Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-10995 1 Abb 16 Cp651, Cp651-web, Cp651-web Firmware and 13 more 2020-01-24 5.8 MEDIUM 8.8 HIGH
ABB CP651 HMI products revision BSP UN30 v1.76 and prior implement hidden administrative accounts that are used during the provisioning phase of the HMI interface.
CVE-2015-2326 2 Opensuse, Pcre 2 Opensuse, Pcre 2020-01-24 4.3 MEDIUM 5.5 MEDIUM
The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/".
CVE-2019-10606 1 Qualcomm 16 Mdm9607, Mdm9607 Firmware, Msm8909w and 13 more 2020-01-24 7.2 HIGH 7.8 HIGH
Out-of-bound access will occur in USB driver due to lack of check to validate the frame size passed by user in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9607, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, QCS605, SDX24
CVE-2015-0558 1 Adbglobal 2 P.dga4001n, P.dga4001n Firmware 2020-01-24 5.0 MEDIUM 5.3 MEDIUM
The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6, and possibly other routers, uses "1236790" and the MAC address to generate the WPA key.
CVE-2015-8367 1 Libraw 1 Libraw 2020-01-24 7.5 HIGH 9.8 CRITICAL
The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization.
CVE-2019-14023 1 Qualcomm 20 Mdm9607, Mdm9607 Firmware, Nicobar and 17 more 2020-01-24 7.2 HIGH 7.8 HIGH
String format issue will occur while processing HLOS data as there is no user input validation to ensure inputs are properly NULL terminated before string copy in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, Nicobar, Rennell, SA6155P, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130
CVE-2019-14024 1 Qualcomm 34 Msm8917, Msm8917 Firmware, Msm8953 and 31 more 2020-01-24 7.2 HIGH 7.8 HIGH
Possible stack-use-after-scope issue in NFC usecase for card emulation in Snapdragon Auto, Snapdragon Industrial IOT, Snapdragon Mobile in MSM8917, MSM8953, Nicobar, QM215, Rennell, SDM429, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR2130
CVE-2019-14036 1 Qualcomm 20 Apq8064, Apq8064 Firmware, Apq8096au and 17 more 2020-01-24 7.2 HIGH 7.8 HIGH
Possible buffer overflow issue in error processing due to improper validation of array index value in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8064, APQ8096AU, IPQ4019, IPQ8064, IPQ8074, MDM9607, MDM9615, MDM9640, MSM8996AU, QCN7605
CVE-2020-6306 1 Sap 1 Leasing 2020-01-24 4.0 MEDIUM 2.7 LOW
Missing authorization check in a transaction within SAP Leasing (update provided in SAP_APPL 6.18, EA-APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16 and 6.17).
CVE-2020-6304 1 Sap 5 Netweaver Internet Communication Manager \(kernel\), Netweaver Internet Communication Manager \(krnl32nuc\), Netweaver Internet Communication Manager \(krnl32uc\) and 2 more 2020-01-24 5.0 MEDIUM 7.5 HIGH
Improper input validation in SAP NetWeaver Internet Communication Manager (update provided in KRNL32NUC & KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT KRNL64NUC & KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49 KERNEL 7.21, 7.49, 7.53) allows an attacker to prevent users from accessing its services through a denial of service.
CVE-2020-6303 1 Sap 1 Disclosure Management 2020-01-24 3.5 LOW 5.4 MEDIUM
SAP Disclosure Management, before version 10.1, does not validate user input properly in specific use cases leading to Cross-Site Scripting.
CVE-2019-10083 1 Apache 1 Nifi 2020-01-24 5.0 MEDIUM 5.3 MEDIUM
When updating a Process Group via the API in NiFi versions 1.3.0 to 1.9.2, the response to the request includes all of its contents (at the top most level, not recursively). The response included details about processors and controller services which the user may not have had read access to.
CVE-2019-12421 1 Apache 1 Nifi 2020-01-24 6.5 MEDIUM 8.8 HIGH
When using an authentication mechanism other than PKI, when the user clicks Log Out in NiFi versions 1.0.0 to 1.9.2, NiFi invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours after logging out to make API requests to NiFi.
CVE-2020-7211 3 Libslirp Project, Microsoft, Qemu 3 Libslirp, Windows, Qemu 2020-01-23 5.0 MEDIUM 7.5 HIGH
tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows.
CVE-2019-19834 1 Ruckuswireless 17 C110, E510, H320 and 14 more 2020-01-23 6.5 MEDIUM 7.2 HIGH
Directory Traversal in ruckus_cli2 in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote attacker to jailbreak the CLI via enable->debug->script->exec with ../../../bin/sh as the parameter.
CVE-2019-19836 1 Ruckuswireless 17 C110, E510, H320 and 14 more 2020-01-23 7.5 HIGH 9.8 CRITICAL
AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote code execution via a POST request that uses tools/_rcmdstat.jsp to write to a specified filename.
CVE-2020-7234 1 Ruckuswireless 2 R310, R310 Firmware 2020-01-23 3.5 LOW 4.8 MEDIUM
Ruckus ZoneFlex R310 104.0.0.0.1347 devices allow Stored XSS via the SSID field on the Configuration > Radio 2.4G > Wireless X screen (after a successful login to the super account).
CVE-2011-2668 1 Mozilla 1 Firefox 2020-01-23 6.8 MEDIUM 8.8 HIGH
Mozilla Firefox through 1.5.0.3 has a vulnerability in processing the content-length header
CVE-2011-2669 1 Mozilla 1 Firefox 2020-01-23 4.3 MEDIUM 6.5 MEDIUM
Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of certificates.
CVE-2020-7236 1 Uhp 2 Uhp-100, Uhp-100 Firmware 2020-01-23 4.3 MEDIUM 6.1 MEDIUM
UHP UHP-100 3.4.1.15, 3.4.2.4, and 3.4.3 devices allow XSS via cw2?td= (Site Name field of the Site Setup section).
CVE-2020-7235 1 Uhp 2 Uhp-100, Uhp-100 Firmware 2020-01-23 4.3 MEDIUM 6.1 MEDIUM
UHP UHP-100 3.4.1.15, 3.4.2.4, and 3.4.3 devices allow XSS via cB3?ta= (profile title).
CVE-2019-19838 1 Ruckuswireless 17 C110, E510, H320 and 14 more 2020-01-23 10.0 HIGH 9.8 CRITICAL
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=get-platform-depends to admin/_cmdstat.jsp via the uploadFile attribute.
CVE-2019-19839 1 Ruckuswireless 17 C110, E510, H320 and 14 more 2020-01-23 10.0 HIGH 9.8 CRITICAL
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=import-category to admin/_cmdstat.jsp via the uploadFile attribute.
CVE-2020-7058 1 Cacti 1 Cacti 2020-01-23 6.5 MEDIUM 8.8 HIGH
** DISPUTED ** data_input.php in Cacti 1.2.8 allows remote code execution via a crafted Input String to Data Collection -> Data Input Methods -> Unix -> Ping Host. NOTE: the vendor has stated "This is a false alarm."
CVE-2011-4094 1 Jara Project 1 Jara 2020-01-23 7.5 HIGH 9.8 CRITICAL
Jara 1.6 has a SQL injection vulnerability.
CVE-2019-20394 1 Cesnet 1 Libyang 2020-01-23 6.8 MEDIUM 8.8 HIGH
A double-free is present in libyang before v1.0-r3 in the function yyparse() when a type statement in used in a notification statement. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.
CVE-2019-20393 1 Cesnet 1 Libyang 2020-01-23 6.8 MEDIUM 8.8 HIGH
A double-free is present in libyang before v1.0-r1 in the function yyparse() when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.
CVE-2019-20392 1 Cesnet 1 Libyang 2020-01-23 4.3 MEDIUM 6.5 MEDIUM
An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash.
CVE-2019-20397 1 Cesnet 1 Libyang 2020-01-23 6.8 MEDIUM 8.8 HIGH
A double-free is present in libyang before v1.0-r1 in the function yyparse() when an organization field is not terminated. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.
CVE-2019-20391 1 Cesnet 1 Libyang 2020-01-23 4.3 MEDIUM 6.5 MEDIUM
An invalid memory access flaw is present in libyang before v1.0-r3 in the function resolve_feature_value() when an if-feature statement is used inside a bit. Applications that use libyang to parse untrusted input yang files may crash.
CVE-2019-18273 1 Osisoft 1 Pi Vision 2020-01-23 3.5 LOW 4.8 MEDIUM
OSIsoft PI Vision, PI Vision 2017 R2 and PI Vision 2017 R2 SP1. The affected product is vulnerable to cross-site scripting, which may allow invalid input to be introduced.
CVE-2019-20398 1 Cesnet 1 Libyang 2020-01-23 4.3 MEDIUM 6.5 MEDIUM
A NULL pointer dereference is present in libyang before v1.0-r3 in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang to parse untrusted input yang files may crash.
CVE-2019-18271 1 Osisoft 1 Pi Vision 2020-01-23 6.8 MEDIUM 8.8 HIGH
OSIsoft PI Vision, All versions of PI Vision prior to 2019. The affected product is vulnerable to a cross-site request forgery that may be introduced on the PI Vision administration site.
CVE-2009-5068 1 Simplemachines 1 Simple Machines Forum 2020-01-23 3.5 LOW 7.2 HIGH
There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. On some configurations a SMF deployment is shared by several "co-admins" that are not trusted beyond the SMF deployment. This vulnerability allows them to read arbitrary files on the filesystem and therefore gain new privileges by reading the settings.php with the database passwords.
CVE-2019-10532 1 Qualcomm 82 Apq8009, Apq8009 Firmware, Apq8017 and 79 more 2020-01-23 10.0 HIGH 9.8 CRITICAL
Null-pointer dereference issue can occur while calculating string length when source string length is zero in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, Nicobar, QCS605, QM215, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR1130, SXR2130
CVE-2019-10548 1 Qualcomm 68 Apq8009, Apq8009 Firmware, Apq8053 and 65 more 2020-01-23 7.2 HIGH 7.8 HIGH
While trying to obtain datad ipc handle during DPL initialization, Heap use-after-free issue can occur if modem SSR occurs at same time in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SXR1130
CVE-2019-10558 1 Qualcomm 82 Apq8009, Apq8009 Firmware, Apq8017 and 79 more 2020-01-23 7.2 HIGH 7.8 HIGH
While transferring data from APPS to DSP, Out of bound in FastRPC HLOS Driver due to the data buffer which can be controlled by DSP in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS605, QM215, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM6150, SM8150, SM8250, SXR1130, SXR2130
CVE-2019-10561 1 Qualcomm 56 Apq8009, Apq8009 Firmware, Apq8017 and 53 more 2020-01-23 5.0 MEDIUM 5.5 MEDIUM
Improper initialization of local variables which are parameters to sfs api may cause invalid pointer dereference and leads to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9206, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QM215, SDA660, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660
CVE-2019-10578 1 Qualcomm 90 Apq8009, Apq8009 Firmware, Apq8017 and 87 more 2020-01-23 7.8 HIGH 7.5 HIGH
Null pointer dereference can occur while parsing the clip which is nonstandard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, Rennell, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130
CVE-2019-10579 1 Qualcomm 94 Apq8009, Apq8009 Firmware, Apq8017 and 91 more 2020-01-23 9.4 HIGH 9.1 CRITICAL
Buffer over-read can occur while playing the video clip which is not standard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130
CVE-2011-2714 1 Drupal 2 Data, Drupal 2020-01-23 4.3 MEDIUM 6.1 MEDIUM
A Cross-Site Scripting vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table descriptions, field names, or labels before display.
CVE-2019-10581 1 Qualcomm 56 Apq8009, Apq8009 Firmware, Apq8053 and 53 more 2020-01-23 10.0 HIGH 9.8 CRITICAL
NULL is assigned to local instance of audio device pointer after free instead of global static pointer and can lead to use after free issue in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, MDM9206, MDM9207C, MDM9607, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8998, Nicobar, QCS605, Rennell, SA6155P, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130
CVE-2019-10611 1 Qualcomm 80 Apq8009, Apq8009 Firmware, Apq8017 and 77 more 2020-01-23 10.0 HIGH 9.8 CRITICAL
Buffer overflow can occur while processing clip due to lack of check of object size before parsing in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, Nicobar, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR1130, SXR2130
CVE-2019-14008 1 Qualcomm 16 Mdm9150, Mdm9150 Firmware, Mdm9607 and 13 more 2020-01-23 7.8 HIGH 7.5 HIGH
Possible null pointer dereference issue in location assistance data processing due to missing null check on resources before using it in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9607, MDM9650, SDM660, SDM845, SM8150, SM8250, SXR2130
CVE-2019-14013 1 Qualcomm 94 Apq8009, Apq8009 Firmware, Apq8017 and 91 more 2020-01-23 10.0 HIGH 9.8 CRITICAL
While parsing invalid super index table, elements within super index table may exceed total chunk size and invalid data is read into the table in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCM2150, QCS405, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130
CVE-2019-14014 1 Qualcomm 16 Nicobar, Nicobar Firmware, Sdm670 and 13 more 2020-01-23 10.0 HIGH 9.8 CRITICAL
Possible buffer overflow when byte array receives incorrect input from reading source as array is not null terminated in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in Nicobar, SDM670, SDM710, SDM845, SM6150, SM8150, SM8250, SXR2130
CVE-2011-4095 1 Jara Project 1 Jara 2020-01-23 4.3 MEDIUM 6.1 MEDIUM
Jara 1.6 has an XSS vulnerability
CVE-2017-2371 1 Apple 1 Iphone Os 2020-01-23 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the "WebKit" component, which allows remote attackers to launch popups via a crafted web site.
CVE-2017-5592 1 Profanity Project 1 Profanity 2020-01-23 4.3 MEDIUM 5.9 MEDIUM
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for profanity (0.4.7 - 0.5.0).
CVE-2017-5630 1 Php 1 Pear 2020-01-23 5.0 MEDIUM 7.5 HIGH
PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite.