Skip to main content
CVE-2019-17051 HIGH POC This Week

Evernote before 7.13 GA on macOS allows code execution because the com.apple.quarantine attribute is not used for attachment files, as demonstrated by a one-click attack involving a drag-and-drop. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple RCE Evernote
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2019-16760 HIGH POC PATCH This Week

Cargo prior to Rust 1.26.0 may download the wrong dependency if your package.toml file uses the `package` configuration key. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Rust
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-17049 HIGH POC This Week

NETGEAR SRX5308 4.3.5-3 devices allow SQL Injection, as exploited in the wild in September 2019 to add a new user account. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear SQLi Srx5308 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-16995 HIGH POC PATCH This Week

In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Linux Linux Kernel Leap Aff A700S Firmware +14
NVD GitHub
CVSS 3.1
7.5
EPSS
3.5%
CVE-2019-17046 HIGH POC This Week

Ilch 2.1.22 allows remote code execution because php is listed under "Allowed files" on the index.php/admin/media/settings/index page. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload RCE Ilch Cms
NVD
CVSS 3.1
7.2
EPSS
4.4%
CVE-2019-16997 HIGH POC THREAT This Week

In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/language/admin/language_general.class.php via the admin/?n=language&c=language_general&a=doExportPack appno parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Metinfo
NVD GitHub
CVSS 3.1
7.2
EPSS
49.4%
CVE-2019-16996 HIGH POC THREAT This Week

In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/product_admin.class.php via the admin/?n=product&c=product_admin&a=dopara&app_type=shop id parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Metinfo
NVD GitHub
CVSS 3.1
7.2
EPSS
12.4%
CVE-2019-16745 HIGH This Week

eBrigade before 5.0 has evenement_choice.php chxCal SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Ebrigade
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2019-16744 HIGH This Week

eBrigade before 5.0 has evenements.php cid SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Ebrigade
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2019-16743 HIGH This Week

eBrigade before 5.0 has evenement_ical.php evenement SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Ebrigade
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2019-16993 HIGH PATCH This Week

In phpBB before 3.1.7-PL1, includes/acp/acp_bbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

PHP CSRF Phpbb Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2019-10510 HIGH PATCH This Week

BT process died and BT toggled due to null pointer dereference when invalid vendor pass through command sent from remote in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Qualcomm Qcs405 Firmware Qcs605 Firmware +10
NVD
CVSS 3.1
8.2
EPSS
0.7%
CVE-2019-2341 HIGH PATCH This Week

Buffer overflow when the audio buffer size provided by user is larger than the maximum allowable audio buffer size. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Mdm9150 Firmware Mdm9206 Firmware Mdm9607 Firmware +41
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-2333 HIGH PATCH This Week

Buffer overflow due to improper validation of buffer size while IPA driver processing to perform read operation in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Mdm9150 Firmware Mdm9607 Firmware Mdm9650 Firmware +35
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10508 HIGH PATCH This Week

Lack of input validation for data received from user space can lead to OOB access in WLAN in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Mdm9150 Firmware Mdm9206 Firmware Mdm9607 Firmware +23
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10507 HIGH PATCH This Week

Lack of check of extscan change results received from firmware can lead to an out of buffer read in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure Mdm9150 Firmware Mdm9206 Firmware +33
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10506 HIGH PATCH This Week

While processing QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY vendor command, driver does not validate the data obtained from the user space which could be invalid and thus leads to an undesired. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Mdm9206 Firmware Mdm9607 Firmware Msm8996au Firmware +23
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10501 HIGH PATCH This Week

Possible use after free issue due to improper input validation in volume listener library in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Qualcomm Mdm9150 Firmware Mdm9206 Firmware Mdm9607 Firmware +37
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10499 HIGH PATCH This Week

Improper validation of read and write index of tx and rx fifo`s before using for data copy from fifo can lead to out-of-bound access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Ipq4019 Firmware Ipq8064 Firmware Ipq8074 Firmware +5
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10498 HIGH This Week

Buffer overflow scenario if the client sends more than 5 io_vec requests to the server in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Mdm9150 Firmware Mdm9206 Firmware Mdm9607 Firmware +41
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10497 HIGH PATCH This Week

Use after free issue occurs If another instance of open for voice_svc node has been called from application without closing the previous one. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Use After Free Qualcomm Memory Corruption Mdm9150 Firmware +42
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10492 HIGH PATCH This Week

Boot image not getting verified by AVB in Snapdragon Auto, Snapdragon Mobile, Snapdragon Wearables in MDM9607, MSM8909W, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 /. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Mdm9607 Firmware Msm8909W Firmware Qualcomm 215 Firmware +15
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2019-3732 HIGH This Week

RSA BSAFE Crypto-C Micro Edition, versions prior to 4.0.5.3 (in 4.0.x) and versions prior to 4.1.3.3 (in 4.1.x), and RSA Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) versions prior to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bsafe Crypto C Micro Edition Bsafe Micro Edition Suite Rsa Bsafe Crypto C
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-3731 HIGH This Week

RSA BSAFE Crypto-C Micro Edition versions prior to 4.1.4 and RSA Micro Edition Suite versions prior to 4.4 are vulnerable to an Information Exposure Through Timing Discrepancy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bsafe Crypto C Micro Edition Bsafe Micro Edition Suite
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-3730 HIGH This Week

RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 (in 4.1.x) and prior to 4.4 (in 4.2.x and 4.3.x), are vulnerable to an Information Exposure Through an Error Message vulnerability, also known. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Oracle Bsafe Micro Edition Suite
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2019-3728 HIGH This Week

RSA BSAFE Crypto-C Micro Edition versions from 4.0.0.0 before 4.0.5.4 and from 4.1.0 before 4.1.4, RSA BSAFE Micro Edition Suite versions from 4.0.0 before 4.0.13 and from 4.1.0 before 4.4 and RSA. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Bsafe Crypto C Bsafe Crypto C Micro Edition Bsafe Micro Edition Suite
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2019-13124 HIGH PATCH This Week

Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs involving 3 functions exhausting available stack memory because of Uncontrolled Recursion in the V8 JavaScript engine (issue 2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Foxit Reader
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-13123 HIGH PATCH This Week

Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs involving 3 functions exhausting available stack memory because of Uncontrolled Recursion in the V8 JavaScript engine (issue 1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Foxit Reader
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-16276 HIGH PATCH This Week

Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Information Disclosure Go Debian Linux Leap +6
NVD GitHub
CVSS 3.1
7.5
EPSS
5.2%
CVE-2019-13466 HIGH PATCH This Week

Western Digital SSD Dashboard before 2.5.1.0 and SanDisk SSD Dashboard before 2.5.1.0 have Incorrect Access Control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Ssd Dashboard
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2019-10489 HIGH This Week

Possible null-pointer dereference can occur while parsing avi clip during copy in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Qualcomm Mdm9206 Firmware Mdm9607 Firmware +40
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2019-16992 HIGH This Week

The Keybase app 2.13.2 for iOS provides potentially insufficient notice that it is employing a user's private key to sign a certain cryptocurrency attestation (that an address at keybase.io can be. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Apple Information Disclosure Keybase
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2019-17050 HIGH This Week

An issue was discovered in the Voyager package through 1.2.7 for Laravel. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Voyager
NVD GitHub
CVSS 3.1
7.2
EPSS
1.3%
CVE-2019-2284 HIGH PATCH This Week

Possible use-after-free issue due to a race condition while calling camera ioctl concurrently in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon. Rated high severity (CVSS 7.0).

Race Condition Qualcomm Information Disclosure Msm8909W Firmware Qcs405 Firmware +19
NVD
CVSS 3.1
7.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy