Latest CVE Feed
-
10.0
HIGHCVE-2019-2258
Improper validation of array index causes OOB write and then leads to memory corruption in MMCP in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdr... Read more
Affected Products : sd_8cx_firmware sdm660_firmware msm8996au_firmware sd_450_firmware sd_625_firmware sd_820_firmware sd_820a_firmware sd_835_firmware mdm9150_firmware qcs605_firmware +90 more products- EPSS Score: %0.25
- Published: Nov. 06, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-2283
Improper validation of read and write index of tx and rx fifo`s before calculating pointer can lead to out-of-bound access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Mu... Read more
Affected Products : sdm660_firmware msm8996au_firmware sd_450_firmware sd_625_firmware sd_820_firmware sd_820a_firmware sd_835_firmware mdm9150_firmware qcs605_firmware sd_675_firmware +68 more products- EPSS Score: %0.31
- Published: Nov. 06, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-2285
Out of bound write issue is observed while giving information about properties that have been set so far for playing video in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobi... Read more
Affected Products : sd_8cx_firmware sdm660_firmware msm8996au_firmware sd_450_firmware sd_625_firmware sd_820_firmware sd_820a_firmware sd_835_firmware qcs605_firmware sd_675_firmware +62 more products- EPSS Score: %0.33
- Published: Nov. 06, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-2325
Out of boundary access due to token received from ADSP and is used without validation as an index into the array in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voic... Read more
Affected Products : sdm660_firmware msm8996au_firmware sd_450_firmware sd_625_firmware sd_820_firmware sd_820a_firmware sd_835_firmware mdm9150_firmware qcs605_firmware sd_675_firmware +78 more products- EPSS Score: %0.33
- Published: Nov. 06, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-11996
Potential security vulnerabilities have been identified with HPE Nimble Storage systems in multi array group configurations. The vulnerabilities could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, a... Read more
Affected Products : nimbleos nimble_storage_af20_all_flash_array nimble_storage_af20q_all_flash_dual_controller nimble_storage_af40_all_flash_dual_controller nimble_storage_af60_all_flash_dual_controller nimble_storage_af80_all_flash_dual_controller nimble_storage_cs3000 nimble_storage_cs5000 nimble_storage_cs7000 nimble_storage_secondary_flash_arrays- EPSS Score: %0.44
- Published: Nov. 07, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2018-17916
InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. A remote attacker could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, a... Read more
- EPSS Score: %9.84
- Published: Nov. 02, 2018
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2013-4656
Symlink Traversal vulnerability in ASUS RT-AC66U and RT-N56U due to misconfiguration in the SMB service.... Read more
- EPSS Score: %0.74
- Published: Nov. 13, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2013-4657
Symlink Traversal vulnerability in NETGEAR WNR3500U and WNR3500L due to misconfiguration in the SMB service.... Read more
- EPSS Score: %0.52
- Published: Nov. 13, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2013-3367
Undocumented TELNET service in TRENDnet TEW-691GR and TEW-692GR when a web page named backdoor contains an HTML parameter of password and a value of j78G¬DFdg_24Mhw3.... Read more
- EPSS Score: %0.51
- Published: Nov. 13, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-15800
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Due to lack of input validation in the cmd_sys_traceroute_exec(), cmd_sys_arp_clear(), and cmd_sys_ping_exec() functions in the libclicmd.so library contained in the firm... Read more
Affected Products : gs1900-8_firmware gs1900-24_firmware gs1900-8hp_firmware gs1900-10hp_firmware gs1900-16_firmware gs1900-24e_firmware gs1900-24hp_firmware gs1900-48_firmware gs1900-48hp_firmware gs1900-48 +8 more products- EPSS Score: %3.08
- Published: Nov. 14, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2013-7171
Slackware 14.0 and 14.1, and Slackware LLVM 3.0-i486-2 and 3.3-i486-2, contain world-writable permissions on the /tmp directory which could allow remote attackers to execute arbitrary code with root privileges.... Read more
Affected Products : slackware_linux- EPSS Score: %4.07
- Published: Nov. 21, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-2289
Lack of integrity check allows MODEM to accept any NAS messages which can result into authentication bypass of NAS in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Vo... Read more
Affected Products : sdx55_firmware sdm660_firmware sm8150_firmware sm8250_firmware sxr2130_firmware msm8996au_firmware apq8096au_firmware qcs605_firmware sdx24_firmware apq8009_firmware +100 more products- EPSS Score: %0.05
- Published: Nov. 21, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-15958
A vulnerability in the REST API of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated remote attacker to execute arbitrary code with root privileges on the underlying operating system. The ... Read more
- EPSS Score: %2.48
- Published: Nov. 26, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-12489
An issue was discovered on Fastweb Askey RTV1907VW 0.00.81_FW_200_Askey 2018-10-02 18:08:18 devices. By using the usb_remove service through an HTTP request, it is possible to inject and execute a command between two & characters in the mount parameter.... Read more
- EPSS Score: %11.49
- Published: Nov. 26, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2011-2523
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.... Read more
- EPSS Score: %94.23
- Published: Nov. 27, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-12503
Due to unencrypted and unauthenticated data communication, the wireless barcode scanner Inateck BCST-60 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware... Read more
- EPSS Score: %0.34
- Published: Dec. 02, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-17556
Apache Olingo versions 4.0.0 to 4.6.0 provide the AbstractService class, which is public API, uses ObjectInputStream and doesn't check classes being deserialized. If an attacker can feed malicious metadata to the class, then it may result in running attac... Read more
Affected Products : olingo- EPSS Score: %0.78
- Published: Dec. 04, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-18671
Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes in the .bss segment via crafted messages. The vulnerability could allow code execution or other forms of impact. It c... Read more
- EPSS Score: %5.93
- Published: Dec. 06, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-4521
Platform System Manager in IBM Cloud Pak System 2.3 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 165179.... Read more
Affected Products : cloud_pak_system- EPSS Score: %1.04
- Published: Dec. 10, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-17270
Yachtcontrol through 2019-10-06: It's possible to perform direct Operating System commands as an unauthenticated user via the "/pages/systemcall.php?command={COMMAND}" page and parameter, where {COMMAND} will be executed and returning the results to the c... Read more
Affected Products : yachtcontrol- EPSS Score: %93.13
- Published: Dec. 10, 2019
- Modified: Nov. 21, 2024