Weekly Vulnerabilities Reports > November 11 to 17, 2019
Overview
559 new vulnerabilities reported during this period, including 55 critical vulnerabilities and 254 high severity vulnerabilities. This weekly summary report vulnerabilities in 2122 products from 184 vendors including Microsoft, Intel, Debian, Samsung, and Google. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Write", "Improper Input Validation", "Information Exposure", and "Externally Controlled Reference to a Resource in Another Sphere".
- 252 reported vulnerabilities are remotely exploitables.
- 8 reported vulnerabilities have public exploit available.
- 89 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 230 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 72 reported vulnerabilities.
- Debian has the most reported critical vulnerabilities, with 9 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
55 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2019-11-14 | CVE-2019-14678 | SAS | XXE vulnerability in SAS Base SAS and XML Mapper SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. | 10.0 |
2019-11-12 | CVE-2019-1384 | Microsoft | Insufficiently Protected Credentials vulnerability in Microsoft products A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.To exploit this vulnerability, an attacker could send a specially crafted authentication request, aka 'Microsoft Windows Security Feature Bypass Vulnerability'. | 9.9 |
2019-11-17 | CVE-2019-19012 | Oniguruma Project Debian Fedoraproject Redhat | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. | 9.8 |
2019-11-16 | CVE-2019-19010 | Limnoria Project Fedoraproject | Code Injection vulnerability in multiple products Eval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot (through 2018-05-09) allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands. | 9.8 |
2019-11-15 | CVE-2019-13582 | Marvell | Out-of-bounds Write vulnerability in Marvell 88W8688 Firmware An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. | 9.8 |
2019-11-15 | CVE-2019-13581 | Marvell | Out-of-bounds Write vulnerability in Marvell 88W8688 Firmware An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. | 9.8 |
2019-11-15 | CVE-2011-0703 | Gksu Polkit Project Debian | Improper Input Validation vulnerability in multiple products In gksu-polkit before 0.0.3, the source file for xauth may contain arbitrary commands that may allow an attacker to overtake an administrator X11 session. | 9.8 |
2019-11-15 | CVE-2013-7088 | Clamav Debian Fedoraproject | Classic Buffer Overflow vulnerability in multiple products ClamAV before 0.97.7 has buffer overflow in the libclamav component | 9.8 |
2019-11-15 | CVE-2013-7087 | Clamav Debian Fedoraproject | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products ClamAV before 0.97.7 has WWPack corrupt heap memory | 9.8 |
2019-11-15 | CVE-2019-14345 | Vocabularyserver | Unspecified vulnerability in Vocabularyserver Tematres 3.0 TemaTres 3.0 allows remote unprivileged users to create an administrator account | 9.8 |
2019-11-15 | CVE-2019-18985 | Pimcore | Improper Restriction of Excessive Authentication Attempts vulnerability in Pimcore Pimcore before 6.2.2 lacks brute force protection for the 2FA token. | 9.8 |
2019-11-15 | CVE-2019-18981 | Pimcore | Inappropriate Encoding for Output Context vulnerability in Pimcore Pimcore before 6.2.2 lacks an Access Denied outcome for a certain scenario of an incorrect recipient ID of a notification. | 9.8 |
2019-11-15 | CVE-2019-18928 | Cyrus Fedoraproject Debian | Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection. | 9.8 |
2019-11-14 | CVE-2019-15800 | Zyxel | OS Command Injection vulnerability in Zyxel products An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. | 9.8 |
2019-11-14 | CVE-2013-4108 | Cryptocat Project | Unspecified vulnerability in Cryptocat Project Cryptocat 2.0.18 Multiple unspecified vulnerabilities in Cryptocat Project Cryptocat 2.0.18 have unknown impact and attack vectors. | 9.8 |
2019-11-14 | CVE-2019-18939 | EQ 3 HM Print Project | Missing Authentication for Critical Function vulnerability in multiple products eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the HM-Print AddOn through 1.2a installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the exec.cgi and exec1.cgi scripts, which execute TCL script content from an HTTP POST request. | 9.8 |
2019-11-14 | CVE-2019-18938 | EQ 3 HM Email Project | Missing Authentication for Critical Function vulnerability in multiple products eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the E-Mail AddOn through 1.6.8.c installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the save.cgi script for payload upload and the testtcl.cgi script for its execution. | 9.8 |
2019-11-14 | CVE-2019-18937 | EQ 3 Scriptparser Project | Missing Authentication for Critical Function vulnerability in multiple products eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the Script Parser AddOn through 1.8 installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the exec.cgi script, which executes TCL script content from an HTTP POST request. | 9.8 |
2019-11-14 | CVE-2013-3072 | Netgear | Improper Authentication vulnerability in Netgear Wndr4700 Firmware 1.0.0.34 An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in http://<router_ip>/apply.cgi?/hdd_usr_setup.htm that when visited by any user, authenticated or not, causes the router to no longer require a password to access the web administration portal. | 9.8 |
2019-11-14 | CVE-2013-3073 | Netgear | Path Traversal vulnerability in Netgear Wndr4700 Firmware 1.0.0.34 A Symlink Traversal vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34. | 9.8 |
2019-11-14 | CVE-2019-11171 | Intel | Out-of-bounds Write vulnerability in Intel Baseboard Management Controller Firmware 2.09 Heap corruption in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure, escalation of privilege and/or denial of service via network access. | 9.8 |
2019-11-14 | CVE-2019-8248 | Adobe | Out-of-bounds Write vulnerability in Adobe Illustrator CC Adobe Illustrator CC versions 23.1 and earlier have a memory corruption vulnerability. | 9.8 |
2019-11-14 | CVE-2019-8247 | Adobe | Out-of-bounds Write vulnerability in Adobe Illustrator CC Adobe Illustrator CC versions 23.1 and earlier have a memory corruption vulnerability. | 9.8 |
2019-11-14 | CVE-2019-8246 | Adobe | Out-of-bounds Write vulnerability in Adobe Media Encoder 13.0.2/13.1 Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds write vulnerability. | 9.8 |
2019-11-14 | CVE-2011-1930 | Klibc Project Debian | In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. | 9.8 |
2019-11-13 | CVE-2019-5029 | Exhibitor Project | OS Command Injection vulnerability in Exhibitor Project Exhibitor An exploitable command injection vulnerability exists in the Config editor of the Exhibitor Web UI versions 1.0.9 to 1.7.1. | 9.8 |
2019-11-13 | CVE-2019-18952 | Sibsoft | Unrestricted Upload of File with Dangerous Type vulnerability in Sibsoft Xfilesharing 2.5.1 SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary file upload. | 9.8 |
2019-11-13 | CVE-2019-18240 | Fujielectric | Out-of-bounds Write vulnerability in Fujielectric V-Server In Fuji Electric V-Server 4.0.6 and prior, several heap-based buffer overflows have been identified, which may allow an attacker to remotely execute arbitrary code. | 9.8 |
2019-11-13 | CVE-2013-3367 | Trendnet | Improper Authentication vulnerability in Trendnet Tew-691Gr Firmware and Tew-692Gr Firmware Undocumented TELNET service in TRENDnet TEW-691GR and TEW-692GR when a web page named backdoor contains an HTML parameter of password and a value of j78G¬DFdg_24Mhw3. | 9.8 |
2019-11-13 | CVE-2010-4533 | Debian Offlineimap | Improper Certificate Validation vulnerability in multiple products offlineimap before 6.3.4 added support for SSL server certificate validation but it is still possible to use SSL v2 protocol, which is a flawed protocol with multiple security deficiencies. | 9.8 |
2019-11-13 | CVE-2019-2205 | Use After Free vulnerability in Google Android In ProxyResolverV8::SetPacScript of proxy_resolver_v8.cc, there is a possible memory corruption due to a use after free. | 9.8 | |
2019-11-13 | CVE-2019-2204 | Out-of-bounds Read vulnerability in Google Android 9.0 In FindSharedFunctionInfo of objects.cc, there is a possible out of bounds read due to a mistake in AST traversal. | 9.8 | |
2019-11-13 | CVE-2019-2036 | Unspecified vulnerability in Google Android In okToConnect of HidHostService.java, there is a possible permission bypass due to an incorrect state check. | 9.8 | |
2019-11-13 | CVE-2013-4657 | Netgear | Path Traversal vulnerability in Netgear Wnr3500L Firmware and Wnr3500U Firmware Symlink Traversal vulnerability in NETGEAR WNR3500U and WNR3500L due to misconfiguration in the SMB service. | 9.8 |
2019-11-13 | CVE-2019-16948 | Enghouse | Server-Side Request Forgery (SSRF) vulnerability in Enghouse web Chat 6.1.300.31 An SSRF issue was discovered in Enghouse Web Chat 6.1.300.31. | 9.8 |
2019-11-13 | CVE-2013-4654 | TP Link | Path Traversal vulnerability in Tp-Link Tl-1043Nd Firmware and Tl-Wdr4300 Firmware Symlink Traversal vulnerability in TP-LINK TL-WDR4300 and TL-1043ND.. | 9.8 |
2019-11-13 | CVE-2013-4656 | Asus | Path Traversal vulnerability in Asus Rt-Ac66U Firmware and Rt-N56U Firmware Symlink Traversal vulnerability in ASUS RT-AC66U and RT-N56U due to misconfiguration in the SMB service. | 9.8 |
2019-11-12 | CVE-2019-6188 | Lenovo | Unspecified vulnerability in Lenovo products The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T460p, BIOS versions up to R07ET90W, and T470p, BIOS versions up to R0FET50W, which may allow for unauthorized access. | 9.8 |
2019-11-12 | CVE-2010-3438 | Libpoe Component IRC Perl Project Debian Fedoraproject | Use of Externally-Controlled Format String vulnerability in multiple products libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. | 9.8 |
2019-11-12 | CVE-2019-1449 | Microsoft | Unspecified vulnerability in Microsoft Office and Office 365 Proplus A security feature bypass vulnerability exists in the way that Office Click-to-Run (C2R) components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SYSTEM.To exploit this bug, an attacker would have to run a specially crafted file, aka 'Microsoft Office ClickToRun Security Feature Bypass Vulnerability'. | 9.8 |
2019-11-12 | CVE-2019-1373 | Microsoft | Deserialization of Untrusted Data vulnerability in Microsoft Exchange Server 2013/2016/2019 A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka 'Microsoft Exchange Remote Code Execution Vulnerability'. | 9.8 |
2019-11-12 | CVE-2019-12719 | AUO | Unrestricted Upload of File with Dangerous Type vulnerability in AUO Sunveillance Monitoring System & Data Recorder An issue was discovered in Picture_Manage_mvc.aspx in AUO SunVeillance Monitoring System before v1.1.9e. | 9.8 |
2019-11-12 | CVE-2019-18925 | Systematic | Missing Authentication for Critical Function vulnerability in Systematic Iris Webforms 5.4 Systematic IRIS WebForms 5.4 and its functionalities can be accessed and used without any form of authentication. | 9.8 |
2019-11-12 | CVE-2019-18655 | Upredsun | Out-of-bounds Write vulnerability in Upredsun File Sharing Wizard 1.5.0 File Sharing Wizard version 1.5.0 build 2008 is affected by a Structured Exception Handler based buffer overflow vulnerability. | 9.8 |
2019-11-12 | CVE-2019-18658 | Helm | Link Following vulnerability in Helm In Helm 2.x before 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide an opportunity for a maliciously designed chart to include sensitive content such as /etc/passwd, or to execute a denial of service (DoS) via a special file such as /dev/urandom, via symlinks. | 9.8 |
2019-11-12 | CVE-2011-2936 | Elgg | SQL Injection vulnerability in Elgg Elgg through 1.7.10 has a SQL injection vulnerability | 9.8 |
2019-11-12 | CVE-2011-2897 | Gnome Redhat Debian | Improper Input Validation vulnerability in multiple products gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw | 9.8 |
2019-11-11 | CVE-2019-18852 | Dlink | Cleartext Transmission of Sensitive Information vulnerability in Dlink products Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/image_sign or /etc/alpha_config/image_sign. | 9.8 |
2019-11-12 | CVE-2019-17330 | Tibco | Cross-site Scripting vulnerability in Tibco EBX The Web server component of TIBCO Software Inc.'s TIBCO EBX contains multiple vulnerabilities that theoretically allow authenticated users to perform stored cross-site scripting (XSS) attacks, and unauthenticated users to perform reflected cross-site scripting attacks. | 9.6 |
2019-11-14 | CVE-2019-15803 | Zyxel | Improper Authentication vulnerability in Zyxel products An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. | 9.1 |
2019-11-14 | CVE-2019-11168 | Intel | Unspecified vulnerability in Intel Baseboard Management Controller Firmware 2.09 Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access. | 9.1 |
2019-11-12 | CVE-2019-0721 | Microsoft | Improper Input Validation vulnerability in Microsoft products A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'. | 9.1 |
2019-11-12 | CVE-2019-0719 | Microsoft | Improper Input Validation vulnerability in Microsoft products A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'. | 9.1 |
2019-11-13 | CVE-2019-18839 | Fudforum | OS Command Injection vulnerability in Fudforum 3.0.9 FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. | 9.0 |
2019-11-12 | CVE-2019-18873 | Fudforum | OS Command Injection vulnerability in Fudforum 3.0.9 FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. | 9.0 |
254 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2019-11-15 | CVE-2019-14869 | Artifex Fedoraproject Opensuse | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. | 8.8 |
2019-11-14 | CVE-2019-15799 | Zyxel | Improper Privilege Management vulnerability in Zyxel products An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. | 8.8 |
2019-11-14 | CVE-2019-0140 | Intel | Classic Buffer Overflow vulnerability in Intel products Buffer overflow in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow an unauthenticated user to potentially enable an escalation of privilege via an adjacent access. | 8.8 |
2019-11-14 | CVE-2019-11152 | Intel | Out-of-bounds Write vulnerability in Intel products Memory corruption issues in Intel(R) WIFI Drivers before version 21.40 may allow a privileged user to potentially enable escalation of privilege, denial of service, and information disclosure via adjacent access. | 8.8 |
2019-11-14 | CVE-2019-3661 | Mcafee | SQL Injection vulnerability in Mcafee Advanced Threat Defense Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute database commands via carefully constructed time based payloads. | 8.8 |
2019-11-13 | CVE-2019-3660 | Mcafee | Unspecified vulnerability in Mcafee Advanced Threat Defense Improper Neutralization of HTTP requests in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute commands on the server remotely via carefully constructed HTTP requests. | 8.8 |
2019-11-13 | CVE-2019-3651 | Mcafee | Improper Privilege Management vulnerability in Mcafee Advanced Threat Defense Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to ePO as an administrator via using the atduser credentials, which were too permissive. | 8.8 |
2019-11-13 | CVE-2019-0389 | SAP | Unspecified vulnerability in SAP Netweaver Application Server Java An administrator of SAP NetWeaver Application Server Java (J2EE-Framework), (corrected in versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), may change privileges for all or some functions in Java Server, and enable users to execute functions, they are not allowed to execute otherwise. | 8.8 |
2019-11-13 | CVE-2013-3366 | Trendnet | Cross-Site Request Forgery (CSRF) vulnerability in Trendnet Tew-812Dru Firmware Undocumented TELNET service in TRENDnet TEW-812DRU when a web page named backdoor contains an HTML parameter of password and a value of j78G¬DFdg_24Mhw3. | 8.8 |
2019-11-13 | CVE-2010-4664 | Consolekit Project Debian Redhat | Improper Privilege Management vulnerability in multiple products In ConsoleKit before 0.4.2, an intended security policy restriction bypass was found. | 8.8 |
2019-11-13 | CVE-2014-1214 | Projoom | Unrestricted Upload of File with Dangerous Type vulnerability in Projoom Smart Flash Header 3.0.2 views/upload.php in the ProJoom Smart Flash Header (NovaSFH) component 3.0.2 and earlier for Joomla! allows remote attackers to upload and execute arbitrary files via a crafted (1) dest parameter and (2) arbitrary extension in the Filename parameter. | 8.8 |
2019-11-13 | CVE-2019-18884 | Fairsketch | Cross-Site Request Forgery (CSRF) vulnerability in Fairsketch Rise - Ultimate Project Manager 2.3 index.php/team_members/add_team_member in RISE Ultimate Project Manager 2.3 has CSRF for adding authorized users. | 8.8 |
2019-11-13 | CVE-2019-2206 | Out-of-bounds Write vulnerability in Google Android In rw_i93_sm_set_read_only of rw_i93.cc, there is a possible out of bounds write due to a missing bounds check. | 8.8 | |
2019-11-13 | CVE-2019-18279 | Phoenix | Unspecified vulnerability in Phoenix Securecore Technology 1.1.12.0/1.5.74.0 In Phoenix SCT WinFlash 1.1.12.0 through 1.5.74.0, the included drivers could be used by a malicious Windows application to gain elevated privileges. | 8.8 |
2019-11-13 | CVE-2019-18931 | Western Digital | Classic Buffer Overflow vulnerability in Western Digital MY Cloud EX2 Ultra Firmware 2.31.195 Western Digital My Cloud EX2 Ultra firmware 2.31.195 allows a Buffer Overflow with Extended Instruction Pointer (EIP) control via crafted GET/POST parameters. | 8.8 |
2019-11-13 | CVE-2019-18930 | Western Digital | Out-of-bounds Write vulnerability in Western Digital MY Cloud EX2 Ultra Firmware 2.31.183 Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest account) to remotely execute arbitrary code via a stack-based buffer overflow. | 8.8 |
2019-11-13 | CVE-2019-18929 | Western Digital | Out-of-bounds Write vulnerability in Western Digital MY Cloud EX2 Ultra Firmware 2.31.195 Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest accounts) to remotely execute arbitrary code via a download_mgr.cgi stack-based buffer overflow. | 8.8 |
2019-11-13 | CVE-2019-15948 | TI | Classic Buffer Overflow vulnerability in TI products Texas Instruments CC256x and WL18xx dual-mode Bluetooth controller devices, when LE scan mode is used, allow remote attackers to trigger a buffer overflow via a malformed Bluetooth Low Energy advertising packet, to cause a denial of service or potentially execute arbitrary code. | 8.8 |
2019-11-13 | CVE-2019-5233 | Huawei | Improper Authentication vulnerability in Huawei Taurus-Al00B Firmware 10.0.0.41(Sp2C00E41R3P2) Huawei smartphones with versions earlier than Taurus-AL00B 10.0.0.41(SP2C00E41R3P2) have an improper authentication vulnerability. | 8.8 |
2019-11-12 | CVE-2017-17224 | Huawei | NULL Pointer Dereference vulnerability in Huawei Hg655M Firmware Harryal00C9.1.0.206(C00E205R3P1) Some Huawei smart phones with versions earlier than Harry-AL00C 9.1.0.206(C00E205R3P1) have a null pointer dereference vulnerability. | 8.8 |
2019-11-12 | CVE-2010-3844 | Ettercap Project Debian | Classic Buffer Overflow vulnerability in multiple products An unchecked sscanf() call in ettercap before 0.7.5 allows an insecure temporary settings file to overflow a static-sized buffer on the stack. | 8.8 |
2019-11-12 | CVE-2010-3305 | Pixelpost | Cross-Site Request Forgery (CSRF) vulnerability in Pixelpost 1.7.3 Cross-site request forgery (CSRF) vulnerability in pixelpost 1.7.3 could allow remote attackers to change the admin password. | 8.8 |
2019-11-12 | CVE-2019-1456 | Microsoft | Out-of-bounds Write vulnerability in Microsoft products A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts, aka 'OpenType Font Parsing Remote Code Execution Vulnerability'. | 8.8 |
2019-11-12 | CVE-2019-1441 | Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Windows 7 and Windows Server 2008 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Win32k Graphics Remote Code Execution Vulnerability'. | 8.8 |
2019-11-12 | CVE-2019-1419 | Microsoft | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts, aka 'OpenType Font Parsing Remote Code Execution Vulnerability'. | 8.8 |
2019-11-12 | CVE-2019-17237 | Getigniteup | Cross-Site Request Forgery (CSRF) vulnerability in Getigniteup Igniteup includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows CSRF. | 8.8 |
2019-11-13 | CVE-2019-18837 | Crun Project Fedoraproject | Link Following vulnerability in multiple products An issue was discovered in crun before 0.10.5. | 8.6 |
2019-11-12 | CVE-2019-1398 | Microsoft | Improper Input Validation vulnerability in Microsoft products A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. | 8.4 |
2019-11-12 | CVE-2019-1397 | Microsoft | Improper Input Validation vulnerability in Microsoft products A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. | 8.4 |
2019-11-12 | CVE-2019-1389 | Microsoft | Improper Input Validation vulnerability in Microsoft products A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. | 8.4 |
2019-11-14 | CVE-2019-0142 | Intel | Unspecified vulnerability in Intel products Insufficient access control in ilp60x64.sys driver for Intel(R) Ethernet 700 Series Controllers before version 1.33.0.0 may allow a privileged user to potentially enable escalation of privilege via local access. | 8.2 |
2019-11-14 | CVE-2019-11137 | Intel HPE | Improper Input Validation vulnerability in multiple products Insufficient input validation in system firmware for Intel(R) Xeon(R) Scalable Processors, Intel(R) Xeon(R) Processors D Family, Intel(R) Xeon(R) Processors E5 v4 Family, Intel(R) Xeon(R) Processors E7 v4 Family and Intel(R) Atom(R) processor C Series may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. | 8.2 |
2019-11-14 | CVE-2012-1168 | Moodle Fedoraproject Redhat | Improper Input Validation vulnerability in multiple products Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified. | 8.2 |
2019-11-14 | CVE-2019-16110 | Blade Group | Unspecified vulnerability in Blade-Group Shadow 2.13.3 The network protocol of Blade Shadow though 2.13.3 allows remote attackers to take control of a Shadow instance and execute arbitrary code by only knowing the victim's IP address, because packet data can be injected into the unencrypted UDP packet stream. | 8.1 |
2019-11-14 | CVE-2019-15389 | Haier A6 Project | Unspecified vulnerability in Haier A6 Project Haier A6 Firmware The Haier A6 Android device with a build fingerprint of Haier/A6/A6:8.1.0/O11019/1534219877:userdebug/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.1.13). | 8.1 |
2019-11-14 | CVE-2019-15388 | Coolpad | Code Injection vulnerability in Coolpad Mega 5 Firmware The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.1.13). | 8.1 |
2019-11-14 | CVE-2019-15344 | Tecno Mobile | Unspecified vulnerability in Tecno-Mobile Camon Iclick Firmware The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). | 8.1 |
2019-11-14 | CVE-2019-11178 | Intel | Classic Buffer Overflow vulnerability in Intel Baseboard Management Controller Firmware 2.09 Stack overflow in Intel(R) Baseboard Management Controller firmware may allow an authenticated user to potentially enable information disclosure and/or denial of service via network access. | 8.1 |
2019-11-12 | CVE-2019-1424 | Microsoft | Unspecified vulnerability in Microsoft products A security feature bypass vulnerability exists when Windows Netlogon improperly handles a secure communications channel, aka 'NetLogon Security Feature Bypass Vulnerability'. | 8.1 |
2019-11-15 | CVE-2019-18372 | Symantec | Unspecified vulnerability in Symantec Endpoint Protection Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 7.8 |
2019-11-15 | CVE-2019-12759 | Symantec | Unspecified vulnerability in Symantec Endpoint Protection Manager and Mail Security Symantec Endpoint Protection Manager (SEPM) and Symantec Mail Security for MS Exchange (SMSMSE), prior to versions 14.2 RU2 and 7.5.x respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 7.8 |
2019-11-15 | CVE-2019-12757 | Symantec | Unspecified vulnerability in Symantec Endpoint Protection Symantec Endpoint Protection (SEP), prior to 14.2 RU2 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to 12.1 RU6 MP10d (12.1.7510.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 7.8 |
2019-11-15 | CVE-2018-18368 | Symantec | Improper Privilege Management vulnerability in Symantec Endpoint Protection Manager Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 7.8 |
2019-11-15 | CVE-2014-0023 | Redhat | Exposure of Resource to Wrong Sphere vulnerability in Redhat Openshift OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution | 7.8 |
2019-11-14 | CVE-2019-11931 | Out-of-bounds Write vulnerability in Whatsapp A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. | 7.8 | |
2019-11-14 | CVE-2019-11111 | Intel Netapp | NULL Pointer Dereference vulnerability in multiple products Pointer corruption in the Unified Shader Compiler in Intel(R) Graphics Drivers before 10.18.14.5074 (aka 15.36.x.5074) may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2019-11-14 | CVE-2019-0124 | Intel | Unspecified vulnerability in Intel products Insufficient memory protection in Intel(R) 6th Generation Core Processors and greater, supporting TXT, may allow a privileged user to potentially enable escalation of privilege via local access. | 7.8 |
2019-11-14 | CVE-2019-0123 | Intel | Unspecified vulnerability in Intel products Insufficient memory protection in Intel(R) 6th Generation Core Processors and greater, supporting SGX, may allow a privileged user to potentially enable escalation of privilege via local access. | 7.8 |
2019-11-14 | CVE-2019-11112 | Intel Netapp | Out-of-bounds Write vulnerability in multiple products Memory corruption in Kernel Mode Driver in Intel(R) Graphics Driver before 26.20.100.6813 (DCH) or 26.20.100.6812 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2019-11-14 | CVE-2019-0155 | Redhat Intel Canonical | Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2019-11-14 | CVE-2019-0145 | Intel Linux | Classic Buffer Overflow vulnerability in multiple products Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. | 7.8 |
2019-11-14 | CVE-2019-15465 | Samsung | Unspecified vulnerability in Samsung Galaxy J7 PRO Firmware The Samsung J7 Pro Android device with a build fingerprint of samsung/j7y17lteubm/j7y17lte:8.1.0/M1AJQ/J730GMUBS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15464 | Samsung | Unspecified vulnerability in Samsung Galaxy J7 PRO Firmware The Samsung J7 Pro Android device with a build fingerprint of samsung/j7y17lteub/j7y17lte:8.1.0/M1AJQ/J730GUBS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15463 | Samsung | Unspecified vulnerability in Samsung Galaxy J7 Prime Firmware The Samsung j7popeltemtr Android device with a build fingerprint of samsung/j7popeltemtr/j7popeltemtr:8.1.0/M1AJQ/J727T1UVS5BSC2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15462 | Samsung | Unspecified vulnerability in Samsung Galaxy J7 DUO Firmware The Samsung J7 Duo Android device with a build fingerprint of samsung/j7duolteub/j7duolte:8.0.0/R16NW/J720MUBS3ASB2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15461 | Samsung | Unspecified vulnerability in Samsung Galaxy J7 NEO Firmware The Samsung J7 Neo Android device with a build fingerprint of samsung/j7velteub/j7velte:8.1.0/M1AJQ/J701MUBS6BSB4:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15460 | Samsung | Unspecified vulnerability in Samsung Galaxy J7 NEO Firmware The Samsung J7 Neo Android device with a build fingerprint of samsung/j7veltedx/j7velte:8.1.0/M1AJQ/J701FXVS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15459 | Samsung | Unspecified vulnerability in Samsung Galaxy J7 NEO Firmware The Samsung J7 Neo Android device with a build fingerprint of samsung/j7velteub/j7velte:8.1.0/M1AJQ/J701MUBS6BSB3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15458 | Samsung | Unspecified vulnerability in Samsung Galaxy J7 NEO Firmware The Samsung J7 Neo Android device with a build fingerprint of samsung/j7veltedx/j7velte:8.1.0/M1AJQ/J701FXXS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15457 | Samsung | Unspecified vulnerability in Samsung Galaxy J6 Firmware The Samsung J6 Android device with a build fingerprint of samsung/j6ltexx/j6lte:8.0.0/R16NW/J600FNXXU3ASC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15456 | Samsung | Unspecified vulnerability in Samsung Galaxy J6 Firmware The Samsung J6 Android device with a build fingerprint of samsung/j6ltexx/j6lte:8.0.0/R16NW/J600FNXXU3ASC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15455 | Samsung | Unspecified vulnerability in Samsung Galaxy J5 Firmware The Samsung J5 Android device with a build fingerprint of samsung/j5y17ltexx/j5y17lte:8.1.0/M1AJQ/J530FXXU3BRL1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15454 | Samsung | Unspecified vulnerability in Samsung Galaxy J4 Firmware The Samsung J4 Android device with a build fingerprint of samsung/j4lteub/j4lte:8.0.0/R16NW/J400MUBU2ARL4:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15453 | Samsung | Unspecified vulnerability in Samsung Galaxy J4 Firmware The Samsung J4 Android device with a build fingerprint of samsung/j4lteub/j4lte:8.0.0/R16NW/J400MUBS2ASC2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15452 | Samsung | Unspecified vulnerability in Samsung Galaxy J3 Firmware The Samsung J3 Android device with a build fingerprint of samsung/j3y17ltedx/j3y17lte:8.0.0/R16NW/J330GDXS3BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=6010000, versionName=6.1.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15451 | Samsung | Unspecified vulnerability in Samsung Galaxy J3 Firmware The Samsung J3 Android device with a build fingerprint of samsung/j3y17ltedx/j3y17lte:8.0.0/R16NW/J330GDXS3BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=6010000, versionName=6.1.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15450 | Samsung | Unspecified vulnerability in Samsung Galaxy J3 POP Firmware The Samsung j3popeltecan Android device with a build fingerprint of samsung/j3popeltevl/j3popeltecan:8.1.0/M1AJQ/J327WVLS3BSA2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15449 | Samsung | Unspecified vulnerability in Samsung Galaxy S7 Edge Firmware The Samsung S7 Edge Android device with a build fingerprint of samsung/hero2ltexx/hero2lte:8.0.0/R16NW/G935FXXS4ESC3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15448 | Samsung | Unspecified vulnerability in Samsung Galaxy S7 Edge Firmware The Samsung S7 Edge Android device with a build fingerprint of samsung/hero2ltexx/hero2lte:8.0.0/R16NW/G935FXXS4ESC3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15447 | Samsung | Unspecified vulnerability in Samsung Galaxy S7 Edge Firmware The Samsung S7 Edge Android device with a build fingerprint of samsung/hero2ltexx/hero2lte:8.0.0/R16NW/G935FXXS4ESC3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15446 | Samsung | Unspecified vulnerability in Samsung Galaxy S7 Firmware The Samsung S7 Android device with a build fingerprint of samsung/heroltexx/herolte:8.0.0/R16NW/G930FXXU3ESAC:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15445 | Samsung | Unspecified vulnerability in Samsung Galaxy S7 Firmware The Samsung S7 Android device with a build fingerprint of samsung/heroltexx/herolte:8.0.0/R16NW/G930FXXS4ESC3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15444 | Samsung | Unspecified vulnerability in Samsung Galaxy S7 Firmware The Samsung S7 Android device with a build fingerprint of samsung/heroltexx/herolte:8.0.0/R16NW/G930FXXS4ESC3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15443 | Samsung | Unspecified vulnerability in Samsung Galaxy J7 MAX Firmware The Samsung J7 Max Android device with a build fingerprint of samsung/j7maxlteins/j7maxlte:8.1.0/M1AJQ/G615FXXU2BSB1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15442 | Samsung | Unspecified vulnerability in Samsung on 7 Firmware The Samsung on7xelteskt Android device with a build fingerprint of samsung/on7xelteskt/on7xelteskt:8.1.0/M1AJQ/G610SKSU2CSB1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15441 | Samsung | Unspecified vulnerability in Samsung on 7 Firmware The Samsung on7xeltelgt Android device with a build fingerprint of samsung/on7xeltelgt/on7xeltelgt:8.1.0/M1AJQ/G610LKLU2CSB1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15440 | Samsung | Unspecified vulnerability in Samsung Galaxy J5 Firmware The Samsung J5 Android device with a build fingerprint of samsung/on5xeltedx/on5xelte:8.0.0/R16NW/G570YDXU2CRL1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=6010000, versionName=6.1.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15439 | Samsung | Unspecified vulnerability in Samsung Galaxy Xcover4 Firmware The Samsung XCover4 Android device with a build fingerprint of samsung/xcover4ltedo/xcover4lte:8.1.0/M1AJQ/G390YDXU2BSA1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15438 | Samsung | Unspecified vulnerability in Samsung Galaxy Xcover4 Firmware The Samsung XCover4 Android device with a build fingerprint of samsung/xcover4ltedo/xcover4lte:8.1.0/M1AJQ/G390YDXU2BSA1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15437 | Samsung | Unspecified vulnerability in Samsung Galaxy Xcover4 Firmware The Samsung XCover4 Android device with a build fingerprint of samsung/xcover4ltexx/xcover4lte:8.1.0/M1AJQ/G390FXXU3BSA2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15436 | Samsung | Unspecified vulnerability in Samsung Galaxy A8+ Firmware The Samsung A8+ Android device with a build fingerprint of samsung/jackpot2ltexx/jackpot2lte:8.0.0/R16NW/A730FXXS4BSC2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15435 | Samsung | Unspecified vulnerability in Samsung Galaxy A7 Firmware The Samsung A7 Android device with a build fingerprint of samsung/a7y17ltexx/a7y17lte:8.0.0/R16NW/A720FXXU7CSC2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15434 | Samsung | Unspecified vulnerability in Samsung Galaxy A5 Firmware The Samsung A5 Android device with a build fingerprint of samsung/a5y17ltexx/a5y17lte:8.0.0/R16NW/A520FXXS8CSC5:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15433 | Samsung | Unspecified vulnerability in Samsung Galaxy A3 Firmware The Samsung A3 Android device with a build fingerprint of samsung/a3y17ltedx/a3y17lte:8.0.0/R16NW/A320YDXU4CSB3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15432 | Evercoss | Unspecified vulnerability in Evercoss U6 Firmware The Evercoss U6 Android device with a build fingerprint of EVERCOSS/U6/U6:7.0/NRD90M/1504236704:user/release-keys contains a pre-installed app with a package name of com.qiku.cleaner app (versionCode=2, versionName=2.0.0_VER_32516486284094) that allows other pre-installed apps to perform system properties modification via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15429 | Panasonic | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Panasonic Eluga I9 Firmware The Panasonic ELUGA_I9 Android device with a build fingerprint of Panasonic/ELUGA_I9/ELUGA_I9:7.0/NRD90M/1501740649:user/release-keys contains a pre-installed app with a package name of com.ovvi.modem app (versionCode=1, versionName=1) that allows unauthorized attacker-controlled at command via a confused deputy attack. | 7.8 |
2019-11-14 | CVE-2019-15419 | Asus | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Asus X105D Firmware The Asus ASUS_X015_1 Android device with a build fingerprint of asus/CN_X015/ASUS_X015_1:7.0/NRD90M/CN_X015-14.00.1709.35-20171215:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app (versionCode=5, versionName=5.0.1) that allows unauthorized command execution via a confused deputy attack. | 7.8 |
2019-11-14 | CVE-2019-15418 | Asus | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Asus Pegasus 4 MAX Firmware and Pegasus 4A Firmware The Asus ASUS_X00K_1 Android device with a build fingerprint of asus/CN_X00K/ASUS_X00K_1:7.0/NRD90M/CN_X00K-14.01.1711.27-20180420:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app (versionCode=5, versionName=5.0.1) that allows unauthorized command execution via a confused deputy attack. | 7.8 |
2019-11-14 | CVE-2019-15417 | Tecno | Unspecified vulnerability in Tecno Spark PRO Firmware The Tecno Spark Pro Android device with a build fingerprint of TECNO/H3722/TECNO-K8:7.0/NRD90M/K8-H3722ABCDE-N-171229V96:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app (versionCode=7, versionName=7.0.5) that allows unauthorized dynamic code loading via a confused deputy attack. | 7.8 |
2019-11-14 | CVE-2019-15416 | Sony | Unspecified vulnerability in Sony Xperia XZS Firmware The Sony keyaki_kddi Android device with a build fingerprint of Sony/keyaki_kddi/keyaki_kddi:7.1.1/TONE3-3.0.0-KDDI-170517-0326/1:user/dev-keys contains a pre-installed app with a package name of com.kddi.android.packageinstaller app (versionCode=70008, versionName=08.10.03) that allows other pre-installed apps to perform app installation via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15414 | Asus | Unspecified vulnerability in Asus Zenfone AR Firmware The Asus ZenFone AR Android device with a build fingerprint of asus/WW_ASUS_A002/ASUS_A002:7.0/NRD90M/14.1600.1805.51-20180626:user/release-keys contains a pre-installed app with a package name of com.asus.splendidcommandagent app (versionCode=1510200105, versionName=1.2.0.21_180605) that allows other pre-installed apps to perform command execution via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15413 | Asus | Unspecified vulnerability in Asus Zenfone 3 Ultra Firmware The Asus ZenFone 3 Ultra Android device with a build fingerprint of asus/WW_Phone/ASUS_A001:7.0/NRD90M/14.1010.1804.75-20180612:user/release-keys contains a pre-installed app with a package name of com.asus.splendidcommandagent app (versionCode=1510200105, versionName=1.2.0.21_180605) that allows other pre-installed apps to perform command execution via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15412 | Asus | Unspecified vulnerability in Asus Zenfone 4 Selfie Firmware The Asus ZenFone 4 Selfie Android device with a build fingerprint of asus/WW_Z01M/ASUS_Z01M_1:7.1.1/NMF26F/WW_71.50.395.57_20180913:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15411 | Asus | Unspecified vulnerability in Asus Zenfone 3 Laser Firmware The Asus ZenFone 3 Laser Android device with a build fingerprint of asus/WW_msm8937/msm8937:7.1.1/NMF26F/WW_32.40.106.114_20180928:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15410 | Asus | Unspecified vulnerability in Asus Zenfone 5Q Firmware The Asus ZenFone 5Q Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_2:7.1.1/NGI77B/14.0400.1809.059-20181016:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15409 | Asus | Unspecified vulnerability in Asus Zenfone 5Q Firmware The Asus ZenFone 5Q Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_2:7.1.1/NGI77B/14.0400.1809.059-20181016:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15408 | Asus | Unspecified vulnerability in Asus Zenfone 5 Lite Firmware The Asus ZenFone 5 Lite Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_1:7.1.1/NMF26F/14.0400.1810.061-20181107:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15407 | Asus | Unspecified vulnerability in Asus Zenfone 4 MAX Firmware The Asus ASUS_X015_1 Android device with a build fingerprint of asus/CN_X015/ASUS_X015_1:7.0/NRD90M/CN_X015-14.00.1709.35-20171215:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15406 | Asus | Unspecified vulnerability in Asus Zenfone 4 Selfie Firmware The Asus ASUS_X00LD_3 Android device with a build fingerprint of asus/WW_Phone/ASUS_X00LD_3:7.1.1/NMF26F/14.0400.1806.203-20180720:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15405 | Asus | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Asus Pegasus 4 MAX Firmware and Pegasus 4A Firmware The Asus ASUS_X00K_1 Android device with a build fingerprint of asus/CN_X00K/ASUS_X00K_1:7.0/NRD90M/CN_X00K-14.01.1711.27-20180420:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15404 | Asus | Unspecified vulnerability in Asus Zenfone 4 MAX Firmware The Asus ZenFone Max 4 Android device with a build fingerprint of asus/WW_Phone/ASUS_X00HD_4:7.1.1/NMF26F/14.2016.1712.367-20171225:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15403 | Asus | Unspecified vulnerability in Asus Zenfone 3S MAX Firmware The Asus ZenFone 3s Max Android device with a build fingerprint of asus/IN_X00G/ASUS_X00G_1:7.0/NRD90M/IN_X00G-14.02.1807.33-20180706:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15402 | Asus | Unspecified vulnerability in Asus Zenfone AR Firmware The Asus ASUS_A002_2 Android device with a build fingerprint of asus/WW_ASUS_A002_2/ASUS_A002_2:7.0/NRD90M/14.1610.1802.18-20180321:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15401 | Asus | Unspecified vulnerability in Asus Zenfone AR Firmware The Asus ASUS_A002 Android device with a build fingerprint of asus/WW_ASUS_A002/ASUS_A002:7.0/NRD90M/14.1600.1805.51-20180626:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15400 | Asus | Unspecified vulnerability in Asus Zenfone 3 Ultra Firmware The Asus ZenFone 3 Ultra Android device with a build fingerprint of asus/WW_Phone/ASUS_A001:7.0/NRD90M/14.1010.1804.75-20180612:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15399 | Asus | Unspecified vulnerability in Asus Zenfone 5Q Firmware The Asus ZenFone 5Q Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_2:7.1.1/NGI77B/14.0400.1809.059-20181016:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15398 | Asus | Unspecified vulnerability in Asus Zenfone 4 Selfie Firmware The Asus ZenFone 4 Selfie Android device with a build fingerprint of asus/WW_Z01M/ASUS_Z01M_1:7.1.1/NMF26F/WW_user_11.40.208.77_20170922:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15397 | Asus | Unspecified vulnerability in Asus Zenfone MAX 4 Firmware The Asus ZenFone Max 4 Android device with a build fingerprint of asus/WW_Phone/ASUS_X00HD_4:7.1.1/NMF26F/14.2016.1803.373-20180308:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15396 | Asus | Unspecified vulnerability in Asus Zenfone 3 Firmware The Asus ZenFone 3 Android device with a build fingerprint of asus/WW_Phone/ASUS_Z012D:7.0/NRD90M/14.2020.1708.56-20170719:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15395 | Asus | Unspecified vulnerability in Asus Zenfone 3S MAX Firmware The Asus ZenFone 3s Max Android device with a build fingerprint of asus/IN_X00G/ASUS_X00G_1:7.0/NRD90M/IN_X00G-14.02.1807.33-20180706:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. | 7.8 |
2019-11-14 | CVE-2019-15394 | Asus | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Asus Zenfone 5 Selfie Firmware The Asus ZenFone 5 Selfie Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_1:7.1.1/NMF26F/14.0400.1810.061-20181107:user/release-keys contains a pre-installed app with a package name of com.asus.atd.smmitest app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. | 7.8 |
2019-11-14 | CVE-2019-15351 | Tecno Mobile | OS Command Injection vulnerability in Tecno-Mobile Tecno/H622/Tecno-Id5B:8.1.0/O11019/G-180829V31:User/Release-Keys Firmware The Tecno Camon Android device with a build fingerprint of TECNO/H622/TECNO-ID5b:8.1.0/O11019/G-180829V31:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). | 7.8 |
2019-11-14 | CVE-2019-15350 | Tecno Mobile | Exposure of Resource to Wrong Sphere vulnerability in Tecno-Mobile Tecno/H622/Tecno-Id5B:8.1.0/O11019/G-180829V31:User/Release-Keys Firmware The Tecno Camon Android device with a build fingerprint of TECNO/H622/TECNO-ID5b:8.1.0/O11019/G-180829V31:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). | 7.8 |
2019-11-14 | CVE-2019-15349 | Tecno Mobile | Exposure of Resource to Wrong Sphere vulnerability in Tecno-Mobile Tecno/H612/Tecno-Id5A:8.1.0/O11019/F-180828V106:User/Release-Keys Firmware The Tecno Camon Android device with a build fingerprint of TECNO/H612/TECNO-ID5a:8.1.0/O11019/F-180828V106:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). | 7.8 |
2019-11-14 | CVE-2019-15348 | Tecno Mobile | OS Command Injection vulnerability in Tecno-Mobile Tecno/H612/Tecno-Id5A:8.1.0/O11019/F-180828V106:User/Release-Keys Firmware The Tecno Camon Android device with a build fingerprint of TECNO/H612/TECNO-ID5a:8.1.0/O11019/F-180828V106:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). | 7.8 |
2019-11-14 | CVE-2019-15347 | Tecno Mobile | OS Command Injection vulnerability in Tecno-Mobile Camon Iclick 2 Firmware The Tecno Camon iClick 2 Android device with a build fingerprint of TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). | 7.8 |
2019-11-14 | CVE-2019-15346 | Tecno Mobile | Exposure of Resource to Wrong Sphere vulnerability in Tecno-Mobile Camon Iclick 2 Firmware The Tecno Camon iClick 2 Android device with a build fingerprint of TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). | 7.8 |
2019-11-14 | CVE-2019-15345 | Tecno Mobile | Exposure of Resource to Wrong Sphere vulnerability in Tecno-Mobile Camon Iclick Firmware The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). | 7.8 |
2019-11-14 | CVE-2019-15343 | Tecno Mobile | OS Command Injection vulnerability in Tecno-Mobile Camon Iclick Firmware The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). | 7.8 |
2019-11-14 | CVE-2019-15342 | Tecno Mobile | OS Command Injection vulnerability in Tecno-Mobile Camon Iair 2+ Firmware The Tecno Camon iAir 2 Plus Android device with a build fingerprint of TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). | 7.8 |
2019-11-14 | CVE-2019-15341 | Tecno Mobile | Exposure of Resource to Wrong Sphere vulnerability in Tecno-Mobile Camon Iair 2+ Firmware The Tecno Camon iAir 2 Plus Android device with a build fingerprint of TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). | 7.8 |
2019-11-14 | CVE-2019-14602 | Intel | Incorrect Default Permissions vulnerability in Intel Nuvoton Consumer Infrared 1.02.1002 Improper permissions in the installer for the Nuvoton* CIR Driver versions 1.02.1002 and before may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2019-11-14 | CVE-2019-14566 | Intel | Improper Input Validation vulnerability in Intel Software Guard Extensions SDK Insufficient input validation in Intel(R) SGX SDK multiple Linux and Windows versions may allow an authenticated user to enable information disclosure, escalation of privilege or denial of service via local access. | 7.8 |
2019-11-14 | CVE-2019-14565 | Intel | Improper Initialization vulnerability in Intel Software Guard Extensions SDK Insufficient initialization in Intel(R) SGX SDK Windows versions 2.4.100.51291 and earlier, and Linux versions 2.6.100.51363 and earlier, may allow an authenticated user to enable information disclosure, escalation of privilege or denial of service via local access. | 7.8 |
2019-11-14 | CVE-2019-11181 | Intel | Out-of-bounds Read vulnerability in Intel Baseboard Management Controller Firmware 2.09 Out of bound read in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 7.8 |
2019-11-14 | CVE-2019-11170 | Intel | Improper Authentication vulnerability in Intel Baseboard Management Controller Firmware 2.09 Authentication bypass in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure, escalation of privilege and/or denial of service via local access. | 7.8 |
2019-11-14 | CVE-2019-11156 | Intel | Unspecified vulnerability in Intel Proset/Wireless Wifi Logic errors in Intel(R) PROSet/Wireless WiFi Software before version 21.40 may allow an authenticated user to potentially enable escalation of privilege, denial of service, and information disclosure via local access. | 7.8 |
2019-11-14 | CVE-2019-11153 | Intel | Out-of-bounds Write vulnerability in Intel Proset/Wireless Wifi Memory corruption issues in Intel(R) PROSet/Wireless WiFi Software extension DLL before version 21.40 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and a denial of service via local access. | 7.8 |
2019-11-14 | CVE-2019-11151 | Intel | Out-of-bounds Write vulnerability in Intel products Memory corruption issues in Intel(R) WIFI Drivers before version 21.40 may allow a privileged user to potentially enable escalation of privilege, denial of service, and information disclosure via local access. | 7.8 |
2019-11-14 | CVE-2019-7962 | Adobe | Uncontrolled Search Path Element vulnerability in Adobe Illustrator CC Adobe Illustrator CC versions 23.1 and earlier have an insecure library loading (dll hijacking) vulnerability. | 7.8 |
2019-11-14 | CVE-2019-7960 | Adobe | Uncontrolled Search Path Element vulnerability in Adobe Animate CC Adobe Animate CC versions 19.2.1 and earlier have an insecure library loading (dll hijacking) vulnerability. | 7.8 |
2019-11-14 | CVE-2019-18895 | Scanguard | Incorrect Permission Assignment for Critical Resource vulnerability in Scanguard Antivirus 20191112 Scanguard through 2019-11-12 on Windows has Insecure Permissions for the installation directory, leading to privilege escalation via a Trojan horse executable file. | 7.8 |
2019-11-14 | CVE-2011-1588 | Xfce Opensuse Debian | Use of Externally-Controlled Format String vulnerability in multiple products Thunar before 1.3.1 could crash when copy and pasting a file name with % format characters due to a format string error. | 7.8 |
2019-11-14 | CVE-2011-1145 | Unixodbc Debian Opensuse Redhat | Classic Buffer Overflow vulnerability in multiple products The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string. | 7.8 |
2019-11-14 | CVE-2011-1070 | V86D Project Debian | Incorrect Authorization vulnerability in multiple products v86d before 0.1.10 do not verify if received netlink messages are sent by the kernel. | 7.8 |
2019-11-14 | CVE-2019-3663 | Mcafee | Insufficiently Protected Credentials vulnerability in Mcafee Advanced Threat Defense Unprotected Storage of Credentials vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows local attacker to gain access to the root password via accessing sensitive files on the system. | 7.8 |
2019-11-13 | CVE-2010-4661 | Udisks Project Redhat Debian Opensuse Fedoraproject | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules. | 7.8 |
2019-11-13 | CVE-2019-2210 | Out-of-bounds Write vulnerability in Google Android 10.0/9.0 In load_logging_config of qmi_vs_service.cc, there is a possible out of bounds write due to a heap buffer overflow. | 7.8 | |
2019-11-13 | CVE-2010-4654 | Freedesktop Debian | Injection vulnerability in multiple products poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack. | 7.8 |
2019-11-13 | CVE-2019-2214 | Google Canonical | Out-of-bounds Write vulnerability in multiple products In binder_transaction of binder.c, there is a possible out of bounds write due to a missing bounds check. | 7.8 |
2019-11-13 | CVE-2019-2207 | Out-of-bounds Write vulnerability in Google Android In nfa_hci_handle_admin_gate_rsp of nfa_hci_act.cc, there is a possible out of bound write due to missing bounds checks. | 7.8 | |
2019-11-13 | CVE-2019-2203 | Out-of-bounds Write vulnerability in Google Android In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a heap buffer overflow. | 7.8 | |
2019-11-13 | CVE-2019-2202 | Out-of-bounds Write vulnerability in Google Android 10.0/9.0 In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a heap buffer overflow. | 7.8 | |
2019-11-13 | CVE-2019-2201 | Google Canonical | Out-of-bounds Write vulnerability in multiple products In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. | 7.8 |
2019-11-13 | CVE-2019-2195 | SQL Injection vulnerability in Google Android In tokenize of sqlite3_android.cpp, there is a possible attacker controlled INSERT statement due to improper input validation. | 7.8 | |
2019-11-13 | CVE-2019-2193 | Improper Privilege Management vulnerability in Google Android In WelcomeActivity.java and related files, there is a possible permissions bypass due to a partially provisioned Device Policy Client. | 7.8 | |
2019-11-13 | CVE-2019-2192 | Improper Input Validation vulnerability in Google Android 10.0/9.0 In call of SliceProvider.java, there is a possible permissions bypass due to improper input validation. | 7.8 | |
2019-11-13 | CVE-2019-5288 | Huawei | Integer Overflow or Wraparound vulnerability in Huawei P30 Firmware P30 smart phones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an integer overflow vulnerability due to insufficient check on specific parameters. | 7.8 |
2019-11-13 | CVE-2019-5287 | Huawei | Integer Overflow or Wraparound vulnerability in Huawei P30 Firmware P30 smart phones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an integer overflow vulnerability due to insufficient check on specific parameters. | 7.8 |
2019-11-13 | CVE-2019-5282 | Huawei | Double Free vulnerability in Huawei products Bastet module of some Huawei smartphones with Versions earlier than Emily-AL00A 9.0.0.182(C00E82R1P21), Versions earlier than Emily-TL00B 9.0.0.182(C01E82R1P21), Versions earlier than Emily-L09C 9.0.0.203(C432E7R1P11), Versions earlier than Emily-L29C 9.0.0.203(C432E7R1P11), Versions earlier than Emily-L29C 9.0.0.202(C185E2R1P12) have a double free vulnerability. | 7.8 |
2019-11-13 | CVE-2019-18397 | GNU Debian | Classic Buffer Overflow vulnerability in multiple products A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application that uses FriBidi for text layout calculations. | 7.8 |
2019-11-12 | CVE-2019-5228 | Huawei | Out-of-bounds Write vulnerability in Huawei P30 Firmware Certain detection module of P30, P30 Pro, Honor V20 smartphone whith Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12), Versions earlier than Princeton-AL10B 9.1.0.233(C00E233R4P3) have a race condition vulnerability. | 7.8 |
2019-11-12 | CVE-2019-1457 | Microsoft | Incorrect Permission Assignment for Critical Resource vulnerability in Microsoft Office 2016/2019 A security feature bypass vulnerability exists in Microsoft Office software by not enforcing macro settings on an Excel document, aka 'Microsoft Office Excel Security Feature Bypass'. | 7.8 |
2019-11-12 | CVE-2019-1448 | Microsoft | Unspecified vulnerability in Microsoft Excel, Office and Office 365 Proplus A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. | 7.8 |
2019-11-12 | CVE-2019-1438 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. | 7.8 |
2019-11-12 | CVE-2019-1437 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. | 7.8 |
2019-11-12 | CVE-2019-1435 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. | 7.8 |
2019-11-12 | CVE-2019-1434 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. | 7.8 |
2019-11-12 | CVE-2019-1433 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. | 7.8 |
2019-11-12 | CVE-2019-1430 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016 A remote code execution vulnerability exists when Windows Media Foundation improperly parses specially crafted QuickTime media files.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'Microsoft Windows Media Foundation Remote Code Execution Vulnerability'. | 7.8 |
2019-11-12 | CVE-2019-1423 | Microsoft | Link Following vulnerability in Microsoft Windows 10 1903 An elevation of privilege vulnerability exists in the way that the StartTileData.dll handles file creation in protected locations, aka 'Windows Elevation of Privilege Vulnerability'. | 7.8 |
2019-11-12 | CVE-2019-1422 | Microsoft | Link Following vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the iphlpsvc.dll handles file creation allowing for a file overwrite, aka 'Windows Elevation of Privilege Vulnerability'. | 7.8 |
2019-11-12 | CVE-2019-1420 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the dssvc.dll handles file creation allowing for a file overwrite or creation in a secured location, aka 'Windows Elevation of Privilege Vulnerability'. | 7.8 |
2019-11-12 | CVE-2019-1417 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. | 7.8 |
2019-11-12 | CVE-2019-1415 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. | 7.8 |
2019-11-12 | CVE-2019-1408 | Microsoft | Out-of-bounds Write vulnerability in Microsoft products An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. | 7.8 |
2019-11-12 | CVE-2019-1407 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. | 7.8 |
2019-11-12 | CVE-2019-1406 | Microsoft | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. | 7.8 |
2019-11-12 | CVE-2019-1405 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'. | 7.8 |
2019-11-12 | CVE-2019-1396 | Microsoft | Out-of-bounds Write vulnerability in Microsoft products An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. | 7.8 |
2019-11-12 | CVE-2019-1395 | Microsoft | Out-of-bounds Write vulnerability in Microsoft products An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. | 7.8 |
2019-11-12 | CVE-2019-1394 | Microsoft | Out-of-bounds Write vulnerability in Microsoft products An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. | 7.8 |
2019-11-12 | CVE-2019-1393 | Microsoft | Out-of-bounds Write vulnerability in Microsoft products An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. | 7.8 |
2019-11-12 | CVE-2019-1392 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. | 7.8 |
2019-11-12 | CVE-2019-1388 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certificate Dialog Elevation of Privilege Vulnerability'. | 7.8 |
2019-11-12 | CVE-2019-1385 | Microsoft | Link Following vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges., aka 'Windows AppX Deployment Extensions Elevation of Privilege Vulnerability'. | 7.8 |
2019-11-12 | CVE-2019-1383 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. | 7.8 |
2019-11-12 | CVE-2019-1380 | Microsoft | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Microsoft products A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege Vulnerability'. | 7.8 |
2019-11-12 | CVE-2019-1379 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2019 An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. | 7.8 |
2019-11-12 | CVE-2011-3618 | Atop Project Debian | Link Following vulnerability in multiple products atop: symlink attack possible due to insecure tempfile handling | 7.8 |
2019-11-11 | CVE-2019-18862 | GNU | Unspecified vulnerability in GNU Mailutils 0.5/0.6 maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode. | 7.8 |
2019-11-17 | CVE-2019-19022 | Iterm2 | Information Exposure vulnerability in Iterm2 iTerm2 through 3.3.6 has potentially insufficient documentation about the presence of search history in com.googlecode.iterm2.plist, which might allow remote attackers to obtain sensitive information, as demonstrated by searching for the NoSyncSearchHistory string in .plist files within public Git repositories. | 7.5 |
2019-11-17 | CVE-2019-19011 | Miniupnp Project | NULL Pointer Dereference vulnerability in Miniupnp Project Ngiflib 0.4 MiniUPnP ngiflib 0.4 has a NULL pointer dereference in GifIndexToTrueColor in ngiflib.c via a file that lacks a palette. | 7.5 |
2019-11-15 | CVE-2019-6664 | F5 | Unspecified vulnerability in F5 products On BIG-IP 15.0.0 and 14.1.0-14.1.0.6, under certain conditions, network protections on the management port do not follow current best practices. | 7.5 |
2019-11-15 | CVE-2019-6661 | F5 | Resource Exhaustion vulnerability in F5 Big-Ip Access Policy Manager When the BIG-IP APM 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.4.1, or 11.5.1-11.6.5 system processes certain requests, the APD/APMD daemon may consume excessive resources. | 7.5 |
2019-11-15 | CVE-2019-6660 | F5 | Resource Exhaustion vulnerability in F5 products On BIG-IP 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.1, undisclosed HTTP requests may consume excessive amounts of systems resources which may lead to a denial of service. | 7.5 |
2019-11-15 | CVE-2019-6659 | F5 | Unspecified vulnerability in F5 products On version 14.0.0-14.1.0.1, BIG-IP virtual servers with TLSv1.3 enabled may experience a denial of service due to undisclosed incoming messages. | 7.5 |
2019-11-15 | CVE-2011-2726 | Drupal Debian Redhat Fedoraproject | Incorrect Authorization vulnerability in multiple products An access bypass issue was found in Drupal 7.x before version 7.5. | 7.5 |
2019-11-15 | CVE-2016-5285 | Mozilla Debian Redhat Suse Avaya | NULL Pointer Dereference vulnerability in multiple products A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service. | 7.5 |
2019-11-15 | CVE-2014-0021 | Chrony Project Debian Fedoraproject | Chrony before 1.29.1 has traffic amplification in cmdmon protocol | 7.5 |
2019-11-15 | CVE-2013-7089 | Clamav Debian Fedoraproject | Information Exposure vulnerability in multiple products ClamAV before 0.97.7: dbg_printhex possible information leak | 7.5 |
2019-11-15 | CVE-2019-18986 | Pimcore | Improper Restriction of Excessive Authentication Attempts vulnerability in Pimcore Pimcore before 6.2.2 allow attackers to brute-force (guess) valid usernames by using the 'forgot password' functionality as it returns distinct messages for invalid password and non-existing users. | 7.5 |
2019-11-14 | CVE-2019-18980 | Philips | Missing Encryption of Sensitive Data vulnerability in Philips Taolight Smart Wi-Fi WIZ Connected LED Bulb 9290022656 Firmware On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022656 devices, an unprotected API lets remote users control the bulb's operation. | 7.5 |
2019-11-14 | CVE-2019-15804 | Zyxel | Unspecified vulnerability in Zyxel products An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. | 7.5 |
2019-11-14 | CVE-2019-15801 | Zyxel | Use of Hard-coded Credentials vulnerability in Zyxel products An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. | 7.5 |
2019-11-14 | CVE-2013-3070 | Netgear | Information Exposure vulnerability in Netgear Wndr4700 Firmware 1.0.0.34 An Information Disclosure vulnerability exists in Netgear WNDR4700 running firmware 1.0.0.34 in the management web interface, which discloses the PSK of the wireless LAN. | 7.5 |
2019-11-14 | CVE-2019-14818 | Dpdk Redhat Fedoraproject | Memory Leak vulnerability in multiple products A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. | 7.5 |
2019-11-14 | CVE-2019-11182 | Intel | Out-of-bounds Write vulnerability in Intel Baseboard Management Controller Firmware 2.09 Memory corruption in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access. | 7.5 |
2019-11-14 | CVE-2019-11180 | Intel | Improper Input Validation vulnerability in Intel Baseboard Management Controller Firmware 2.09 Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access. | 7.5 |
2019-11-14 | CVE-2019-11177 | Intel | Improper Handling of Exceptional Conditions vulnerability in Intel Baseboard Management Controller Firmware 2.09 Unhandled exception in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access. | 7.5 |
2019-11-14 | CVE-2019-11175 | Intel | Improper Input Validation vulnerability in Intel Baseboard Management Controller Firmware 2.09 Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access. | 7.5 |
2019-11-14 | CVE-2012-1170 | Moodle Fedoraproject | Improper Validation of Integrity Check Value vulnerability in multiple products Moodle before 2.2.2 has an external enrolment plugin context check issue where capability checks are not thorough | 7.5 |
2019-11-14 | CVE-2019-8240 | Adobe | Out-of-bounds Write vulnerability in Adobe Bridge CC Adobe Bridge CC versions 9.1 and earlier have a memory corruption vulnerability. | 7.5 |
2019-11-14 | CVE-2019-8239 | Adobe | Out-of-bounds Write vulnerability in Adobe Bridge CC Adobe Bridge CC versions 9.1 and earlier have a memory corruption vulnerability. | 7.5 |
2019-11-14 | CVE-2012-1156 | Moodle Fedoraproject Redhat | Information Exposure Through Log Files vulnerability in multiple products Moodle before 2.2.2 has users' private files included in course backups | 7.5 |
2019-11-14 | CVE-2012-1155 | Moodle Fedoraproject Redhat Debian | Information Exposure vulnerability in multiple products Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to | 7.5 |
2019-11-14 | CVE-2019-18949 | Snowhaze | Incorrect Authorization vulnerability in Snowhaze SnowHaze before 2.6.6 is sometimes too late to honor a per-site JavaScript blocking setting, which leads to unintended JavaScript execution via a chain of webpage redirections targeted to the user's browser configuration. | 7.5 |
2019-11-13 | CVE-2019-18951 | Sibsoft | Path Traversal vulnerability in Sibsoft Xfilesharing 2.5.1 SibSoft Xfilesharing through 2.5.1 allows op=page&tmpl=../ directory traversal to read arbitrary files. | 7.5 |
2019-11-13 | CVE-2010-5108 | Edgewall Debian | Incorrect Default Permissions vulnerability in multiple products Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. | 7.5 |
2019-11-13 | CVE-2011-4972 | Ckeditor | Information Exposure vulnerability in Ckeditor 7.X1.4 hook_file_download in the CKEditor module 7.x-1.4 for Drupal does not properly restrict access to private files, which allows remote attackers to read private files via a direct request. | 7.5 |
2019-11-13 | CVE-2010-4657 | PHP Redhat Debian | Missing Release of Resource after Effective Lifetime vulnerability in multiple products PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. | 7.5 |
2019-11-13 | CVE-2019-18844 | Linux | Reachable Assertion vulnerability in Linux Acrn The Device Model in ACRN before 2019w25.5-140000p relies on assert calls in devicemodel/hw/pci/core.c and devicemodel/include/pci_core.h (instead of other mechanisms for propagating error information or diagnostic information), which might allow attackers to cause a denial of service (assertion failure) within pci core. | 7.5 |
2019-11-13 | CVE-2019-2211 | SQL Injection vulnerability in Google Android In createProjectionMapForQuery of TvProvider.java, there is possible SQL injection. | 7.5 | |
2019-11-13 | CVE-2019-2208 | Out-of-bounds Read vulnerability in Google Android 9.0 In PromiseBuiltinsAssembler::NewPromiseCapability of builtins-promise.cc, there is a possible out of bounds read in v8 JIT code due to a bug in code generation. | 7.5 | |
2019-11-13 | CVE-2019-5294 | Huawei | Out-of-bounds Read vulnerability in Huawei products There is an out of bound read vulnerability in some Huawei products. | 7.5 |
2019-11-13 | CVE-2019-5289 | Huawei | Out-of-bounds Read vulnerability in Huawei Manageone 6.5.0 Gauss100 OLTP database in ManageOne with versions of 6.5.0 have an out-of-bounds read vulnerability due to the insufficient checks of the specific packet length. | 7.5 |
2019-11-13 | CVE-2013-4655 | Belkin | Link Following vulnerability in Belkin N900 Firmware Symlink Traversal vulnerability in Belkin N900 due to misconfiguration in the SMB service. | 7.5 |
2019-11-12 | CVE-2019-14367 | Slack Chat Project | Information Exposure vulnerability in Slack-Chat Project Slack-Chat 1.5.5 Slack-Chat through 1.5.5 leaks a Slack Access Token in source code. | 7.5 |
2019-11-12 | CVE-2019-14366 | Slack | Information Exposure vulnerability in Slack WP Slacksync WP SlackSync plugin through 1.8.5 for WordPress leaks a Slack Access Token in source code. | 7.5 |
2019-11-12 | CVE-2019-14365 | Intercom | Information Exposure vulnerability in Intercom 1.2.1 The Intercom plugin through 1.2.1 for WordPress leaks a Slack Access Token in source code. | 7.5 |
2019-11-12 | CVE-2011-2335 | Double Free vulnerability in Google Blink M11 A double-free vulnerability exists in WebKit in Google Chrome before Blink M12 in the WebCore::CSSSelector function. | 7.5 | |
2019-11-12 | CVE-2010-2488 | ZNC | NULL Pointer Dereference vulnerability in ZNC NULL pointer dereference vulnerability in ZNC before 0.092 caused by traffic stats when there are unauthenticated connections. | 7.5 |
2019-11-12 | CVE-2019-1429 | Microsoft | Use After Free vulnerability in Microsoft Internet Explorer 10/11/9 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.5 |
2019-11-12 | CVE-2019-1428 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.5 |
2019-11-12 | CVE-2019-1427 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.5 |
2019-11-12 | CVE-2019-1426 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.5 |
2019-11-12 | CVE-2019-1390 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 10/11/9 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. | 7.5 |
2019-11-12 | CVE-2019-12720 | AUO | SQL Injection vulnerability in AUO Sunveillance Monitoring System & Data Recorder AUO SunVeillance Monitoring System before v1.1.9e is vulnerable to mvc_send_mail.aspx (MailAdd parameter) SQL Injection. | 7.5 |
2019-11-12 | CVE-2019-1234 | Microsoft | Authentication Bypass by Spoofing vulnerability in Microsoft Azure Stack A spoofing vulnerability exists when Azure Stack fails to validate certain requests, aka 'Azure Stack Spoofing Vulnerability'. | 7.5 |
2019-11-12 | CVE-2019-17360 | Hitachi | Resource Exhaustion vulnerability in Hitachi products A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.7.0-00 allows an unauthenticated remote user to trigger a denial of service (DoS) condition because of Uncontrolled Resource Consumption. | 7.5 |
2019-11-12 | CVE-2018-21026 | Hitachi | Information Exposure vulnerability in Hitachi products A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.6.5-00 allows an unauthenticated remote user to read internal information. | 7.5 |
2019-11-12 | CVE-2019-17234 | Getigniteup | Missing Authentication for Critical Function vulnerability in Getigniteup Igniteup includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows unauthenticated arbitrary file deletion. | 7.5 |
2019-11-12 | CVE-2012-1572 | Openstack Debian | Resource Exhaustion vulnerability in multiple products OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space | 7.5 |
2019-11-12 | CVE-2019-18848 | Json JWT Project Debian | Improper Authentication vulnerability in multiple products The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string. | 7.5 |
2019-11-12 | CVE-2012-1109 | Pediapress | Improper Handling of Exceptional Conditions vulnerability in Pediapress Mwlib mwlib 0.13 through 0.13.4 has a denial of service vulnerability when parsing #iferror magic functions | 7.5 |
2019-11-12 | CVE-2019-18817 | Istio | Infinite Loop vulnerability in Istio Istio 1.3.x before 1.3.5 allows Denial of Service because continue_on_listener_filters_timeout is set to True, a related issue to CVE-2019-18836. | 7.5 |
2019-11-12 | CVE-2014-7143 | Twisted | Improper Certificate Validation vulnerability in Twisted 14.0.0 Python Twisted 14.0 trustRoot is not respected in HTTP client | 7.5 |
2019-11-12 | CVE-2019-18874 | Psutil Project | Double Free vulnerability in Psutil Project Psutil psutil (aka python-psutil) through 5.6.5 can have a double free. | 7.5 |
2019-11-11 | CVE-2019-18857 | SVG Sanitizer Project | Cross-site Scripting vulnerability in Svg-Sanitizer Project Svg-Sanitizer darylldoyle svg-sanitizer before 0.12.0 mishandles script and data values in attributes, as demonstrated by unexpected whitespace such as in the javascript	:alert substring. | 7.5 |
2019-11-11 | CVE-2019-18856 | Drupal | Incorrect Permission Assignment for Critical Resource vulnerability in Drupal SVG Sanitizer A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled. | 7.5 |
2019-11-11 | CVE-2019-18855 | 10Up | Unspecified vulnerability in 10Up Safe SVG A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to potentially unwanted elements or attributes. | 7.5 |
2019-11-11 | CVE-2019-18854 | 10Up | Uncontrolled Recursion vulnerability in 10Up Safe SVG A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '<use ... | 7.5 |
2019-11-11 | CVE-2019-18836 | Envoyproxy Istio | Infinite Loop vulnerability in multiple products Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection being able to keep a worker thread in an infinite busy loop when continue_on_listener_filters_timeout is used." | 7.5 |
2019-11-13 | CVE-2019-2213 | Use After Free vulnerability in Google Android In binder_free_transaction of binder.c, there is a possible use-after-free due to a race condition. | 7.4 | |
2019-11-11 | CVE-2019-18841 | Chartkick | Unspecified vulnerability in Chartkick Chartkick.Js Chartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem before 3.3.0 for Ruby, allows prototype pollution. | 7.3 |
2019-11-17 | CVE-2019-19041 | Xorur | OS Command Injection vulnerability in Xorur Lpar2Rrd and Stor2Rrd An issue was discovered in Xorux Lpar2RRD 6.11 and Stor2RRD 2.61, as distributed in Xorux 2.41. | 7.2 |
2019-11-14 | CVE-2019-18647 | Untangle | Command Injection vulnerability in Untangle NG Firewall 14.2.0 The Untangle NG firewall 14.2.0 is vulnerable to an authenticated command injection when logged in as an admin user. | 7.2 |
2019-11-14 | CVE-2019-18646 | Untangle | SQL Injection vulnerability in Untangle NG Firewall 14.2.0 The Untangle NG firewall 14.2.0 is vulnerable to authenticated inline-query SQL injection within the timeDataDynamicColumn parameter when logged in as an admin user. | 7.2 |
2019-11-14 | CVE-2019-11173 | Intel | Unspecified vulnerability in Intel Baseboard Management Controller Firmware 2.09 Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via local access. | 7.1 |
2019-11-14 | CVE-2019-11155 | Intel | Incorrect Permission Assignment for Critical Resource vulnerability in Intel Proset/Wireless Wifi Improper directory permissions in Intel(R) PROSet/Wireless WiFi Software before version 21.40 may allow an authenticated user to potentially enable denial of service and information disclosure via local access. | 7.1 |
2019-11-14 | CVE-2019-11154 | Intel | Incorrect Permission Assignment for Critical Resource vulnerability in Intel Proset/Wireless Wifi Improper directory permissions in Intel(R) PROSet/Wireless WiFi Software before version 21.40 may allow an authenticated user to potentially enable denial of service and information disclosure via local access. | 7.1 |
2019-11-13 | CVE-2019-0396 | SAP | Improper Input Validation vulnerability in SAP Businessobjects Business Intelligence Platform 4.0/4.1 SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), corrected in versions 4.1 and 4.2, does not sufficiently validate an XML document accepted from an untrusted source. | 7.1 |
2019-11-12 | CVE-2019-4652 | IBM | Incorrect Default Permissions vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure file permissions on restored files and directories in Windows which could allow a local user to obtain sensitive information or perform unauthorized actions. | 7.1 |
2019-11-12 | CVE-2019-1416 | Microsoft | Race Condition vulnerability in Microsoft products An elevation of privilege vulnerability exists due to a race condition in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'. | 7.0 |
221 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2019-11-13 | CVE-2019-2233 | Unspecified vulnerability in Google Android 10.0 In getUserCount and getCount of UserSwitcherController.java, there is possible new user creation due to a logic error. | 6.8 | |
2019-11-12 | CVE-2019-1310 | Microsoft | Improper Input Validation vulnerability in Microsoft products A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. | 6.8 |
2019-11-12 | CVE-2019-1309 | Microsoft | Improper Input Validation vulnerability in Microsoft products A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. | 6.8 |
2019-11-12 | CVE-2019-0712 | Microsoft | Improper Input Validation vulnerability in Microsoft products A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. | 6.8 |
2019-11-15 | CVE-2019-12758 | Symantec | Uncontrolled Search Path Element vulnerability in Symantec Endpoint Protection Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to an unsigned code execution vulnerability, which may allow an individual to execute code without a resident proper digital signature. | 6.7 |
2019-11-15 | CVE-2011-2910 | Linux Ax25 Debian | Improper Privilege Management vulnerability in multiple products The AX.25 daemon (ax25d) in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. | 6.7 |
2019-11-14 | CVE-2019-0152 | Intel | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel products Insufficient memory protection in System Management Mode (SMM) and Intel(R) TXT for certain Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
2019-11-14 | CVE-2019-0151 | Intel | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel products Insufficient memory protection in Intel(R) TXT for certain Intel(R) Core Processors and Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
2019-11-14 | CVE-2019-0139 | Intel | Unspecified vulnerability in Intel products Insufficient access control in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow a privileged user to potentially enable an escalation of privilege, denial of service, or information disclosure via local access. | 6.7 |
2019-11-14 | CVE-2019-11136 | Intel HPE | Insufficient access control in system firmware for Intel(R) Xeon(R) Scalable Processors, 2nd Generation Intel(R) Xeon(R) Scalable Processors and Intel(R) Xeon(R) Processors D Family may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. | 6.7 |
2019-11-13 | CVE-2019-9467 | Command Injection vulnerability in Google Android In the Bootloader, there is a possible kernel command injection due to missing command sanitization. | 6.7 | |
2019-11-13 | CVE-2019-2199 | Unspecified vulnerability in Google Android 10.0 In createSessionInternal of PackageInstallerService.java, there is a possible permissions bypass. | 6.7 | |
2019-11-13 | CVE-2019-3648 | Mcafee | Untrusted Search Path vulnerability in Mcafee products A Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0.R22 and earlier allows administrators to execute arbitrary code via carefully placing malicious files in specific locations protected by administrator permission. | 6.7 |
2019-11-15 | CVE-2019-6662 | F5 | Information Exposure Through Log Files vulnerability in F5 products On BIG-IP 13.1.0-13.1.1.4, sensitive information is logged into the local log files and/or remote logging targets when restjavad processes an invalid request. | 6.5 |
2019-11-14 | CVE-2019-18651 | 3Xlogic | Cross-Site Request Forgery (CSRF) vulnerability in 3Xlogic Infinias Access Control Firmware 6.6.9586.0 A cross-site request forgery (CSRF) vulnerability in 3xLogic Infinias Access Control through 6.6.9586.0 allows remote attackers to execute malicious and unauthorized actions (e.g., delete application users) by sending a crafted HTML document or encoded URL to a user that the website trusts. | 6.5 |
2019-11-14 | CVE-2018-12207 | Intel Debian Opensuse Fedoraproject Canonical F5 Redhat Oracle | Improper Input Validation vulnerability in multiple products Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. | 6.5 |
2019-11-14 | CVE-2019-11135 | Opensuse Fedoraproject Slackware HP Intel Canonical Debian Redhat Oracle | TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. | 6.5 |
2019-11-14 | CVE-2019-0144 | Intel | Improper Handling of Exceptional Conditions vulnerability in Intel products Unhandled exception in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow an authenticated user to potentially enable a denial of service via local access. | 6.5 |
2019-11-14 | CVE-2019-11179 | Intel | Improper Input Validation vulnerability in Intel Baseboard Management Controller Firmware 2.09 Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an authenticated user to potentially enable information disclosure via network access. | 6.5 |
2019-11-14 | CVE-2019-3662 | Mcafee | Path Traversal vulnerability in Mcafee Advanced Threat Defense Path Traversal: '/absolute/pathname/here' vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to gain unintended access to files on the system via carefully constructed HTTP requests. | 6.5 |
2019-11-14 | CVE-2019-3640 | Mcafee | Cleartext Transmission of Sensitive Information vulnerability in Mcafee Data Loss Prevention Unprotected Transport of Credentials in ePO extension in McAfee Data Loss Prevention 11.x prior to 11.4.0 allows remote attackers with access to the network to collect login details to the LDAP server via the ePO extension not using a secure connection when testing LDAP connectivity. | 6.5 |
2019-11-13 | CVE-2019-3650 | Mcafee | Unspecified vulnerability in Mcafee Advanced Threat Defense Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to the atduser credentials via carefully constructed GET request extracting insecurely information stored in the database. | 6.5 |
2019-11-13 | CVE-2019-3649 | Mcafee | Information Exposure Through Log Files vulnerability in Mcafee Advanced Threat Defense Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attackers to gain access to hashed credentials via carefully constructed POST request extracting incorrectly recorded data from log files. | 6.5 |
2019-11-13 | CVE-2019-3420 | ZTE | Unspecified vulnerability in ZTE Zxhn H108N Firmware 2.5.0Eg1T5Ted All versions up to V2.5.0_EG1T5_TED of ZTE ZXHN H108N product are impacted by an information leak vulnerability. | 6.5 |
2019-11-13 | CVE-2019-0385 | SAP | Cross-site Scripting vulnerability in SAP Enable NOW 10/1902 SAP Enable Now, before version 1908, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.5 |
2019-11-13 | CVE-2013-3516 | Netgear | Cross-Site Request Forgery (CSRF) vulnerability in Netgear Wnr3500L Firmware and Wnr3500U Firmware NETGEAR WNR3500U and WNR3500L routers uses form tokens abased solely on router's current date and time, which allows attackers to guess the CSRF tokens. | 6.5 |
2019-11-13 | CVE-2010-4653 | Freedesktop Debian | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts. | 6.5 |
2019-11-13 | CVE-2019-16949 | Enghouse | Improper Input Validation vulnerability in Enghouse web Chat 6.1.300.31/6.2.284.34 An issue was discovered in Enghouse Web Chat 6.1.300.31 and 6.2.284.34. | 6.5 |
2019-11-13 | CVE-2019-5293 | Huawei | Memory Leak vulnerability in Huawei products Some Huawei products have a memory leak vulnerability when handling some messages. | 6.5 |
2019-11-13 | CVE-2012-4385 | Trilexnet Debian | Cross-Site Request Forgery (CSRF) vulnerability in multiple products letodms 3.3.6 has CSRF via change password | 6.5 |
2019-11-12 | CVE-2011-1803 | Double Free vulnerability in Google Blink An issue exists in third_party/WebKit/Source/WebCore/svg/animation/SVGSMILElement.h in WebKit in Google Chrome before Blink M11 and M12 when trying to access a removed smil element. | 6.5 | |
2019-11-12 | CVE-2011-1802 | NULL Pointer Dereference vulnerability in Google Blink WebKit in Google Chrome before Blink M11 and M12 does not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption). | 6.5 | |
2019-11-12 | CVE-2019-5695 | Nvidia | Uncontrolled Search Path Element vulnerability in Nvidia Geforce Experience and GPU Driver NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution. | 6.5 |
2019-11-12 | CVE-2011-2334 | Use After Free vulnerability in Google Blink M11 Use after free vulnerability exists in WebKit in Google Chrome before Blink M12 in RenderLayerwhen removing elements with reflections. | 6.5 | |
2019-11-12 | CVE-2010-3299 | Rubyonrails Debian | Missing Encryption of Sensitive Data vulnerability in multiple products The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks. | 6.5 |
2019-11-12 | CVE-2010-3439 | COR Entertainment Debian Fedoraproject | Improper Input Validation vulnerability in multiple products It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command. | 6.5 |
2019-11-12 | CVE-2019-1443 | Microsoft | Unrestricted Upload of File with Dangerous Type vulnerability in Microsoft products An information disclosure vulnerability exists in Microsoft SharePoint when an attacker uploads a specially crafted file to the SharePoint Server.An authenticated attacker who successfully exploited this vulnerability could potentially leverage SharePoint functionality to obtain SMB hashes.The security update addresses the vulnerability by correcting how SharePoint checks file content., aka 'Microsoft SharePoint Information Disclosure Vulnerability'. | 6.5 |
2019-11-12 | CVE-2019-1439 | Microsoft | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. | 6.5 |
2019-11-12 | CVE-2019-1432 | Microsoft | Out-of-bounds Read vulnerability in Microsoft products An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. | 6.5 |
2019-11-12 | CVE-2019-1425 | Microsoft | Link Following vulnerability in Microsoft Visual Studio 2017 and Visual Studio 2019 An elevation of privilege vulnerability exists when Visual Studio fails to properly validate hardlinks while extracting archived files, aka 'Visual Studio Elevation of Privilege Vulnerability'. | 6.5 |
2019-11-12 | CVE-2019-1411 | Microsoft | Out-of-bounds Read vulnerability in Microsoft products An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. | 6.5 |
2019-11-12 | CVE-2019-15815 | Zyxel | Authorization Bypass Through User-Controlled Key vulnerability in Zyxel 2.00(Abbx.3) ZyXEL P-1302-T10D v3 devices with firmware version 2.00(ABBX.3) and earlier do not properly enforce access control and could allow an unauthorized user to access certain pages that require admin privileges. | 6.5 |
2019-11-12 | CVE-2014-3599 | Redhat | XXE vulnerability in Redhat Hornetq HornetQ REST is vulnerable to XML External Entity due to insecure configuration of RestEasy | 6.5 |
2019-11-11 | CVE-2019-18853 | Imagemagick | Uncontrolled Recursion vulnerability in Imagemagick ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2. | 6.5 |
2019-11-12 | CVE-2019-6172 | Lenovo | Unspecified vulnerability in Lenovo products A potential vulnerability in the SMI callback function used in Legacy USB driver using passed parameter without sufficient checking in some Lenovo ThinkPad models may allow arbitrary code execution. | 6.4 |
2019-11-12 | CVE-2019-6170 | Lenovo | Unspecified vulnerability in Lenovo products A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution. | 6.4 |
2019-11-13 | CVE-2019-0386 | SAP | Missing Authorization vulnerability in SAP ERP Sales and S4Hana Sales Order processing in SAP ERP Sales (corrected in SAP_APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18) and S4HANA Sales (corrected in S4CORE 1.0, 1.01, 1.02, 1.03, 1.04) does not execute the required authorization checks for an authenticated user, which can result in an escalation of privileges. | 6.3 |
2019-11-13 | CVE-2019-5246 | Huawei | Insufficient Verification of Data Authenticity vulnerability in Huawei Elle-Al00B Firmware Smartphones with software of ELLE-AL00B 9.1.0.109(C00E106R1P21), 9.1.0.113(C00E110R1P21), 9.1.0.125(C00E120R1P21), 9.1.0.135(C00E130R1P21), 9.1.0.153(C00E150R1P21), 9.1.0.155(C00E150R1P21), 9.1.0.162(C00E160R2P1) have an insufficient verification vulnerability. | 6.2 |
2019-11-12 | CVE-2019-5229 | Huawei | Insufficient Verification of Data Authenticity vulnerability in Huawei P30 Firmware P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an insufficient verification vulnerability. | 6.2 |
2019-11-12 | CVE-2019-1399 | Microsoft | Improper Input Validation vulnerability in Microsoft products A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. | 6.2 |
2019-11-17 | CVE-2019-19040 | Kairosdb Project | Cross-site Scripting vulnerability in Kairosdb Project Kairosdb KairosDB through 1.2.2 has XSS in view.html because of showErrorMessage in js/graph.js, as demonstrated by view.html?q= with a '"sampling":{"value":"<script>' substring. | 6.1 |
2019-11-15 | CVE-2019-16762 | Simpleledger | Improper Input Validation vulnerability in Simpleledger Slpjs A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slpjs npm package. | 6.1 |
2019-11-15 | CVE-2019-16761 | Simpleledger | Improper Input Validation vulnerability in Simpleledger Slp-Validate 1.0.0 A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the [email protected] npm package. | 6.1 |
2019-11-15 | CVE-2019-18982 | Pimcore | Cross-site Scripting vulnerability in Pimcore bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore before 6.3.0 allows script execution in the Email Log preview window because of the lack of a Content-Security-Policy header. | 6.1 |
2019-11-14 | CVE-2013-4106 | Cryptocat Project | Cross-site Scripting vulnerability in Cryptocat Project Cryptocat A Cross-site scripting (XSS) vulnerability exists in Conversation Overview Nickname in Cryptocat before 2.0.22. | 6.1 |
2019-11-14 | CVE-2013-4109 | Cryptocat Project | Cross-site Scripting vulnerability in Cryptocat Project Cryptocat 1.1.165 An unspecified cross-site scripting (XSS) vulnerability exists in Cryptocat Message Handling 1.1.165. | 6.1 |
2019-11-14 | CVE-2019-18957 | Microstrategy | Cross-site Scripting vulnerability in Microstrategy Library Microstrategy Library in MicroStrategy before 2019 before 11.1.3 has reflected XSS. | 6.1 |
2019-11-14 | CVE-2011-0544 | Phpbb Debian | Cross-site Scripting vulnerability in multiple products phpbb 3.0.x-3.0.6 has an XSS vulnerability via the [flash] BB tag. | 6.1 |
2019-11-13 | CVE-2019-18923 | GO Camo Project | Cross-site Scripting vulnerability in Go-Camo Project Go-Camo Insufficient content type validation of proxied resources in go-camo before 2.1.1 allows a remote attacker to serve arbitrary content from go-camo's origin. | 6.1 |
2019-11-13 | CVE-2013-3097 | Actiontec | Cross-site Scripting vulnerability in Actiontec Mi424Wr-Gen3I Firmware Unspecified Cross-site scripting (XSS) vulnerability in the Verizon FIOS Actiontec MI424WR-GEN3I router. | 6.1 |
2019-11-13 | CVE-2019-17550 | Adenion | Cross-site Scripting vulnerability in Adenion Blog2Social The Blog2Social plugin before 5.9.0 for WordPress is affected by: Cross Site Scripting (XSS). | 6.1 |
2019-11-13 | CVE-2019-17515 | Cleantalk | Cross-site Scripting vulnerability in Cleantalk Spam Protection, Antispam, Firewall The CleanTalk cleantalk-spam-protect plugin before 5.127.4 for WordPress is affected by: Cross Site Scripting (XSS). | 6.1 |
2019-11-13 | CVE-2012-5193 | Bitweaver | Cross-site Scripting vulnerability in Bitweaver 2.8.1 Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) stats/index.php or (2) newsletters/edition.php or the (3) username parameter to users/remind_password.php, (4) days parameter to stats/index.php, (5) login parameter to users/register.php, or (6) highlight parameter. | 6.1 |
2019-11-13 | CVE-2019-18883 | Lavalite | Cross-site Scripting vulnerability in Lavalite 5.7.0 XSS exists in Lavalite CMS 5.7 via the admin/profile name or designation field. | 6.1 |
2019-11-13 | CVE-2019-18793 | Parallels | Cross-site Scripting vulnerability in Parallels Plesk Panel 9.5 Parallels Plesk Panel 9.5 allows XSS in target/locales/tr-TR/help/index.htm? via the "fileName" parameter. | 6.1 |
2019-11-13 | CVE-2019-16950 | Enghouse | Cross-site Scripting vulnerability in Enghouse web Chat 6.1.300.31/6.2.284.34 An XSS issue was discovered in Enghouse Web Chat 6.1.300.31 and 6.2.284.34. | 6.1 |
2019-11-13 | CVE-2014-3592 | Redhat | Cross-site Scripting vulnerability in Redhat Openshift Origin OpenShift Origin: Improperly validated team names could allow stored XSS attacks | 6.1 |
2019-11-13 | CVE-2012-4384 | Trilexnet Debian | Cross-site Scripting vulnerability in multiple products letodms has multiple XSS issues: Reflected XSS in Login Page, Stored XSS in Document Owner/User name, Stored XSS in Calendar | 6.1 |
2019-11-12 | CVE-2010-3857 | Redhat | Cross-site Scripting vulnerability in Redhat Jboss Business Rules Management System JBoss BRMS before 5.1.0 has a XSS vulnerability via asset=UUID parameter. | 6.1 |
2019-11-12 | CVE-2019-18926 | Systematicinc | Cross-site Scripting vulnerability in Systematicinc Iris Standards Management 2.1 Systematic IRIS Standards Management (ISM) v2.1 SP1 89 is vulnerable to unauthenticated reflected Cross Site Scripting (XSS). | 6.1 |
2019-11-12 | CVE-2019-17236 | Getigniteup | Cross-site Scripting vulnerability in Getigniteup Igniteup includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress is vulnerable to stored XSS. | 6.1 |
2019-11-12 | CVE-2011-3370 | Status | Cross-site Scripting vulnerability in Status Statusnet 0.9.6/1.0.0 statusnet before 0.9.9 has XSS | 6.1 |
2019-11-12 | CVE-2011-2935 | Elgg | Cross-site Scripting vulnerability in Elgg Elgg through 1.7.10 has XSS | 6.1 |
2019-11-12 | CVE-2019-18882 | Wso2 | Cross-site Scripting vulnerability in Wso2 Identity Server 5.7.0 WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled. | 6.1 |
2019-11-12 | CVE-2019-18881 | Wso2 | Cross-site Scripting vulnerability in Wso2 Identity Server 5.7.0 WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile. | 6.1 |
2019-11-14 | CVE-2019-11139 | Debian Opensuse Intel | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access. | 6.0 |
2019-11-15 | CVE-2013-4584 | Horms Debian | Improper Handling of Exceptional Conditions vulnerability in multiple products Perdition before 2.2 may have weak security when handling outbound connections, caused by an error in the STARTTLS IMAP and POP server. | 5.9 |
2019-11-14 | CVE-2019-15802 | Zyxel | Use of Hard-coded Credentials vulnerability in Zyxel products An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. | 5.9 |
2019-11-14 | CVE-2019-16863 | ST | Information Exposure Through Discrepancy vulnerability in ST products STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL. | 5.9 |
2019-11-13 | CVE-2019-13555 | Mitsubishielectric | Resource Exhaustion vulnerability in Mitsubishielectric products In Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial number 21081 and prior, Q04/06/13/26UDPVCPU: serial number 21081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 21081 and prior, MELSEC-L Series L02/06/26CPU, L26CPU-BT: serial number 21101 and prior, L02/06/26CPU-P, L26CPU-PBT: serial number 21101 and prior, and L02/06/26CPU-CM, L26CPU-BT-CM: serial number 21101 and prior, a remote attacker can cause the FTP service to enter a denial-of-service condition dependent on the timing at which a remote attacker connects to the FTP server on the above CPU modules. | 5.9 |
2019-11-13 | CVE-2010-4532 | Debian Offlineimap | Improper Certificate Validation vulnerability in multiple products offlineimap before 6.3.2 does not check for SSL server certificate validation when "ssl = yes" option is specified which can allow man-in-the-middle attacks. | 5.9 |
2019-11-13 | CVE-2014-8167 | Redhat | Improper Certificate Validation vulnerability in Redhat products vdsm and vdsclient does not validate certficate hostname from another vdsm which could facilitate a man-in-the-middle attack | 5.9 |
2019-11-17 | CVE-2019-19035 | Jhead Project | Out-of-bounds Read vulnerability in Jhead Project Jhead 3.03 jhead 3.03 is affected by: heap-based buffer over-read. | 5.5 |
2019-11-15 | CVE-2019-6663 | F5 | Improper Input Validation vulnerability in F5 products The BIG-IP 15.0.0-15.0.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5.1, BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1 configuration utility is vulnerable to Anti DNS Pinning (DNS Rebinding) attack. | 5.5 |
2019-11-15 | CVE-2011-2916 | Qtnx Project | Cleartext Storage of Sensitive Information vulnerability in Qtnx Project Qtnx 0.9 qtnx 0.9 stores non-custom SSH keys in a world-readable configuration file. | 5.5 |
2019-11-14 | CVE-2019-14591 | Intel Netapp | Improper Input Validation vulnerability in multiple products Improper input validation in the API for Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable denial of service via local access. | 5.5 |
2019-11-14 | CVE-2019-14590 | Intel Netapp | Improper Privilege Management vulnerability in multiple products Improper access control in the API for the Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
2019-11-14 | CVE-2019-14574 | Intel Netapp | Out-of-bounds Read vulnerability in multiple products Out of bounds read in a subsystem for Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable denial of service via local access. | 5.5 |
2019-11-14 | CVE-2019-11089 | Intel Netapp | Improper Input Validation vulnerability in multiple products Insufficient input validation in Kernel Mode module for Intel(R) Graphics Driver before version 25.20.100.6519 may allow an authenticated user to potentially enable denial of service via local access. | 5.5 |
2019-11-14 | CVE-2019-0184 | Intel | Unspecified vulnerability in Intel products Insufficient access control in protected memory subsystem for Intel(R) TXT for 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 Families; Intel(R) Xeon(R) E-2100 and E-2200 Processor Families with Intel(R) Processor Graphics and Intel(R) TXT may allow a privileged user to potentially enable information disclosure via local access. | 5.5 |
2019-11-14 | CVE-2019-0185 | Intel | Unspecified vulnerability in Intel products Insufficient access control in protected memory subsystem for SMM for 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor families; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 families; Intel(R) Xeon(R) E-2100 and E-2200 Processor families with Intel(R) Processor Graphics may allow a privileged user to potentially enable information disclosure via local access. | 5.5 |
2019-11-14 | CVE-2019-0154 | Canonical Intel | Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may allow an authenticated user to potentially enable denial of service via local access. | 5.5 |
2019-11-14 | CVE-2019-0149 | Intel | Improper Input Validation vulnerability in Intel products Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 2.8.43 may allow an authenticated user to potentially enable a denial of service via local access. | 5.5 |
2019-11-14 | CVE-2019-0148 | Intel | Missing Release of Resource after Effective Lifetime vulnerability in Intel products Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access. | 5.5 |
2019-11-14 | CVE-2019-0147 | Intel | Improper Input Validation vulnerability in Intel products Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access. | 5.5 |
2019-11-14 | CVE-2019-0146 | Intel | Missing Release of Resource after Effective Lifetime vulnerability in Intel products Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 2.8.43 may allow an authenticated user to potentially enable a denial of service via local access. | 5.5 |
2019-11-14 | CVE-2019-0143 | Intel | Improper Handling of Exceptional Conditions vulnerability in Intel products Unhandled exception in Kernel-mode drivers for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access. | 5.5 |
2019-11-14 | CVE-2019-15743 | Sony | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Sony Xperia Touch Firmware The Sony Xperia Touch Android device with a build fingerprint of Sony/blanc_windy/blanc_windy:7.0/LOIRE-SMART-BLANC-1.0.0-170530-0834/1:user/dev-keys contains a pre-installed app with a package name of com.sonymobile.android.maintenancetool.testmic app (versionCode=24, versionName=7.0) that allows unauthorized microphone audio recording via a confused deputy attack. | 5.5 |
2019-11-14 | CVE-2019-15475 | MI | Externally Controlled Reference to a Resource in Another Sphere vulnerability in MI A3 Firmware The Xiaomi Mi A3 Android device with a build fingerprint of xiaomi/onc_eea/onc:9/PKQ1.181021.001/V10.2.8.0.PFLEUXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. | 5.5 |
2019-11-14 | CVE-2019-15474 | MI | Externally Controlled Reference to a Resource in Another Sphere vulnerability in MI Cepheus Firmware The Xiaomi Cepheus Android device with a build fingerprint of Xiaomi/cepheus/cepheus:9/PKQ1.181121.001/V10.2.6.0.PFAMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. | 5.5 |
2019-11-14 | CVE-2019-15473 | MI | Externally Controlled Reference to a Resource in Another Sphere vulnerability in MI A2 Lite Firmware The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/jasmine/jasmine_sprout:9/PKQ1.180904.001/V10.0.2.0.PDIMIFJ:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. | 5.5 |
2019-11-14 | CVE-2019-15472 | MI | Externally Controlled Reference to a Resource in Another Sphere vulnerability in MI A2 Lite Firmware The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/daisy/daisy_sprout:9/PKQ1.180917.001/V10.0.3.0.PDLMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. | 5.5 |
2019-11-14 | CVE-2019-15471 | MI | Unspecified vulnerability in MI MIX 2S Firmware The Xiaomi Mi Mix 2S Android device with a build fingerprint of Xiaomi/polaris/polaris:8.0.0/OPR1.170623.032/V9.5.19.0.ODGMIFA:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=27, versionName=8.1.0) that allows other pre-installed apps to perform microphone audio recording via an accessible app component. | 5.5 |
2019-11-14 | CVE-2019-15470 | MI | Unspecified vulnerability in MI Redmi Note 6 PRO Firmware The Xiaomi Redmi Note 6 Pro Android device with a build fingerprint of xiaomi/tulip/tulip:8.1.0/OPM1.171019.011/V10.2.2.0.OEKMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=27, versionName=8.1.0) that allows other pre-installed apps to perform microphone audio recording via an accessible app component. | 5.5 |
2019-11-14 | CVE-2019-15469 | MI | Unspecified vulnerability in MI PAD 4 Firmware The Xiaomi Mi Pad 4 Android device with a build fingerprint of Xiaomi/clover/clover:8.1.0/OPM1.171019.019/V9.6.26.0.ODJCNFD:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=27, versionName=8.1.0) that allows other pre-installed apps to perform microphone audio recording via an accessible app component. | 5.5 |
2019-11-14 | CVE-2019-15468 | MI | Externally Controlled Reference to a Resource in Another Sphere vulnerability in MI A2 Lite Firmware The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/daisy/daisy_sprout:9/PKQ1.180917.001/V10.0.3.0.PDLMIXM:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=QL1715_201812071953) that allows unauthorized wireless settings modification via a confused deputy attack. | 5.5 |
2019-11-14 | CVE-2019-15431 | Evercoss | Unspecified vulnerability in Evercoss U50A MAX Firmware The Evercoss U50A Android device with a build fingerprint of EVERCOSS/U50A./EVERCOSS:7.0/NRD90M/1499911028:eng/test-keys contains a pre-installed app with a package name of com.qiku.cleaner app (versionCode=2, versionName=2.0_VER_2017.04.21_17:55:55) that allows other pre-installed apps to perform system properties modification via an accessible app component. | 5.5 |
2019-11-14 | CVE-2019-15430 | Bluboo D3 PRO Project | Unspecified vulnerability in Bluboo D3 PRO Project Bluboo D3 PRO Firmware The Bluboo D3 Pro Android device with a build fingerprint of BLUBOO/Bluboo_D2_Pro/Bluboo_D2_Pro:7.0/NRD90M/1510370501:user/release-keys contains a pre-installed app with a package name of com.qiku.cleaner app (versionCode=2, versionName=2.0.0_VER_32516508295515) that allows other pre-installed apps to perform system properties modification via an accessible app component. | 5.5 |
2019-11-14 | CVE-2019-15392 | Asus | Unspecified vulnerability in Asus Zenfone 4 Selfie Firmware The Asus ZenFone 4 Selfie Android device with a build fingerprint of Android/sdm660_64/sdm660_64:8.1.0/OPM1/14.2016.1802.247-20180419:user/release-keys contains a pre-installed app with a package name of com.log.logservice app (versionCode=1, versionName=1) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 5.5 |
2019-11-14 | CVE-2019-15391 | Asus | Unspecified vulnerability in Asus Zenfone 4 Selfie Firmware The Asus ZenFone 4 Selfie Android device with a build fingerprint of asus/WW_Phone/ASUS_X00LD_1:8.1.0/OPM1.171019.011/15.0400.1809.405-0:user/release-keys contains a pre-installed app with a package name of com.log.logservice app (versionCode=1, versionName=1) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 5.5 |
2019-11-14 | CVE-2019-15390 | Haier G8 Project | Unspecified vulnerability in Haier G8 Project Haier G8 Firmware The Haier G8 Android device with a build fingerprint of Haier/HM-G559-FL/G8:8.1.0/O11019/1522294799:user/release-keys contains a pre-installed app with a package name of com.qiku.service.container app (versionCode=5, versionName=1.03.00_VER_32525983298984) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 5.5 |
2019-11-14 | CVE-2019-15386 | Lavamobiles | Missing Authorization vulnerability in Lavamobiles Z60S Firmware The Lava Z60s Android device with a build fingerprint of LAVA/Z60s/Z60s:8.1.0/O11019/1530331229:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 5.5 |
2019-11-14 | CVE-2019-15385 | Infinixmobility | Unspecified vulnerability in Infinixmobility Note 5 Firmware The Infinix Note 5 Android device with a build fingerprint of Infinix/H633B/Infinix-X604_sprout:8.1.0/O11019/L-IN-180206V64:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 5.5 |
2019-11-14 | CVE-2019-15384 | Elephone | Unspecified vulnerability in Elephone A4 Firmware The Elephone A4 Android device with a build fingerprint of Elephone/A4/A4:8.1.0/O11019/20180530.143559:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 5.5 |
2019-11-14 | CVE-2019-15383 | Allviewmobile | Unspecified vulnerability in Allviewmobile Soul X5 Firmware The Allview X5 Android device with a build fingerprint of ALLVIEW/X5_Soul_Mini/X5_Soul_Mini:8.1.0/O11019/1522468763:userdebug/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 5.5 |
2019-11-14 | CVE-2019-15382 | Cubot | Unspecified vulnerability in Cubot Nova Firmware The Cubot Nova Android device with a build fingerprint of CUBOT/CUBOT_NOVA/CUBOT_NOVA:8.1.0/O11019/1527060122:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 5.5 |
2019-11-14 | CVE-2019-15381 | BQ | Unspecified vulnerability in BQ 5515L Firmware The BQ 5515L Android device with a build fingerprint of BQru/BQru-5515L/BQru-5515L:8.1.0/O11019/20180409.195525:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 5.5 |
2019-11-14 | CVE-2019-15380 | FLY Phone | Unspecified vulnerability in Fly-Phone Photo PRO Firmware The Fly Photo Pro Android device with a build fingerprint of Fly/PhotoPro/Photo_Pro:8.1.0/O11019/1528117003:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 5.5 |
2019-11-14 | CVE-2019-15379 | Waltonbd | Unspecified vulnerability in Waltonbd Primo G3 Firmware The Walton Primo G3 Android device with a build fingerprint of WALTON/Primo_GM3/Primo_GM3:8.1.0/O11019/1522737198:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 5.5 |
2019-11-14 | CVE-2019-15378 | Panasonic | Unspecified vulnerability in Panasonic Eluga RAY 600 Firmware The Panasonic Eluga Ray 600 Android device with a build fingerprint of Panasonic/ELUGA_Ray_600/ELUGA_Ray_600:8.1.0/O11019/1532692680:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 5.5 |
2019-11-14 | CVE-2019-15377 | Cherrymobile | Unspecified vulnerability in Cherrymobile Flare S7 Firmware The Cherry Flare S7 Android device with a build fingerprint of Cherry_Mobile/Flare_S7_Deluxe/Flare_S7_Deluxe:8.1.0/O11019/1533920920:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 5.5 |
2019-11-14 | CVE-2019-15376 | Panasonic | Unspecified vulnerability in Panasonic Eluga RAY 530 Firmware The Panasonic Eluga Ray 530 Android device with a build fingerprint of Panasonic/ELUGA_Ray_530/ELUGA_Ray_530:8.1.0/O11019/1531828974:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 5.5 |
2019-11-14 | CVE-2019-15375 | Haier | Unspecified vulnerability in Haier G8 Firmware The Haier G8 Android device with a build fingerprint of Haier/HM-G559-FL/G8:8.1.0/O11019/1522294799:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 5.5 |
2019-11-14 | CVE-2019-15374 | Lavamobiles | Unspecified vulnerability in Lavamobiles Iris 88 Lite Firmware The Lava Iris 88 Lite Android device with a build fingerprint of LAVA/iris88_lite/iris88_lite:8.1.0/O11019/1536323070:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 5.5 |
2019-11-14 | CVE-2019-15373 | Symphony Mobile | Unspecified vulnerability in Symphony-Mobile I95 Lite Firmware The Symphony i95 Lite Android device with a build fingerprint of LAVA/iris88_lite/iris88_lite:8.1.0/O11019/1536323070:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 5.5 |
2019-11-14 | CVE-2019-15372 | Hisense | Unspecified vulnerability in Hisense Infinity F17 Firmware The Hisense F17 Android device with a build fingerprint of Hisense/F17_4G/HS6739MT:8.1.0/O11019/Hisense_F17_4G_00_S01:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 5.5 |
2019-11-14 | CVE-2019-15371 | Symphony Mobile | Unspecified vulnerability in Symphony-Mobile G100 Firmware The Symphony G100 Android device with a build fingerprint of Symphony/G100/G100:8.1.0/O11019/1530618779:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 5.5 |
2019-11-14 | CVE-2019-15370 | Haier G8 Project | Unspecified vulnerability in Haier G8 Project Haier G8 Firmware The Haier G8 Android device with a build fingerprint of Haier/HM-G559-FL/G8:8.1.0/O11019/1526527761:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 5.5 |
2019-11-14 | CVE-2019-15369 | Lavamobiles | Unspecified vulnerability in Lavamobiles Z61 Turbo Firmware The Lava Z61 Turbo Android device with a build fingerprint of LAVA/Z61_Turbo/Z61_Turbo:8.1.0/O11019/1536917928:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 5.5 |
2019-11-14 | CVE-2019-15368 | Coolpad | Unspecified vulnerability in Coolpad Mega 5 Firmware The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 5.5 |
2019-11-14 | CVE-2019-15367 | Haier | Unspecified vulnerability in Haier P10 Firmware The Haier P10 Android device with a build fingerprint of Haier/P10/P10:8.1.0/O11019/1532662449:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 5.5 |
2019-11-14 | CVE-2019-15366 | Infinixmobility | Unspecified vulnerability in Infinixmobility Note 5 Firmware The Infinix Note 5 Android device with a build fingerprint of Infinix/H633IJL/Infinix-X604_sprout:8.1.0/O11019/IJL-180531V181:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 5.5 |
2019-11-14 | CVE-2019-15365 | Lavamobiles | Unspecified vulnerability in Lavamobiles Z92 Firmware The Lava Z92 Android device with a build fingerprint of LAVA/Z92/Z92:8.1.0/O11019/1535088037:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 5.5 |
2019-11-14 | CVE-2019-15364 | Dexp | Unspecified vulnerability in Dexp Bl250 Firmware The Dexp BL250 Android device with a build fingerprint of DEXP/BL250/BL250:8.1.0/O11019/1530858027:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 5.5 |
2019-11-14 | CVE-2019-15363 | Leagoo | Unspecified vulnerability in Leagoo Power 5 Firmware The Leagoo Power 5 Android device with a build fingerprint of LEAGOO/Power_5/Power_5:8.1.0/O11019/1532686195:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 5.5 |
2019-11-14 | CVE-2019-15362 | Lavamobiles | Unspecified vulnerability in Lavamobiles Iris 88 Firmware The Lava Iris 88 Go Android device with a build fingerprint of LAVA/iris88_go/iris88_go:8.1.0/O11019/1538188945:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 5.5 |
2019-11-14 | CVE-2019-15361 | Infinixmobility | Unspecified vulnerability in Infinixmobility Note 5 Firmware The Infinix Note 5 Android device with a build fingerprint of Infinix/H632C/Infinix-X605_sprout:8.1.0/O11019/CE-180914V59:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 5.5 |
2019-11-14 | CVE-2019-15360 | Hisense | Unspecified vulnerability in Hisense Infinity U965 Firmware The Hisense U965 Android device with a build fingerprint of Hisense/U965_4G_10/HS6739MT:8.1.0/O11019/Hisense_U965_4G_10_S01:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 5.5 |
2019-11-14 | CVE-2019-15359 | Haier | Unspecified vulnerability in Haier A6 Firmware The Haier A6 Android device with a build fingerprint of Haier/A6/A6:8.1.0/O11019/1534219877:userdebug/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 5.5 |
2019-11-14 | CVE-2019-15358 | Dexp | Unspecified vulnerability in Dexp Z250 Firmware The Dexp Z250 Android device with a build fingerprint of DEXP/Z250/Z250:8.1.0/O11019/1531130719:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 5.5 |
2019-11-14 | CVE-2019-15357 | Advandigital | Unspecified vulnerability in Advandigital I6A Firmware The Advan i6A Android device with a build fingerprint of ADVAN/i6A/i6A:8.1.0/O11019/1523602705:userdebug/test-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 5.5 |
2019-11-14 | CVE-2019-15356 | Lavamobiles | Unspecified vulnerability in Lavamobiles Flair Z1 Firmware The Lava Flair Z1 Android device with a build fingerprint of LAVA/Z1/Z1:8.1.0/O11019/1536680131:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 5.5 |
2019-11-14 | CVE-2019-15355 | Tecno Mobile | Unspecified vulnerability in Tecno-Mobile Camon Iclick Firmware The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 5.5 |
2019-11-14 | CVE-2019-15354 | Ulefone | Unspecified vulnerability in Ulefone Armor 5 Firmware The Ulefone Armor 5 Android device with a build fingerprint of Ulefone/Ulefone_Armor_5/Ulefone_Armor_5:8.1.0/O11019/1528806701:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 5.5 |
2019-11-14 | CVE-2019-15353 | Coolpad | Unspecified vulnerability in Coolpad N3C Firmware The Coolpad N3C Android device with a build fingerprint of Coolpad/N3C/N3C:8.1.0/O11019/1538236809:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 5.5 |
2019-11-14 | CVE-2019-15352 | Coolpad | Unspecified vulnerability in Coolpad Mega 5 Firmware The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 5.5 |
2019-11-14 | CVE-2019-18885 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verify_dev_extents NULL pointer dereference via a crafted btrfs image because fs_devices->devices is mishandled within find_device, aka CID-09ba3bc9dd15. | 5.5 |
2019-11-14 | CVE-2011-1490 | Rsyslog Debian Opensuse | Missing Release of Resource after Effective Lifetime vulnerability in multiple products A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. | 5.5 |
2019-11-14 | CVE-2011-1489 | Rsyslog Opensuse Debian | Missing Release of Resource after Effective Lifetime vulnerability in multiple products A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. | 5.5 |
2019-11-14 | CVE-2011-1488 | Rsyslog Opensuse Debian | Missing Release of Resource after Effective Lifetime vulnerability in multiple products A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when $RepeatedMsgReduction was enabled. | 5.5 |
2019-11-13 | CVE-2010-4817 | Pithos Project Debian | Link Following vulnerability in multiple products pithos before 0.3.5 allows overwrite of arbitrary files via symlinks. | 5.5 |
2019-11-13 | CVE-2019-2212 | Out-of-bounds Read vulnerability in Google Android In poisson_distribution of random, there is an out of bounds read. | 5.5 | |
2019-11-13 | CVE-2019-2209 | Out-of-bounds Read vulnerability in Google Android In BTA_DmPinReply of bta_dm_api.cc, there is a possible out of bounds read due to an incorrect bounds check. | 5.5 | |
2019-11-13 | CVE-2019-2198 | SQL Injection vulnerability in Google Android In Download Provider, there is a possible SQL injection vulnerability. | 5.5 | |
2019-11-13 | CVE-2019-2197 | Insecure Default Initialization of Resource vulnerability in Google Android In processPhonebookAccess of CachedBluetoothDevice.java, there is a possible permission bypass due to an insecure default value. | 5.5 | |
2019-11-13 | CVE-2019-2196 | SQL Injection vulnerability in Google Android In Download Provider, there is possible SQL injection. | 5.5 | |
2019-11-13 | CVE-2019-5279 | Huawei | Unspecified vulnerability in Huawei Emily-L29C Firmware Huawei smart phones Emily-L29C with Versions earlier than 9.1.0.311(C10E2R1P13T8), Versions earlier than 9.1.0.311(C461E2R1P11T8), Versions earlier than 9.1.0.316(C635E2R1P11T8), Versions earlier than 9.1.0.311(C185E2R1P12T8), Versions earlier than 9.1.0.311(C605E2R1P12T8), Versions earlier than 9.1.0.311(C636E7R1P13T8) have an information leakage vulnerability. | 5.5 |
2019-11-13 | CVE-2019-5230 | Huawei | Improper Input Validation vulnerability in Huawei Mate RS Firmware, P20 Firmware and P20 PRO Firmware P20 Pro, P20, Mate RS smartphones with versions earlier than Charlotte-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than Emily-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than NEO-AL00D NEO-AL00 9.1.0.321(C786E320R1P1T8) have an improper validation vulnerability. | 5.5 |
2019-11-12 | CVE-2010-4177 | Oracle Fedoraproject | Cleartext Transmission of Sensitive Information vulnerability in multiple products mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+openSUSE-2.3 exposes the password of a user connected to the MySQL server in clear text form via the list of running processes. | 5.5 |
2019-11-12 | CVE-2010-3440 | Babiloo Project Debian | Download of Code Without Integrity Check vulnerability in multiple products babiloo 2.0.9 before 2.0.11 creates temporary files with predictable names when downloading and unpacking dictionary files, allowing a local attacker to overwrite arbitrary files. | 5.5 |
2019-11-12 | CVE-2010-3292 | Mailscanner | Missing Encryption of Sensitive Data vulnerability in Mailscanner 4.79.112 The update{_bad,}_phishing_sites scripts in mailscanner 4.79.11-2 downloads files and trusts them without using encryption (e.g., https) or digital signature checking which could allow an attacker to replace certain configuration files (e.g., phishing whitelist) via dns/packet spoofing. | 5.5 |
2019-11-12 | CVE-2019-1446 | Microsoft | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'. | 5.5 |
2019-11-12 | CVE-2019-1442 | Microsoft | Origin Validation Error vulnerability in Microsoft Sharepoint Server 2019 A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka 'Microsoft Office Security Feature Bypass Vulnerability'. | 5.5 |
2019-11-12 | CVE-2019-1440 | Microsoft | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. | 5.5 |
2019-11-12 | CVE-2019-1436 | Microsoft | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. | 5.5 |
2019-11-12 | CVE-2019-1412 | Microsoft | Out-of-bounds Read vulnerability in Microsoft products An information disclosure vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory, aka 'OpenType Font Driver Information Disclosure Vulnerability'. | 5.5 |
2019-11-12 | CVE-2019-1409 | Microsoft | Improper Initialization vulnerability in Microsoft products An information disclosure vulnerability exists when the Windows Remote Procedure Call (RPC) runtime improperly initializes objects in memory, aka 'Windows Remote Procedure Call Information Disclosure Vulnerability'. | 5.5 |
2019-11-12 | CVE-2019-1402 | Microsoft | Information Exposure vulnerability in Microsoft Office and Office 365 An information disclosure vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Information Disclosure Vulnerability'. | 5.5 |
2019-11-12 | CVE-2019-1391 | Microsoft | Unspecified vulnerability in Microsoft products A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. | 5.5 |
2019-11-12 | CVE-2019-1382 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when ActiveX Installer service may allow access to files without proper authentication, aka 'Microsoft ActiveX Installer Service Elevation of Privilege Vulnerability'. | 5.5 |
2019-11-12 | CVE-2019-1381 | Microsoft | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists when the Windows Servicing Stack allows access to unprivileged file locations, aka 'Microsoft Windows Information Disclosure Vulnerability'. | 5.5 |
2019-11-12 | CVE-2019-1374 | Microsoft | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory, aka 'Windows Error Reporting Information Disclosure Vulnerability'. | 5.5 |
2019-11-12 | CVE-2019-1370 | Microsoft | Information Exposure vulnerability in Microsoft Open Enclave Software Development KIT An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory, aka 'Open Enclave SDK Information Disclosure Vulnerability'. | 5.5 |
2019-11-12 | CVE-2011-5271 | Clusterlabs | Link Following vulnerability in Clusterlabs Pacemaker Pacemaker before 1.1.6 configure script creates temporary files insecurely | 5.5 |
2019-11-11 | CVE-2019-18849 | Tnef Project Fedoraproject Canonical Debian | Out-of-bounds Read vulnerability in multiple products In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup. | 5.5 |
2019-11-15 | CVE-2019-14343 | Vocabularyserver | Cross-site Scripting vulnerability in Vocabularyserver Tematres 3.0 TemaTres 3.0 has stored XSS via the value parameter to the vocab/admin.php?vocabulario_id=list URI. | 5.4 |
2019-11-13 | CVE-2019-0382 | SAP | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform A Cross-Site Scripting vulnerability exists in SAP BusinessObjects Business Intelligence Platform (Web Intelligence-Publication related pages); corrected in version 4.2. | 5.4 |
2019-11-13 | CVE-2013-4275 | ZEN Project | Cross-site Scripting vulnerability in ZEN Project ZEN Cross-site scripting (XSS) vulnerability in the zen_breadcrumb function in template.php in the Zen theme 6.x-1.x, 7.x-3.x before 7.x-3.2, and 7.x-5.x before 7.x-5.4 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via the breadcrumb separator field. | 5.4 |
2019-11-13 | CVE-2013-3517 | Netgear | Cross-site Scripting vulnerability in Netgear Wnr3500L Firmware and Wnr3500U Firmware Cross-site scripting (XSS) vulnerability in NETGEAR WNR3500U and WNR3500L. | 5.4 |
2019-11-13 | CVE-2019-17524 | Technicolor | Cross-site Scripting vulnerability in Technicolor Tc7300.B0 Firmware Stfa.51.20 An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the "Connected Clients" field to /wlanAccess.asp. | 5.4 |
2019-11-13 | CVE-2019-17523 | Technicolor | Cross-site Scripting vulnerability in Technicolor Tc7300.B0 Firmware Stfa.51.20 An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the FileName parameter to /FTPDiag.asp. | 5.4 |
2019-11-12 | CVE-2019-17332 | Tibco | Cross-site Scripting vulnerability in Tibco EBX Add-Ons The Digital Asset Manager Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. | 5.4 |
2019-11-12 | CVE-2019-17331 | Tibco | Cross-site Scripting vulnerability in Tibco EBX Add-Ons 3.20.13/4.1.0 The Data Exchange Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. | 5.4 |
2019-11-12 | CVE-2019-1447 | Microsoft | Origin Validation Error vulnerability in Microsoft Office Online Server A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. | 5.4 |
2019-11-12 | CVE-2019-1445 | Microsoft | Origin Validation Error vulnerability in Microsoft Office Online Server A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. | 5.4 |
2019-11-15 | CVE-2019-18987 | Mediawiki | Information Exposure vulnerability in Mediawiki Abusefilter An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. | 5.3 |
2019-11-14 | CVE-2019-18978 | Rack Cors Project Debian Canonical | Path Traversal vulnerability in multiple products An issue was discovered in the rack-cors (aka Rack CORS Middleware) gem before 1.0.4 for Ruby. | 5.3 |
2019-11-14 | CVE-2019-11174 | Intel | Unspecified vulnerability in Intel Baseboard Management Controller Firmware 2.09 Insufficient access control in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure via network access. | 5.3 |
2019-11-14 | CVE-2019-11172 | Intel | Out-of-bounds Read vulnerability in Intel Baseboard Management Controller Firmware 2.09 Out of bound read in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure via network access. | 5.3 |
2019-11-14 | CVE-2012-1169 | Moodle Fedoraproject | Information Exposure vulnerability in multiple products Moodle before 2.2.2 has Personal information disclosure, when administrative setting users name display is set to first name only full names are shown in page breadcrumbs. | 5.3 |
2019-11-14 | CVE-2019-18954 | Netease | Exposure of Resource to Wrong Sphere vulnerability in Netease Pomelo 2.2.5 Pomelo v2.2.5 allows external control of critical state data. | 5.3 |
2019-11-13 | CVE-2019-0388 | SAP | Authentication Bypass by Spoofing vulnerability in SAP UI SAP UI5 HTTP Handler (corrected in SAP_UI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI_700 version 2.0) allows an attacker to manipulate content due to insufficient URL validation. | 5.3 |
2019-11-13 | CVE-2019-16951 | Enghouse | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Enghouse web Chat 6.1.300.31/6.2.284.34 A remote file include (RFI) issue was discovered in Enghouse Web Chat 6.2.284.34. | 5.3 |
2019-11-12 | CVE-2019-1324 | Microsoft | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles IPv6 flowlabel filled in packets, aka 'Windows TCP/IP Information Disclosure Vulnerability'. | 5.3 |
2019-11-12 | CVE-2019-18924 | Systematic | Path Traversal vulnerability in Systematic Iris Webforms 5.4 Systematic IRIS WebForms 5.4 is vulnerable to directory traversal. | 5.3 |
2019-11-12 | CVE-2019-17235 | Getigniteup | Missing Authentication for Critical Function vulnerability in Getigniteup Igniteup includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows information disclosure. | 5.3 |
2019-11-12 | CVE-2018-18819 | Mitel | Incorrect Authorization vulnerability in Mitel Micollab and Mivoice Business Express A vulnerability in the web conference chat component of MiCollab, versions 7.3 PR6 (7.3.0.601) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP2 (8.0.2.202), and MiVoice Business Express versions 7.3 PR3 (7.3.1.302) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP1 (8.0.2.202), could allow creation of unauthorized chat sessions, due to insufficient access controls. | 5.3 |
2019-11-14 | CVE-2019-0150 | Intel | Unspecified vulnerability in Intel products Insufficient access control in firmware Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow a privileged user to potentially enable a denial of service via local access. | 5.1 |
2019-11-14 | CVE-2019-18649 | Untangle | Cross-site Scripting vulnerability in Untangle NG Firewall 14.2.0 When logged in as an admin user, the Title input field (under Reports) within Untangle NG firewall 14.2.0 is vulnerable to stored XSS. | 4.8 |
2019-11-14 | CVE-2019-18648 | Untangle | Cross-site Scripting vulnerability in Untangle NG Firewall 14.2.0 When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input fields. | 4.8 |
2019-11-12 | CVE-2010-3359 | Gargoyle Project Debian | Improper Input Validation vulnerability in multiple products If LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, the variable will point to the current directory. | 4.8 |
2019-11-14 | CVE-2011-1136 | Tesseract Project Debian | Link Following vulnerability in multiple products In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user file by guessing the PID and creating a link to the user's file. | 4.7 |
2019-11-12 | CVE-2010-3095 | Mailscanner | Link Following vulnerability in Mailscanner mailscanner before 4.79.11-2.1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files. | 4.7 |
2019-11-14 | CVE-2019-17391 | Espressif | Improper Handling of Exceptional Conditions vulnerability in Espressif products An issue was discovered in the Espressif ESP32 mask ROM code 2016-06-08 0 through 2. | 4.6 |
2019-11-13 | CVE-2019-5231 | Huawei | Incorrect Authorization vulnerability in Huawei P30 Firmware P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.186(C00E180R2P1) have an improper authorization vulnerability. | 4.6 |
2019-11-13 | CVE-2019-3641 | Mcafee | Unspecified vulnerability in Mcafee Threat Intelligence Exchange Server 3.0.0 Abuse of Authorization vulnerability in APIs exposed by TIE server in McAfee Threat Intelligence Exchange Server (TIE Server) 3.0.0 allows remote authenticated users to modify stored reputation data via specially crafted messages. | 4.5 |
2019-11-14 | CVE-2019-11113 | Intel Netapp | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer overflow in Kernel Mode module for Intel(R) Graphics Driver before version 25.20.100.6618 (DCH) or 21.20.x.5077 (aka15.45.5077) may allow a privileged user to potentially enable information disclosure via local access. | 4.4 |
2019-11-14 | CVE-2019-0117 | Intel | Unspecified vulnerability in Intel products Insufficient access control in protected memory subsystem for Intel(R) SGX for 6th, 7th, 8th, 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Xeon(R) Processor E3-1500 v5, v6 Families; Intel(R) Xeon(R) E-2100 & E-2200 Processor Families with Intel(R) Processor Graphics may allow a privileged user to potentially enable information disclosure via local access. | 4.4 |
2019-11-14 | CVE-2012-1161 | Moodle Fedoraproject | Information Exposure vulnerability in multiple products Moodle before 2.2.2: Course information leak via hidden courses being displayed in tag search results | 4.3 |
2019-11-14 | CVE-2012-1159 | Moodle Fedoraproject | Information Exposure vulnerability in multiple products Moodle before 2.2.2: Overview report allows users to see hidden courses | 4.3 |
2019-11-14 | CVE-2012-1158 | Moodle Fedoraproject | Information Exposure vulnerability in multiple products Moodle before 2.2.2 has a course information leak in gradebook where users are able to see hidden grade items in export | 4.3 |
2019-11-14 | CVE-2012-1157 | Moodle Fedoraproject | Incorrect Default Permissions vulnerability in multiple products Moodle before 2.2.2 has a default repository capabilities issue where all repositories are viewable by all users by default | 4.3 |
2019-11-14 | CVE-2019-8244 | Adobe | Out-of-bounds Read vulnerability in Adobe Media Encoder 13.0.2/13.1 Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds read vulnerability. | 4.3 |
2019-11-14 | CVE-2019-8243 | Adobe | Out-of-bounds Read vulnerability in Adobe Media Encoder 13.0.2/13.1 Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds read vulnerability. | 4.3 |
2019-11-14 | CVE-2019-8242 | Adobe | Out-of-bounds Read vulnerability in Adobe Media Encoder 13.0.2/13.1 Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds read vulnerability. | 4.3 |
2019-11-14 | CVE-2019-8241 | Adobe | Out-of-bounds Read vulnerability in Adobe Media Encoder 13.0.2/13.1 Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds read vulnerability. | 4.3 |
2019-11-13 | CVE-2019-0393 | SAP | SQL Injection vulnerability in SAP Quality Management An SQL Injection vulnerability in SAP Quality Management (corrected in S4CORE versions 1.0, 1.01, 1.02, 1.03) allows an attacker to carry out targeted database queries that can read individual fields of historical inspection results. | 4.3 |
2019-11-13 | CVE-2019-0391 | SAP | Unspecified vulnerability in SAP Netweaver Application Server Java Under certain conditions SAP NetWeaver AS Java (corrected in 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise be restricted. | 4.3 |
2019-11-13 | CVE-2019-0390 | SAP | Information Exposure vulnerability in SAP Diagnostics Agent 7.2 Under certain conditions SAP Data Hub (corrected in DH_Foundation version 2) allows an attacker to access information which would otherwise be restricted. | 4.3 |
2019-11-13 | CVE-2014-3655 | Redhat | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Jboss Enterprise web Server and Keycloak JBoss KeyCloak is vulnerable to soft token deletion via CSRF | 4.3 |
2019-11-12 | CVE-2019-1413 | Microsoft | Origin Validation Error vulnerability in Microsoft Edge A security feature bypass vulnerability exists when Microsoft Edge improperly handles extension requests and fails to request host permission for all_urls, aka 'Microsoft Edge Security Feature Bypass Vulnerability'. | 4.3 |
29 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2019-11-14 | CVE-2019-15744 | Sony | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Sony Xperia XZS Firmware The Sony Xperia Xperia XZs Android device with a build fingerprint of Sony/keyaki_softbank/keyaki_softbank:7.1.1/TONE3-3.0.0-SOFTBANK-170517-0323/1:user/dev-keys contains a pre-installed app with a package name of jp.softbank.mb.tdrl app (versionCode=1413005, versionName=1.3.0) that allows unauthorized wireless settings modification via a confused deputy attack. | 3.3 |
2019-11-14 | CVE-2019-15467 | MI | Externally Controlled Reference to a Resource in Another Sphere vulnerability in MI MIX 2S Firmware The Xiaomi Mi Mix 2S Android device with a build fingerprint of Xiaomi/polaris/polaris:8.0.0/OPR1.170623.032/V9.5.19.0.ODGMIFA:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=A2060_201801032053) that allows unauthorized wireless settings modification via a confused deputy attack. | 3.3 |
2019-11-14 | CVE-2019-15466 | MI | Externally Controlled Reference to a Resource in Another Sphere vulnerability in MI Redmi 6 PRO Firmware The Xiaomi Redmi 6 Pro Android device with a build fingerprint of xiaomi/sakura_india/sakura_india:8.1.0/OPM1.171019.019/V10.2.6.0.ODMMIXM:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=QL1715_201812191721) that allows unauthorized wireless settings modification via a confused deputy attack. | 3.3 |
2019-11-14 | CVE-2019-15428 | MI | Externally Controlled Reference to a Resource in Another Sphere vulnerability in MI Note 2 Firmware The Xiaomi Mi Note 2 Android device with a build fingerprint of Xiaomi/scorpio/scorpio:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app (versionCode=40000, versionName=4.0.00) that allows unauthorized wireless settings modification via a confused deputy attack. | 3.3 |
2019-11-14 | CVE-2019-15427 | MI | Externally Controlled Reference to a Resource in Another Sphere vulnerability in MI MIX Firmware The Xiaomi Mi Mix Android device with a build fingerprint of Xiaomi/lithium/lithium:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app (versionCode=40000, versionName=4.0.00) that allows unauthorized wireless settings modification via a confused deputy attack. | 3.3 |
2019-11-14 | CVE-2019-15426 | MI | Externally Controlled Reference to a Resource in Another Sphere vulnerability in MI 5S Plus Firmware The Xiaomi 5S Plus Android device with a build fingerprint of Xiaomi/natrium/natrium:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app (versionCode=40000, versionName=4.0.00) that allows unauthorized wireless settings modification via a confused deputy attack. | 3.3 |
2019-11-14 | CVE-2019-15425 | Katadigital | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Katadigital M4S Firmware The Kata M4s Android device with a build fingerprint of alps/full_hct6750_66_n/hct6750_66_n:7.0/NRD90M/1495624556:user/test-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. | 3.3 |
2019-11-14 | CVE-2019-15424 | Doogee | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Doogee Bl5000 Firmware The Doogee BL5000 Android device with a build fingerprint of DOOGEE/BL5000/BL5000:7.0/NRD90M/1497072355:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. | 3.3 |
2019-11-14 | CVE-2019-15423 | Bluboo S1 Project | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Bluboo S1 Project Blueboo S1 Firmware The Bluboo Bluboo_S1 Android device with a build fingerprint of BLUBOO/Bluboo_S1/Bluboo_S1:7.0/NRD90M/1495809471:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. | 3.3 |
2019-11-14 | CVE-2019-15422 | Doogee | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Doogee MIX Firmware The Doogee Mix Android device with a build fingerprint of DOOGEE/MIX/MIX:7.0/NRD90M/1495809471:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. | 3.3 |
2019-11-14 | CVE-2019-15421 | Blackview | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Blackview Bv7000 PRO Firmware The Blackview BV7000_Pro Android device with a build fingerprint of Blackview/BV7000_Pro/BV7000_Pro:7.0/NRD90M/1493011204:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. | 3.3 |
2019-11-14 | CVE-2019-15420 | Blackview | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Blackview Bv9000Pro-F Firmware The Blackview BV9000Pro-F Android device with a build fingerprint of Blackview/BV9000Pro-F/BV9000Pro-F:7.1.1/N4F26M/1514363110:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. | 3.3 |
2019-11-14 | CVE-2019-15415 | MI | Externally Controlled Reference to a Resource in Another Sphere vulnerability in MI Redmi 5 Firmware The Xiaomi Redmi 5 Android device with a build fingerprint of xiaomi/vince/vince:7.1.2/N2G47H/V9.5.4.0.NEGMIFA:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=QL1711_201803291645) that allows unauthorized wireless settings modification via a confused deputy attack. | 3.3 |
2019-11-14 | CVE-2019-15393 | Asus | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Asus Zenfone Live (L1) Firmware The Asus ZenFone Live Android device with a build fingerprint of asus/WW_Phone/ASUS_X00LD_3:7.1.1/NMF26F/14.0400.1806.203-20180720:user/release-keys contains a pre-installed app with a package name of com.asus.atd.smmitest app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. | 3.3 |
2019-11-14 | CVE-2019-15387 | Archos | Missing Authorization vulnerability in Archos Core 101 Firmware The Archos Core 101 Android device with a build fingerprint of archos/MTKAC101CR3G_ARCHOS/ac101cr3g:7.0/NRD90M/20180611.034442:user/release-keys contains a pre-installed app with a package name of com.roco.autogen app (versionCode=1, versionName=1) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | 3.3 |
2019-11-14 | CVE-2019-15340 | MI | Incorrect Permission Assignment for Critical Resource vulnerability in MI Redmi 6 Firmware The Xiaomi Redmi 6 Pro Android device with a build fingerprint of xiaomi/sakura_india/sakura_india:8.1.0/OPM1.171019.019/V9.6.4.0.ODMMIFD:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=QL1715_201805292006) that allows any app co-located on the device to programmatically disable and enable Wi-Fi, Bluetooth, and GPS without the corresponding access permission through an exported interface. | 3.3 |
2019-11-14 | CVE-2019-15339 | Lavamobiles | Incorrect Permission Assignment for Critical Resource vulnerability in Lavamobiles Z60S Firmware The Lava Z60s Android device with a build fingerprint of LAVA/Z60s/Z60s:8.1.0/O11019/1530331229:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | 3.3 |
2019-11-14 | CVE-2019-15338 | Lavamobiles | Incorrect Permission Assignment for Critical Resource vulnerability in Lavamobiles Iris 88 Firmware The Lava Iris 88 Lite Android device with a build fingerprint of LAVA/iris88_lite/iris88_lite:8.1.0/O11019/1536323070:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | 3.3 |
2019-11-14 | CVE-2019-15337 | Lavamobiles | Incorrect Permission Assignment for Critical Resource vulnerability in Lavamobiles Z81 Firmware The Lava Z81 Android device with a build fingerprint of LAVA/Z81/Z81:8.1.0/O11019/1532317309:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.31) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | 3.3 |
2019-11-14 | CVE-2019-15336 | Lavamobiles | Incorrect Permission Assignment for Critical Resource vulnerability in Lavamobiles Z61 Firmware The Lava Z61 Turbo Android device with a build fingerprint of LAVA/Z61_Turbo/Z61_Turbo:8.1.0/O11019/1536917928:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.31) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | 3.3 |
2019-11-14 | CVE-2019-15335 | Lavamobiles | Incorrect Permission Assignment for Critical Resource vulnerability in Lavamobiles Z92 Firmware The Lava Z92 Android device with a build fingerprint of LAVA/Z92/Z92:8.1.0/O11019/1535088037:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | 3.3 |
2019-11-14 | CVE-2019-15334 | Lavamobiles | Incorrect Permission Assignment for Critical Resource vulnerability in Lavamobiles Iris 88 Firmware The Lava Iris 88 Go Android device with a build fingerprint of LAVA/iris88_go/iris88_go:8.1.0/O11019/1538188945:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | 3.3 |
2019-11-14 | CVE-2019-15333 | Lavamobiles | Incorrect Permission Assignment for Critical Resource vulnerability in Lavamobiles Flair Z1 Firmware The Lava Flair Z1 Android device with a build fingerprint of LAVA/Z1/Z1:8.1.0/O11019/1536680131:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | 3.3 |
2019-11-14 | CVE-2019-15332 | Lavamobiles | Improper Privilege Management vulnerability in Lavamobiles Z61 Firmware The Lava Z61 Android device with a build fingerprint of LAVA/Z61_2GB/Z61_2GB:8.1.0/O11019/1533889281:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | 3.3 |
2019-11-13 | CVE-2019-5292 | Huawei | Unspecified vulnerability in Huawei products Honor 10 Lite, Honor 8A, Huawei Y6 mobile phones with the versions before 9.1.0.217(C00E215R3P1), the versions before 9.1.0.205(C00E97R1P9), the versions before 9.1.0.205(C00E97R2P2) have an information leak vulnerability. | 3.3 |
2019-11-12 | CVE-2019-1418 | Microsoft | Information Exposure vulnerability in Microsoft products An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure Vulnerability'. | 3.3 |
2019-11-14 | CVE-2012-1160 | Moodle Fedoraproject | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Moodle before 2.2.2 has a permission issue in Forum Subscriptions where unenrolled users can subscribe/unsubscribe via mod/forum/index.php | 2.7 |
2019-11-12 | CVE-2019-5213 | Huawei | Improper Authentication vulnerability in Huawei Honor Play Firmware 9.1.0.333(C00E333R1P1T8)/Cornellal00A9.0.0.156(C00E156R1P13T8) Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8) have an insufficient authentication vulnerability. | 2.4 |
2019-11-15 | CVE-2019-12756 | Symantec | Unspecified vulnerability in Symantec Endpoint Protection Symantec Endpoint Protection (SEP), prior to 14.2 RU2 may be susceptible to a password protection bypass vulnerability whereby the secondary layer of password protection could by bypassed for individuals with local administrator rights. | 2.3 |