Latest CVE Feed
-
10.0
HIGHCVE-2019-17212
Buffer overflows were discovered in the CoAP library in Arm Mbed OS 5.14.0. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses CoAP input linearly using a while loop. Once an option is pars... Read more
- Published: Nov. 05, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2006-4243
linux vserver 2.6 before 2.6.17 suffers from privilege escalation in remount code.... Read more
- Published: Nov. 06, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2016-4401
Aruba ClearPass Policy Manager before 6.5.7 and 6.6.x before 6.6.2 allows attackers to obtain database credentials.... Read more
Affected Products : clearpass- Published: Nov. 06, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-2249
Kernel can do a memory read from arbitrary address passed by user during execution of a syscall in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking i... Read more
Affected Products : ipq8074_firmware qca8081_firmware sd_8cx_firmware sdm660_firmware sd_450_firmware sd_625_firmware sd_835_firmware qcs605_firmware sd_675_firmware mdm9650_firmware +44 more products- Published: Nov. 06, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-2258
Improper validation of array index causes OOB write and then leads to memory corruption in MMCP in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdr... Read more
Affected Products : sd_8cx_firmware sdm660_firmware msm8996au_firmware sd_450_firmware sd_625_firmware sd_820_firmware sd_820a_firmware sd_835_firmware mdm9150_firmware qcs605_firmware +90 more products- Published: Nov. 06, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-2283
Improper validation of read and write index of tx and rx fifo`s before calculating pointer can lead to out-of-bound access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Mu... Read more
Affected Products : sdm660_firmware msm8996au_firmware sd_450_firmware sd_625_firmware sd_820_firmware sd_820a_firmware sd_835_firmware mdm9150_firmware qcs605_firmware sd_675_firmware +68 more products- Published: Nov. 06, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-2285
Out of bound write issue is observed while giving information about properties that have been set so far for playing video in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobi... Read more
Affected Products : sd_8cx_firmware sdm660_firmware msm8996au_firmware sd_450_firmware sd_625_firmware sd_820_firmware sd_820a_firmware sd_835_firmware qcs605_firmware sd_675_firmware +62 more products- Published: Nov. 06, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-2325
Out of boundary access due to token received from ADSP and is used without validation as an index into the array in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voic... Read more
Affected Products : sdm660_firmware msm8996au_firmware sd_450_firmware sd_625_firmware sd_820_firmware sd_820a_firmware sd_835_firmware mdm9150_firmware qcs605_firmware sd_675_firmware +78 more products- Published: Nov. 06, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-11996
Potential security vulnerabilities have been identified with HPE Nimble Storage systems in multi array group configurations. The vulnerabilities could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, a... Read more
Affected Products : nimbleos nimble_storage_af20_all_flash_array nimble_storage_af20q_all_flash_dual_controller nimble_storage_af40_all_flash_dual_controller nimble_storage_af60_all_flash_dual_controller nimble_storage_af80_all_flash_dual_controller nimble_storage_cs3000 nimble_storage_cs5000 nimble_storage_cs7000 nimble_storage_secondary_flash_arrays- Published: Nov. 07, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2013-4657
Symlink Traversal vulnerability in NETGEAR WNR3500U and WNR3500L due to misconfiguration in the SMB service.... Read more
- Published: Nov. 13, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2013-3367
Undocumented TELNET service in TRENDnet TEW-691GR and TEW-692GR when a web page named backdoor contains an HTML parameter of password and a value of j78G¬DFdg_24Mhw3.... Read more
- Published: Nov. 13, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-15800
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Due to lack of input validation in the cmd_sys_traceroute_exec(), cmd_sys_arp_clear(), and cmd_sys_ping_exec() functions in the libclicmd.so library contained in the firm... Read more
Affected Products : gs1900-8_firmware gs1900-24_firmware gs1900-8hp_firmware gs1900-10hp_firmware gs1900-16_firmware gs1900-24e_firmware gs1900-24hp_firmware gs1900-48_firmware gs1900-48hp_firmware gs1900-48 +8 more products- Published: Nov. 14, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-12489
An issue was discovered on Fastweb Askey RTV1907VW 0.00.81_FW_200_Askey 2018-10-02 18:08:18 devices. By using the usb_remove service through an HTTP request, it is possible to inject and execute a command between two & characters in the mount parameter.... Read more
- Published: Nov. 26, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-12503
Due to unencrypted and unauthenticated data communication, the wireless barcode scanner Inateck BCST-60 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware... Read more
- Published: Dec. 02, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-17556
Apache Olingo versions 4.0.0 to 4.6.0 provide the AbstractService class, which is public API, uses ObjectInputStream and doesn't check classes being deserialized. If an attacker can feed malicious metadata to the class, then it may result in running attac... Read more
Affected Products : olingo- Published: Dec. 04, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-18671
Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes in the .bss segment via crafted messages. The vulnerability could allow code execution or other forms of impact. It c... Read more
- Published: Dec. 06, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-4521
Platform System Manager in IBM Cloud Pak System 2.3 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 165179.... Read more
Affected Products : cloud_pak_system- Published: Dec. 10, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-17270
Yachtcontrol through 2019-10-06: It's possible to perform direct Operating System commands as an unauthenticated user via the "/pages/systemcall.php?command={COMMAND}" page and parameter, where {COMMAND} will be executed and returning the results to the c... Read more
Affected Products : yachtcontrol- Published: Dec. 10, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-16734
Use of default credentials for the TELNET server in Petwant PF-103 firmware 4.3.2.50 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.... Read more
- Published: Dec. 13, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-16735
A stack-based buffer overflow in processCommandUploadLog in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to cause denial of service or run arbitrary code as the root user.... Read more
- Published: Dec. 13, 2019
- Modified: Nov. 21, 2024