Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10498 | 1 Qualcomm | 88 Mdm9150, Mdm9150 Firmware, Mdm9206 and 85 more | 2019-10-02 | 4.6 MEDIUM | 7.8 HIGH |
| Buffer overflow scenario if the client sends more than 5 io_vec requests to the server in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 | |||||
| CVE-2019-10497 | 1 Qualcomm | 86 Mdm9150, Mdm9150 Firmware, Mdm9206 and 83 more | 2019-10-02 | 4.6 MEDIUM | 7.8 HIGH |
| Use after free issue occurs If another instance of open for voice_svc node has been called from application without closing the previous one. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 | |||||
| CVE-2019-10489 | 1 Qualcomm | 84 Mdm9206, Mdm9206 Firmware, Mdm9607 and 81 more | 2019-10-02 | 7.8 HIGH | 7.5 HIGH |
| Possible null-pointer dereference can occur while parsing avi clip during copy in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20 | |||||
| CVE-2019-9386 | 1 Google | 1 Android | 2019-10-02 | 6.9 MEDIUM | 7.3 HIGH |
| In NFC server, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122361874 | |||||
| CVE-2017-18636 | 1 Esafenet | 1 Cdg | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| CDG through 2017-01-01 allows downloadDocument.jsp?command=download&pathAndName= directory traversal. | |||||
| CVE-2019-9250 | 1 Google | 1 Android | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120276962 | |||||
| CVE-2019-9358 | 1 Google | 1 Android | 2019-10-02 | 4.4 MEDIUM | 7.3 HIGH |
| In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to a to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120156401 | |||||
| CVE-2019-9309 | 1 Google | 1 Android | 2019-10-02 | 4.4 MEDIUM | 7.3 HIGH |
| In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to a to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117985575 | |||||
| CVE-2017-8928 | 1 Mailcow | 1 Mailcow\ | 2019-10-02 | 6.8 MEDIUM | 8.8 HIGH |
| mailcow 0.14, as used in "mailcow: dockerized" and other products, has CSRF. | |||||
| CVE-2019-16743 | 1 Ebrigade | 1 Ebrigade | 2019-10-02 | 6.5 MEDIUM | 8.8 HIGH |
| eBrigade before 5.0 has evenement_ical.php evenement SQL Injection. | |||||
| CVE-2019-9281 | 1 Google | 1 Android | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| In GoogleContactsSyncAdapter, there is a possible path traversal due to improper input sanitization. This could lead to a bypass of user interaction requirements with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-32748076 | |||||
| CVE-2019-10510 | 1 Qualcomm | 24 Qcs405, Qcs405 Firmware, Qcs605 and 21 more | 2019-10-02 | 8.5 HIGH | 8.2 HIGH |
| BT process died and BT toggled due to null pointer dereference when invalid vendor pass through command sent from remote in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS405, QCS605, SD 636, SD 675, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM630, SDM660 | |||||
| CVE-2019-10508 | 1 Qualcomm | 52 Mdm9150, Mdm9150 Firmware, Mdm9206 and 49 more | 2019-10-02 | 4.6 MEDIUM | 7.8 HIGH |
| Lack of input validation for data received from user space can lead to OOB access in WLAN in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 430, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 650/52, SD 820A, SDX20 | |||||
| CVE-2019-15862 | 1 Cksource | 1 Ckfinder | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in CKFinder through 2.6.2.1. Improper checks of file names allows remote attackers to upload files without any extension (even if the application was configured to accept files only with a defined set of extensions). This affects CKFinder for ASP, CKFinder for ASP.NET, CKFinder for ColdFusion, and CKFinder for PHP. | |||||
| CVE-2019-10507 | 1 Qualcomm | 70 Mdm9150, Mdm9150 Firmware, Mdm9206 and 67 more | 2019-10-02 | 4.6 MEDIUM | 7.8 HIGH |
| Lack of check of extscan change results received from firmware can lead to an out of buffer read in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS605, SD 210/SD 212/SD 205, SD 425, SD 430, SD 600, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24 | |||||
| CVE-2019-10506 | 1 Qualcomm | 52 Mdm9206, Mdm9206 Firmware, Mdm9607 and 49 more | 2019-10-02 | 4.6 MEDIUM | 7.8 HIGH |
| While processing QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY vendor command, driver does not validate the data obtained from the user space which could be invalid and thus leads to an undesired behaviour in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS605, SD 600, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM630, SDM660, SDX24 | |||||
| CVE-2019-9405 | 1 Google | 1 Android | 2019-10-02 | 6.8 MEDIUM | 8.8 HIGH |
| In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112890225 | |||||
| CVE-2019-9285 | 1 Google | 1 Android | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111215315 | |||||
| CVE-2019-9284 | 1 Google | 1 Android | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure, with no additional privileges required. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111850706 | |||||
| CVE-2019-9265 | 1 Google | 1 Android | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| In Bluetooth, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-37994606 | |||||
| CVE-2019-6831 | 1 Schneider-electric | 2 Bmxnor0200h, Bmxnor0200h Firmware | 2019-10-02 | 5.0 MEDIUM | 8.6 HIGH |
| A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause disconnection of active connections when an unusually high number of IEC 60870- 5-104 packets are received by the module on port 2404/TCP. | |||||
| CVE-2019-6810 | 1 Schneider-electric | 2 Bmxnor0200h, Bmxnor0200h Firmware | 2019-10-02 | 6.5 MEDIUM | 8.8 HIGH |
| CWE-284: Improper Access Control vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause the execution of commands by unauthorized users when using IEC 60870-5-104 protocol. | |||||
| CVE-2019-9258 | 1 Google | 1 Android | 2019-10-02 | 4.6 MEDIUM | 7.8 HIGH |
| In wifilogd, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113655028 | |||||
| CVE-2019-9260 | 1 Google | 1 Android | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| In Bluetooth, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113495295 | |||||
| CVE-2019-10499 | 1 Qualcomm | 16 Ipq4019, Ipq4019 Firmware, Ipq8064 and 13 more | 2019-10-02 | 7.2 HIGH | 7.8 HIGH |
| Improper validation of read and write index of tx and rx fifo`s before using for data copy from fifo can lead to out-of-bound access. in Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, QCS405, SD 665, SD 675, SD 730, SD 855 | |||||
| CVE-2018-9425 | 1 Google | 1 Android | 2019-10-02 | 4.6 MEDIUM | 7.8 HIGH |
| In Platform, there is a possible bypass of user interaction requirements due to missing permission checks. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-73884967 | |||||
| CVE-2019-1914 | 1 Cisco | 22 Sf-220-24, Sf-220-24 Firmware, Sf220-24p and 19 more | 2019-10-01 | 9.0 HIGH | 7.2 HIGH |
| A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious request to certain parts of the web management interface. To send the malicious request, the attacker needs a valid login session in the web management interface as a privilege level 15 user. Depending on the configuration of the affected switch, the malicious request must be sent via HTTP or HTTPS. A successful exploit could allow the attacker to execute arbitrary shell commands with the privileges of the root user. | |||||
| CVE-2019-9234 | 1 Google | 1 Android | 2019-10-01 | 5.0 MEDIUM | 7.5 HIGH |
| In wpa_supplicant_8, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122465453 | |||||
| CVE-2019-9332 | 1 Google | 1 Android | 2019-10-01 | 5.0 MEDIUM | 7.5 HIGH |
| In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-78286500 | |||||
| CVE-2019-9326 | 1 Google | 1 Android | 2019-10-01 | 5.0 MEDIUM | 7.5 HIGH |
| In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111215173 | |||||
| CVE-2018-19592 | 1 Corsair | 19 Axi, Commander Mini, Commander Pro and 16 more | 2019-10-01 | 7.2 HIGH | 7.8 HIGH |
| The "CLink4Service" service is installed with Corsair Link 4.9.7.35 with insecure permissions by default. This allows unprivileged users to take control of the service and execute commands in the context of NT AUTHORITY\SYSTEM, leading to total system takeover, a similar issue to CVE-2018-12441. | |||||
| CVE-2019-2141 | 1 Google | 1 Android | 2019-10-01 | 6.8 MEDIUM | 8.8 HIGH |
| In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112705155 | |||||
| CVE-2019-13106 | 1 Denx | 1 U-boot | 2019-10-01 | 8.3 HIGH | 7.8 HIGH |
| Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution. | |||||
| CVE-2019-9279 | 1 Google | 1 Android | 2019-10-01 | 5.0 MEDIUM | 7.5 HIGH |
| In the wifi hotspot service, there is a possible denial of service due to a null pointer dereference. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-110476382 | |||||
| CVE-2019-9241 | 1 Google | 1 Android | 2019-10-01 | 5.0 MEDIUM | 7.5 HIGH |
| In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-121036603 | |||||
| CVE-2019-9328 | 1 Google | 1 Android | 2019-10-01 | 5.0 MEDIUM | 7.5 HIGH |
| In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure, with no additional privileges required. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111895000 | |||||
| CVE-2019-9311 | 1 Google | 1 Android | 2019-10-01 | 5.0 MEDIUM | 7.5 HIGH |
| In Bluetooth, there is a possible crash due to an integer overflow. This could lead to remote denial of service on incoming calls with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-79431031 | |||||
| CVE-2019-9330 | 1 Google | 1 Android | 2019-10-01 | 5.0 MEDIUM | 7.5 HIGH |
| In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111214739 | |||||
| CVE-2019-6161 | 1 Lenovo | 2 Cp Storage Block, Cp Storage Block Firmware | 2019-10-01 | 5.0 MEDIUM | 7.5 HIGH |
| An internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB (Storage Block) BMC in firmware versions prior to 1908.M. This vulnerability allows session IDs to be reused, which could provide unauthorized access to the BMC under certain circumstances. This vulnerability does not affect ThinkSystem XCC, System x IMM2, or other BMCs. | |||||
| CVE-2019-9286 | 1 Google | 1 Android | 2019-10-01 | 5.0 MEDIUM | 7.5 HIGH |
| In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111213909 | |||||
| CVE-2019-2087 | 1 Google | 1 Android | 2019-10-01 | 6.8 MEDIUM | 8.8 HIGH |
| In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118149009 | |||||
| CVE-2019-2086 | 1 Google | 1 Android | 2019-10-01 | 6.8 MEDIUM | 8.8 HIGH |
| In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-114735603 | |||||
| CVE-2019-2085 | 1 Google | 1 Android | 2019-10-01 | 6.8 MEDIUM | 8.8 HIGH |
| In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117496180 | |||||
| CVE-2019-2084 | 1 Google | 1 Android | 2019-10-01 | 6.8 MEDIUM | 8.8 HIGH |
| In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117494734 | |||||
| CVE-2019-2083 | 1 Google | 1 Android | 2019-10-01 | 6.8 MEDIUM | 8.8 HIGH |
| In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117495362 | |||||
| CVE-2019-2080 | 1 Google | 1 Android | 2019-10-01 | 6.8 MEDIUM | 8.8 HIGH |
| In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118619159 | |||||
| CVE-2019-2078 | 1 Google | 1 Android | 2019-10-01 | 6.8 MEDIUM | 8.8 HIGH |
| In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-114749542 | |||||
| CVE-2019-2077 | 1 Google | 1 Android | 2019-10-01 | 6.8 MEDIUM | 8.8 HIGH |
| In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-114745929 | |||||
| CVE-2019-2075 | 1 Google | 1 Android | 2019-10-01 | 6.8 MEDIUM | 8.8 HIGH |
| In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115908308 | |||||
| CVE-2019-2076 | 1 Google | 1 Android | 2019-10-01 | 6.8 MEDIUM | 8.8 HIGH |
| In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115907334 | |||||