Skip to main content
CVE-2019-12328 HIGH POC This Week

A command injection (missing input validation) issue in the remote phonebook configuration URI in the web interface of the Atcom A10W VoIP phone with firmware 2.6.1a2421 allows an authenticated. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A10W Firmware
NVD
CVSS 3.0
8.8
EPSS
4.2%
CVE-2019-12325 HIGH POC This Week

The Htek UC902 VoIP phone web management interface contains several buffer overflow vulnerabilities in the firmware version 2.0.4.4.46, which allow an attacker to crash the device (DoS) without. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Uc902 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2019-1010218 HIGH POC This Week

Cherokee Webserver Latest Cherokee Web server Upto Version 1.2.103 (Current stable) is affected by: Buffer Overflow - CWE-120. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Cherokee Web Server
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-13097 HIGH POC This Week

The application API of Cat Runner Decorate Home version 2.8.0 for Android does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Decorate Home Project
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-12324 HIGH POC This Week

A command injection (missing input validation) issue in the IP address field for the logging server in the configuration web interface on the Akuvox R50P VoIP phone with firmware 50.0.6.156 allows an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Sp R50P Firmware
NVD
CVSS 3.0
7.2
EPSS
4.3%
CVE-2019-4267 HIGH PATCH This Week

The IBM Spectrum Protect 7.1 and 8.1 Backup-Archive Client is vulnerable to a buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow IBM RCE Spectrum Protect
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-2292 HIGH PATCH This Week

Out of bound access can occur due to buffer copy without checking size of input received from WLAN firmware in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Qualcomm Memory Corruption Mdm9150 Firmware Mdm9650 Firmware +29
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-2277 HIGH PATCH This Week

Out of bound read can happen due to lack of NULL termination on user controlled data in WLAN in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure Msm8996au Firmware Qcs405 Firmware +26
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-2264 HIGH PATCH This Week

Null pointer dereference occurs for channel context while opening glink channel in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Use After Free Qualcomm Memory Corruption Mdm9607 Firmware +25
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-2260 HIGH PATCH This Week

A race condition occurs while processing perf-event which can lead to a use after free condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated high severity (CVSS 7.0).

Race Condition Denial Of Service Qualcomm Mdm9150 Firmware Mdm9206 Firmware +37
NVD
CVSS 3.0
7.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy