Latest CVE Feed
-
9.8
CRITICALCVE-2019-10769
safer-eval is a npm package to sandbox the he evaluation of code used within the eval function. Affected versions of this package are vulnerable to Arbitrary Code Execution via generating a RangeError.... Read more
Affected Products : safer-eval- Published: Dec. 06, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-10746
mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.... Read more
- Published: Aug. 23, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-10766
Pixie versions 1.0.x before 1.0.3, and 2.0.x before 2.0.2 allow SQL Injection in the limit() function due to improper sanitization.... Read more
Affected Products : pixie- Published: Nov. 19, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-10749
sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect.... Read more
Affected Products : sequelize- Published: Oct. 29, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-10747
set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and _proto_ payloads.... Read more
Affected Products : set-value- Published: Aug. 23, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-11068
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequ... Read more
Affected Products : ubuntu_linux fedora debian_linux leap active_iq_unified_manager cloud_backup hci_management_node solidfire oncommand_insight oncommand_workflow_automation +13 more products- Published: Apr. 10, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-10748
Sequelize all versions prior to 3.35.1, 4.44.3, and 5.8.11 are vulnerable to SQL Injection due to JSON path keys not being properly escaped for the MySQL/MariaDB dialects.... Read more
Affected Products : sequelize- Published: Oct. 29, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-10709
AsusPTPFilter.sys on Asus Precision TouchPad 11.0.0.25 hardware has a Pool Overflow associated with the \\.\AsusTP device, leading to a DoS or potentially privilege escalation via a crafted DeviceIoControl call.... Read more
Affected Products : precision_touchpad- Published: Sep. 04, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-10750
deeply is vulnerable to Prototype Pollution in versions before 3.1.0. The function assign-deep could be tricked into adding or modifying properties of Object.prototype using using a _proto_ payload.... Read more
Affected Products : deeply- Published: Aug. 23, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-10687
KBPublisher 6.0.2.1 has SQL Injection via the admin/index.php?module=report entry_id[0] parameter, the admin/index.php?module=log id parameter, or an index.php?View=print&id[]= request.... Read more
Affected Products : kbpublisher- Published: Aug. 21, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-24489
A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller.... Read more
Affected Products : sharefile_storage_zones_controller- Actively Exploited
- Published: Jul. 10, 2023
- Modified: Mar. 13, 2025
-
9.8
CRITICALCVE-2019-10844
nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries (aka nnabla) through v1.0.14 relies on the HOME environment variable, which might be untrusted.... Read more
Affected Products : neural_network_libraries- Published: Apr. 04, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-10641
Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password.... Read more
- Published: Apr. 17, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-10664
Domoticz before 4.10578 allows SQL Injection via the idx parameter in CWebServer::GetFloorplanImage in WebServer.cpp.... Read more
Affected Products : domoticz- Published: Mar. 31, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-10614
Out of boundary access is possible as there is no validation of data accessed against the received size of the packet in case of malicious firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivi... Read more
Affected Products : sa6155p_firmware sdx55_firmware sdm660_firmware sm8150_firmware sm8250_firmware sxr2130_firmware msm8996au_firmware apq8096au_firmware qcs605_firmware sdx24_firmware +80 more products- Published: Dec. 18, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-10565
Double free issue can happen when sensor power settings is freed by some thread while another thread try to access. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, S... Read more
Affected Products : qcs605_firmware sdx24_firmware msm8909w_firmware qcs405_firmware qcn7605_firmware mdm9206_firmware mdm9607_firmware sdm845_firmware apq8053_firmware sxr1130_firmware +16 more products- Published: Nov. 06, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-10712
The Web-GUI on WAGO Series 750-88x (750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889) and Series 750-87x (750-830, 750-849, 750-871, 750-872, 750-873) devices has undocumented service access.... Read more
Affected Products : 750-352_firmware 750-831_firmware 750-852_firmware 750-880_firmware 750-881_firmware 750-889_firmware 750-829_firmware 750-882_firmware 750-885_firmware 750-849_firmware +22 more products- Published: May. 07, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-10559
Accessing data buffer beyond the available data while parsing ogg clip can lead to null-pointer dereference and then memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Sna... Read more
Affected Products : sdm660_firmware sm8150_firmware sm8250_firmware sxr2130_firmware msm8996au_firmware apq8096au_firmware qcs605_firmware apq8009_firmware msm8909w_firmware sdx20_firmware +64 more products- Published: Dec. 12, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-10572
Improper check in video driver while processing data from video firmware can lead to integer overflow and then buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consum... Read more
Affected Products : sa6155p_firmware sdx55_firmware sdm660_firmware sm8150_firmware msm8996au_firmware apq8096au_firmware qcs605_firmware sdx24_firmware apq8009_firmware mdm9650_firmware +76 more products- Published: Dec. 18, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-10505
Out of bound access while processing a non-standard IE measurement request with length crossing past the size of frame in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Sn... Read more
Affected Products : qca6574au_firmware sdm660_firmware msm8996au_firmware sd_450_firmware sd_625_firmware sd_820a_firmware sd_835_firmware mdm9150_firmware qca6174a_firmware qca9377_firmware +78 more products- Published: Nov. 06, 2019
- Modified: Nov. 21, 2024