently skipping Access Control List (ACL) entries from backup or archive if there are more than. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

HP IBM Information Disclosure Spectrum Protect
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2019-1010220 LOW PATCH Monitor

tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Tcpdump
NVD GitHub
CVSS 3.0
3.3
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy