Skip to main content
CVE-2019-16932 CRITICAL POC THREAT Act Now

A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress Visualizer
NVD
CVSS 3.1
10.0
EPSS
39.1%
CVE-2019-16999 CRITICAL POC Act Now

CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status field in JSON data to the api/osinstall/v1/device/getNumByStatus URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cloudboot
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-16676 CRITICAL POC PATCH Act Now

Plataformatec Simple Form has Incorrect Access Control in file_method? in lib/simple_form/form_builder.rb, because a user-supplied string is invoked as a method call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Simple Form
NVD GitHub
CVSS 3.1
9.8
EPSS
3.4%
CVE-2019-2294 CRITICAL PATCH Act Now

Usage of hard-coded magic number for calculating heap guard bytes can allow users to corrupt heap blocks without heap algorithm knowledge in Snapdragon Auto, Snapdragon Compute, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Qualcomm Information Disclosure Mdm9205 Firmware Mdm9206 Firmware Mdm9607 Firmware +44
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-2252 CRITICAL PATCH Act Now

Classic buffer overflow vulnerability while playing the specific video whose Decode picture buffer size is more than 16 in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Mdm9650 Firmware Msm8909W Firmware Msm8996au Firmware +33
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2019-10540 CRITICAL Act Now

Buffer overflow in WLAN NAN function due to lack of check of count value received in NAN availability attribute in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Ipq8074 Firmware Msm8996au Firmware Qca6174a Firmware +24
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2019-10539 CRITICAL Act Now

Possible buffer overflow issue due to lack of length check when parsing the extended cap IE header length in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Ipq8074 Firmware Mdm9206 Firmware Mdm9607 Firmware +46
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-10538 CRITICAL PATCH Act Now

Lack of check of address range received from firmware response allows modem to respond arbitrary pages into its address range which can compromise HLOS in Snapdragon Auto, Snapdragon Compute,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Qualcomm Information Disclosure Msm8909W Firmware Msm8996au Firmware Qcs405 Firmware +24
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2019-10509 CRITICAL PATCH Act Now

Device record of the pairing device used after free during ACL disconnection in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Qualcomm Information Disclosure Memory Corruption Msm8909W Firmware +31
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-17040 CRITICAL PATCH Act Now

contrib/pmdb2diag/pmdb2diag.c in Rsyslog v8.1908.0 allows out-of-bounds access because the level length is mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Rsyslog
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy