Latest CVE Feed
-
9.8
CRITICALCVE-2019-10614
Out of boundary access is possible as there is no validation of data accessed against the received size of the packet in case of malicious firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivi... Read more
Affected Products : sa6155p_firmware sdx55_firmware sdm660_firmware sm8150_firmware sm8250_firmware sxr2130_firmware msm8996au_firmware apq8096au_firmware qcs605_firmware sdx24_firmware +80 more products- Published: Dec. 18, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-10565
Double free issue can happen when sensor power settings is freed by some thread while another thread try to access. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, S... Read more
Affected Products : qcs605_firmware sdx24_firmware msm8909w_firmware qcs405_firmware qcn7605_firmware mdm9206_firmware mdm9607_firmware sdm845_firmware apq8053_firmware sxr1130_firmware +16 more products- Published: Nov. 06, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-10712
The Web-GUI on WAGO Series 750-88x (750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889) and Series 750-87x (750-830, 750-849, 750-871, 750-872, 750-873) devices has undocumented service access.... Read more
Affected Products : 750-352_firmware 750-831_firmware 750-852_firmware 750-880_firmware 750-881_firmware 750-889_firmware 750-829_firmware 750-882_firmware 750-885_firmware 750-849_firmware +22 more products- Published: May. 07, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-10559
Accessing data buffer beyond the available data while parsing ogg clip can lead to null-pointer dereference and then memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Sna... Read more
Affected Products : sdm660_firmware sm8150_firmware sm8250_firmware sxr2130_firmware msm8996au_firmware apq8096au_firmware qcs605_firmware apq8009_firmware msm8909w_firmware sdx20_firmware +64 more products- Published: Dec. 12, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-10572
Improper check in video driver while processing data from video firmware can lead to integer overflow and then buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consum... Read more
Affected Products : sa6155p_firmware sdx55_firmware sdm660_firmware sm8150_firmware msm8996au_firmware apq8096au_firmware qcs605_firmware sdx24_firmware apq8009_firmware mdm9650_firmware +76 more products- Published: Dec. 18, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-10505
Out of bound access while processing a non-standard IE measurement request with length crossing past the size of frame in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Sn... Read more
Affected Products : qca6574au_firmware sdm660_firmware msm8996au_firmware sd_450_firmware sd_625_firmware sd_820a_firmware sd_835_firmware mdm9150_firmware qca6174a_firmware qca9377_firmware +78 more products- Published: Nov. 06, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-10276
Western Bridge Cobub Razor 0.8.0 has a file upload vulnerability via the web/assets/swf/uploadify.php URI, as demonstrated by a .php file with the image/jpeg content type.... Read more
Affected Products : razor- Published: Mar. 29, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-10256
An authentication bypass vulnerability in VIVOTEK IPCam versions prior to 0x13a was found.... Read more
Affected Products : camera- Published: Sep. 10, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-10212
A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files.... Read more
- Published: Oct. 02, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-10211
Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory.... Read more
- Published: Oct. 29, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-10196
A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU r... Read more
- Published: Mar. 19, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-10121
eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.15 use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID via the user authentication dialogue, aka HMCCU-153. This leads to automatic lo... Read more
- Published: Jul. 10, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-10173
It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling X... Read more
Affected Products : retail_xstore_point_of_service webcenter_portal xstream banking_platform communications_diameter_signaling_router communications_unified_inventory_management utilities_framework endeca_information_discovery_studio communications_billing_and_revenue_management_elastic_charging_engine business_activity_monitoring +2 more products- Published: Jul. 23, 2019
- Modified: May. 14, 2025
-
9.8
CRITICALCVE-2019-10123
SQL Injection in Advanced InfoData Systems (AIS) ESEL-Server 67 (which is the backend for the AIS logistics mobile app) allows an anonymous attacker to execute arbitrary code in the context of the user of the MSSQL database. The default user for the datab... Read more
- Published: May. 31, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-10061
utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary commands.... Read more
- Published: Mar. 26, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-10068
An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the i... Read more
Affected Products : kentico- Actively Exploited
- Published: Mar. 26, 2019
- Modified: Mar. 14, 2025
-
9.8
CRITICALCVE-2019-10069
In Godot through 3.1, remote code execution is possible due to the deserialization policy not being applied correctly.... Read more
Affected Products : godot- Published: May. 31, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-1010308
Aquaverde GmbH Aquarius CMS prior to version 4.1.1 is affected by: Incorrect Access Control. The impact is: The access to the log file is not restricted. It contains sensitive information like passwords etc. The component is: log file. The attack vector i... Read more
Affected Products : aquarius_cms- Published: Jul. 15, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-1010295
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Memory corruption and disclosure of memory content. The component is: optee_os. The fixed version is: 3.4.0 and later.... Read more
Affected Products : op-tee- Published: Jul. 15, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-1010292
Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. The impact is: This could lead to corruption of any memory which the TA can access. The component is: optee_os. The fixed version is: v3.4.0.... Read more
Affected Products : op-tee- Published: Jul. 16, 2019
- Modified: Nov. 21, 2024