Skip to main content
CVE-2019-9885 CRITICAL POC Act Now

eClass platform < ip.2.5.10.2.1 allows an attacker to execute SQL command via /admin/academic/studenview_left.php StudentID parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Eclass Ip
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2019-9884 CRITICAL POC Act Now

eClass platform < ip.2.5.10.2.1 allows an attacker to use GETS method to request /admin page to bypass the password validation and access management page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Eclass Ip
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2019-1010176 CRITICAL POC Act Now

JerryScript commit 4e58ccf68070671e1fff5cd6673f0c1d5b80b166 is affected by: Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow RCE Memory Corruption Jerryscript
NVD GitHub
CVSS 3.0
9.8
EPSS
2.5%
CVE-2019-14266 HIGH POC This Week

OpenSNS v6.1.0 allows SQL Injection via the index.php?s=/ucenter/Config/ uid parameter because of the getNeedQueryData function in Application/Common/Model/UserModel.class.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensns
NVD GitHub
CVSS 3.0
8.8
EPSS
1.3%
CVE-2019-1010127 HIGH POC This Week

VCFTools vcftools prior to version 0.1.15 is affected by: Use-after-free. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Information Disclosure RCE Memory Corruption Use After Free +1
NVD GitHub
CVSS 3.0
7.8
EPSS
1.6%
CVE-2019-14270 HIGH POC This Week

Comodo Antivirus through 12.0.0.6870, Comodo Firewall through 12.0.0.6870, and Comodo Internet Security Premium through 12.0.0.6870, with the Comodo Container feature, are vulnerable to Sandbox. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Antivirus Firewall Internet Security
NVD
CVSS 3.0
7.1
EPSS
0.5%
CVE-2019-11921 CRITICAL PATCH Act Now

An out of bounds write is possible via a specially crafted packet in certain configurations of Proxygen due to improper handling of Base64 when parsing malformed binary content in Structured HTTP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Proxygen
NVD GitHub
CVSS 3.0
9.8
EPSS
2.1%
CVE-2019-13917 CRITICAL PATCH Act Now

{sort } expansion for items that can be controlled by an attacker (e.g.,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Exim Debian Linux
NVD
CVSS 3.0
9.8
EPSS
8.6%
CVE-2019-2327 CRITICAL Act Now

Possible buffer overflow can occur when playing clip with incorrect element size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Mdm9150 Firmware Mdm9206 Firmware Mdm9607 Firmware +41
NVD
CVSS 3.0
9.8
EPSS
0.9%
CVE-2019-2322 CRITICAL Act Now

Buffer overflow can occur when playing specific clip which is non-standard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Mdm9150 Firmware Mdm9206 Firmware Mdm9607 Firmware +41
NVD
CVSS 3.0
9.8
EPSS
0.9%
CVE-2019-2309 CRITICAL PATCH Act Now

While storing calibrated data from firmware in cache, An integer overflow may occur since data length received may exceed real data length. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Qualcomm Buffer Overflow Mdm9150 Firmware Mdm9206 Firmware +22
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2019-2307 CRITICAL PATCH Act Now

Possible integer underflow due to lack of validation before calculation of data length in 802.11 Rx management configuration in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure Mdm9150 Firmware Mdm9206 Firmware +37
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-2305 CRITICAL PATCH Act Now

Out of bound access when reason code is extracted from frame data without validating the frame length in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure Mdm9150 Firmware Mdm9206 Firmware +34
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2019-2276 CRITICAL PATCH Act Now

Possible out of bound read occurs while processing beaconing request due to lack of check on action frames received from user controlled space in Snapdragon Auto, Snapdragon Consumer Electronics. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure Mdm9607 Firmware Msm8996au Firmware +20
NVD
CVSS 3.0
9.8
EPSS
0.9%
CVE-2019-2254 CRITICAL Act Now

Position determination accuracy may be degraded due to wrongly decoded information in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Mdm9150 Firmware Mdm9206 Firmware Mdm9607 Firmware +48
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2019-2253 CRITICAL Act Now

Buffer over-read can occur while parsing an ogg file with a corrupted comment block. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure Mdm9150 Firmware Mdm9206 Firmware +41
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2019-1010174 CRITICAL PATCH Act Now

CImg The CImg Library v.2.3.3 and earlier is affected by: command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection Cimg Library Debian Linux
NVD
CVSS 3.1
9.8
EPSS
4.9%
CVE-2019-1010161 CRITICAL Act Now

perl-CRYPT-JWT 0.022 and earlier is affected by: Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jwt Attack Perl Crypt Jwt
NVD GitHub
CVSS 3.0
9.8
EPSS
1.1%
CVE-2019-2316 HIGH PATCH This Week

When computing the digest a local variable is used after going out of scope in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9640, QCS405, QCS605, SD. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Qualcomm Information Disclosure Memory Corruption Mdm9640 Firmware +20
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2019-4212 HIGH This Week

IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Qradar Security Information And Event Manager
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2019-11922 HIGH PATCH This Week

A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Race Condition Information Disclosure Zstandard
NVD GitHub
CVSS 3.0
8.1
EPSS
1.4%
CVE-2019-2346 HIGH This Week

Firmware is getting into loop of overwriting memory when scan command is given from host because of improper validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Ipq8074 Firmware Qca8081 Firmware Qcs404 Firmware +21
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-2328 HIGH PATCH This Week

Possible buffer overflow when number of channels passed is more than size of channel mapping array in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Qualcomm Mdm9150 Firmware Mdm9206 Firmware Mdm9607 Firmware +42
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-2326 HIGH PATCH This Week

Data token is received from ADSP and is used without validation as an index into the array leads to out of bound access in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Mdm9150 Firmware Mdm9206 Firmware Mdm9607 Firmware +38
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-2312 HIGH PATCH This Week

When handling the vendor command there exists a potential buffer overflow due to lack of input validation of data buffer received in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Qualcomm Mdm9607 Firmware Mdm9640 Firmware Msm8996au Firmware +32
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-2308 HIGH PATCH This Week

User application could potentially make RPC call to the fastrpc driver and the driver will allow the message to go through to the remote subsystem in Snapdragon Auto, Snapdragon Consumer IOT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Mdm9150 Firmware Mdm9607 Firmware Mdm9650 Firmware +32
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-2306 HIGH PATCH This Week

Improper casting of structure while handling the buffer leads to out of bound read in display in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure Mdm9150 Firmware Mdm9206 Firmware +38
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-2301 HIGH PATCH This Week

Possibility of out-of-bound read if id received from SPI is not in range of FIFO in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure Ipq4019 Firmware Ipq8064 Firmware +22
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-2299 HIGH PATCH This Week

An out-of-bound write can be triggered by a specially-crafted command supplied by a userspace application. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Qualcomm Memory Corruption Ipq4019 Firmware Ipq8064 Firmware +38
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-2298 HIGH This Week

Protection is missing while accessing md sessions info via macro which can lead to use-after-free in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Qualcomm Information Disclosure Memory Corruption Mdm9150 Firmware +28
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-2293 HIGH PATCH This Week

Pointer dereference while freeing IFE resources due to lack of length check of in port resource. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Qualcomm Information Disclosure Memory Corruption Msm8909W Firmware +20
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-2290 HIGH PATCH This Week

Multiple open and close from multiple threads will lead camera driver to access destroyed session data pointer in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Qualcomm Information Disclosure Memory Corruption Mdm9206 Firmware +27
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-2281 HIGH This Week

An unauthenticated bitmap image can be loaded in to memory and subsequently cause execution of unverified code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Qcs405 Firmware Qcs605 Firmware Sd 636 Firmware +17
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-2278 HIGH PATCH This Week

User keystore signature is ignored in boot and can lead to bypass boot image signature verification in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in MDM9607, MDM9640, SD 425, SD 427,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Jwt Attack Qualcomm Mdm9607 Firmware Mdm9640 Firmware +13
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-2272 HIGH PATCH This Week

Buffer overflow can occur in display function due to lack of validation of header block size set by user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Qualcomm Mdm9206 Firmware Mdm9607 Firmware Mdm9650 Firmware +25
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-2263 HIGH PATCH This Week

Access to freed memory can happen while reading from diag driver due to use after free issue in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Use After Free Qualcomm Memory Corruption Ipq4019 Firmware +32
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-2238 HIGH This Week

Lack of check of data type can lead to subsequent loop-expression potentially go negative and the condition will still evaluate to true leading to buffer underflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Memory Corruption Mdm9206 Firmware Mdm9607 Firmware +15
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-2235 HIGH This Week

Buffer overflow occurs when emulated RPMB is used due to sector size assumptions in the TA rollback protection logic. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Mdm9206 Firmware Mdm9607 Firmware Mdm9650 Firmware +32
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-4415 HIGH This Week

IBM Cloud Private 3.1.1 and 3.1.2 could allow a local user to obtain elevated privileges due to improper security context constraints. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Private
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-10184 HIGH PATCH This Week

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Undertow Jboss Data Grid Jboss Enterprise Application Platform Openshift Application Runtimes +2
NVD GitHub
CVSS 3.1
7.5
EPSS
3.5%
CVE-2019-2334 HIGH This Week

Null pointer dereferencing can happen when playing the clip with wrong block group id in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Qualcomm Mdm9150 Firmware Mdm9206 Firmware +42
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2019-2273 HIGH This Week

IOMMU page fault while playing h265 video file leads to denial of service issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Qualcomm Information Disclosure Msm8909W Firmware +29
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2019-1010172 HIGH This Week

Jsish 2.4.84 2.0484 is affected by: Uncontrolled Resource Consumption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jsish
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2019-14262 HIGH PATCH This Week

MetadataExtractor 2.1.0 allows stack consumption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Metadataextractor
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2019-13483 HIGH PATCH This Week

Auth0 Passport-SharePoint before 0.4.0 does not validate the JWT signature of an Access Token before processing. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Passport Sharepoint
NVD
CVSS 3.0
7.3
EPSS
0.6%
CVE-2019-2345 HIGH PATCH This Week

Race condition while accessing DMA buffer in jpeg driver in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in. Rated high severity (CVSS 7.0).

Race Condition Qualcomm Information Disclosure Msm8909W Firmware Msm8996au Firmware +20
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2019-2314 HIGH PATCH This Week

Possible race condition that will cause a use-after-free when writing to two sysfs entries at nearly the same time in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated high severity (CVSS 7.0).

Race Condition Qualcomm Information Disclosure Msm8909W Firmware Qcs405 Firmware +22
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2019-14268 MEDIUM This Month

In Octopus Deploy versions 3.0.19 to 2019.7.2, when a web request proxy is configured, an authenticated user (in certain limited circumstances) could trigger a deployment that writes the web request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Octopus Deploy
NVD GitHub
CVSS 3.0
6.5
EPSS
1.1%
CVE-2019-1010182 MEDIUM PATCH This Month

yaml-rust 0.4.0 and earlier is affected by: Uncontrolled Recursion. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Yaml Rust
NVD GitHub
CVSS 3.0
6.5
EPSS
1.1%
CVE-2019-1010183 MEDIUM This Month

serde serde_yaml 0.6.0 to 0.8.3 is affected by: Uncontrolled Recursion. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Deserialization Serde Yaml
NVD GitHub
CVSS 3.0
6.5
EPSS
1.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy