Weekly Vulnerabilities Reports > November 11 to 17, 2019
Overview
559 new vulnerabilities reported during this period, including 42 critical vulnerabilities and 137 high severity vulnerabilities. This weekly summary report vulnerabilities in 2141 products from 184 vendors including Microsoft, Intel, Debian, Samsung, and Google. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Input Validation", "Out-of-bounds Write", "Information Exposure", and "Externally Controlled Reference to a Resource in Another Sphere".
- 269 reported vulnerabilities are remotely exploitables.
- 4 reported vulnerabilities have public exploit available.
- 89 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 466 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 73 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 7 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
42 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2019-11-14 | CVE-2019-15800 | Zyxel | OS Command Injection vulnerability in Zyxel products An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. | 10.0 |
2019-11-14 | CVE-2013-3073 | Netgear | Path Traversal vulnerability in Netgear Wndr4700 Firmware 1.0.0.34 A Symlink Traversal vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34. | 10.0 |
2019-11-14 | CVE-2019-8248 | Adobe | Out-of-bounds Write vulnerability in Adobe Illustrator CC Adobe Illustrator CC versions 23.1 and earlier have a memory corruption vulnerability. | 10.0 |
2019-11-14 | CVE-2019-8247 | Adobe | Out-of-bounds Write vulnerability in Adobe Illustrator CC Adobe Illustrator CC versions 23.1 and earlier have a memory corruption vulnerability. | 10.0 |
2019-11-14 | CVE-2019-8246 | Adobe | Out-of-bounds Write vulnerability in Adobe Media Encoder 13.0.2/13.1 Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds write vulnerability. | 10.0 |
2019-11-14 | CVE-2011-1930 | Klibc Project Debian | Remote Shell Command Execution vulnerability in klibc DHCP Options Processing In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. | 10.0 |
2019-11-13 | CVE-2019-5029 | Exhibitor Project | OS Command Injection vulnerability in Exhibitor Project Exhibitor An exploitable command injection vulnerability exists in the Config editor of the Exhibitor Web UI versions 1.0.9 to 1.7.1. | 10.0 |
2019-11-13 | CVE-2013-3367 | Trendnet | Improper Authentication vulnerability in Trendnet Tew-691Gr Firmware and Tew-692Gr Firmware Undocumented TELNET service in TRENDnet TEW-691GR and TEW-692GR when a web page named backdoor contains an HTML parameter of password and a value of j78G¬DFdg_24Mhw3. | 10.0 |
2019-11-13 | CVE-2019-2205 | Use After Free vulnerability in Google Android In ProxyResolverV8::SetPacScript of proxy_resolver_v8.cc, there is a possible memory corruption due to a use after free. | 10.0 | |
2019-11-13 | CVE-2019-2204 | Out-of-bounds Read vulnerability in Google Android 9.0 In FindSharedFunctionInfo of objects.cc, there is a possible out of bounds read due to a mistake in AST traversal. | 10.0 | |
2019-11-13 | CVE-2019-2036 | Unspecified vulnerability in Google Android In okToConnect of HidHostService.java, there is a possible permission bypass due to an incorrect state check. | 10.0 | |
2019-11-13 | CVE-2013-4657 | Netgear | Path Traversal vulnerability in Netgear Wnr3500L Firmware and Wnr3500U Firmware Symlink Traversal vulnerability in NETGEAR WNR3500U and WNR3500L due to misconfiguration in the SMB service. | 10.0 |
2019-11-13 | CVE-2013-4654 | TP Link | Path Traversal vulnerability in Tp-Link Tl-1043Nd Firmware and Tl-Wdr4300 Firmware Symlink Traversal vulnerability in TP-LINK TL-WDR4300 and TL-1043ND.. | 10.0 |
2019-11-13 | CVE-2013-4656 | Asus | Path Traversal vulnerability in Asus Rt-Ac66U Firmware and Rt-N56U Firmware Symlink Traversal vulnerability in ASUS RT-AC66U and RT-N56U due to misconfiguration in the SMB service. | 10.0 |
2019-11-12 | CVE-2019-1449 | Microsoft | Unspecified vulnerability in Microsoft Office and Office 365 Proplus A security feature bypass vulnerability exists in the way that Office Click-to-Run (C2R) components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SYSTEM.To exploit this bug, an attacker would have to run a specially crafted file, aka 'Microsoft Office ClickToRun Security Feature Bypass Vulnerability'. | 10.0 |
2019-11-11 | CVE-2019-18852 | Dlink | Cleartext Transmission of Sensitive Information vulnerability in Dlink products Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/image_sign or /etc/alpha_config/image_sign. | 10.0 |
2019-11-17 | CVE-2019-19012 | Oniguruma Project Debian Fedoraproject Redhat | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. | 9.8 |
2019-11-16 | CVE-2019-19010 | Limnoria Project Fedoraproject | Code Injection vulnerability in multiple products Eval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot (through 2018-05-09) allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands. | 9.8 |
2019-11-15 | CVE-2019-14345 | Vocabularyserver | Unspecified vulnerability in Vocabularyserver Tematres 3.0 TemaTres 3.0 allows remote unprivileged users to create an administrator account | 9.8 |
2019-11-15 | CVE-2019-18928 | Cyrus Fedoraproject Debian | Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection. | 9.8 |
2019-11-12 | CVE-2019-18655 | Upredsun | Out-of-bounds Write vulnerability in Upredsun File Sharing Wizard 1.5.0 File Sharing Wizard version 1.5.0 build 2008 is affected by a Structured Exception Handler based buffer overflow vulnerability. | 9.8 |
2019-11-14 | CVE-2019-15389 | Haier A6 Project | Unspecified vulnerability in Haier A6 Project Haier A6 Firmware The Haier A6 Android device with a build fingerprint of Haier/A6/A6:8.1.0/O11019/1534219877:userdebug/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.1.13). | 9.3 |
2019-11-14 | CVE-2019-15388 | Coolpad | Code Injection vulnerability in Coolpad Mega 5 Firmware The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.1.13). | 9.3 |
2019-11-14 | CVE-2019-15344 | Tecno Mobile | Unspecified vulnerability in Tecno-Mobile Camon Iclick Firmware The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). | 9.3 |
2019-11-13 | CVE-2013-3366 | Trendnet | Cross-Site Request Forgery (CSRF) vulnerability in Trendnet Tew-812Dru Firmware Undocumented TELNET service in TRENDnet TEW-812DRU when a web page named backdoor contains an HTML parameter of password and a value of j78G¬DFdg_24Mhw3. | 9.3 |
2019-11-13 | CVE-2010-4654 | Freedesktop Debian | Injection vulnerability in multiple products poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack. | 9.3 |
2019-11-13 | CVE-2019-2206 | Out-of-bounds Write vulnerability in Google Android In rw_i93_sm_set_read_only of rw_i93.cc, there is a possible out of bounds write due to a missing bounds check. | 9.3 | |
2019-11-13 | CVE-2019-5288 | Huawei | Integer Overflow or Wraparound vulnerability in Huawei P30 Firmware P30 smart phones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an integer overflow vulnerability due to insufficient check on specific parameters. | 9.3 |
2019-11-13 | CVE-2019-5287 | Huawei | Integer Overflow or Wraparound vulnerability in Huawei P30 Firmware P30 smart phones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an integer overflow vulnerability due to insufficient check on specific parameters. | 9.3 |
2019-11-12 | CVE-2019-1448 | Microsoft | Unspecified vulnerability in Microsoft Excel, Office and Office 365 Proplus A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. | 9.3 |
2019-11-12 | CVE-2019-1441 | Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Windows 7 and Windows Server 2008 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Win32k Graphics Remote Code Execution Vulnerability'. | 9.3 |
2019-11-12 | CVE-2019-1430 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016 A remote code execution vulnerability exists when Windows Media Foundation improperly parses specially crafted QuickTime media files.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'Microsoft Windows Media Foundation Remote Code Execution Vulnerability'. | 9.3 |
2019-11-12 | CVE-2019-1406 | Microsoft | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. | 9.3 |
2019-11-14 | CVE-2019-11168 | Intel | Unspecified vulnerability in Intel Baseboard Management Controller Firmware 2.09 Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access. | 9.1 |
2019-11-17 | CVE-2019-19041 | Xorur | OS Command Injection vulnerability in Xorur Lpar2Rrd and Stor2Rrd An issue was discovered in Xorux Lpar2RRD 6.11 and Stor2RRD 2.61, as distributed in Xorux 2.41. | 9.0 |
2019-11-14 | CVE-2019-15799 | Zyxel | Improper Privilege Management vulnerability in Zyxel products An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. | 9.0 |
2019-11-14 | CVE-2019-18647 | Untangle | Command Injection vulnerability in Untangle NG Firewall 14.2.0 The Untangle NG firewall 14.2.0 is vulnerable to an authenticated command injection when logged in as an admin user. | 9.0 |
2019-11-13 | CVE-2019-18931 | Western Digital | Classic Buffer Overflow vulnerability in Western Digital MY Cloud EX2 Ultra Firmware 2.31.195 Western Digital My Cloud EX2 Ultra firmware 2.31.195 allows a Buffer Overflow with Extended Instruction Pointer (EIP) control via crafted GET/POST parameters. | 9.0 |
2019-11-13 | CVE-2019-18930 | Western Digital | Out-of-bounds Write vulnerability in Western Digital MY Cloud EX2 Ultra Firmware 2.31.183 Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest account) to remotely execute arbitrary code via a stack-based buffer overflow. | 9.0 |
2019-11-13 | CVE-2019-18929 | Western Digital | Out-of-bounds Write vulnerability in Western Digital MY Cloud EX2 Ultra Firmware 2.31.195 Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest accounts) to remotely execute arbitrary code via a download_mgr.cgi stack-based buffer overflow. | 9.0 |
2019-11-12 | CVE-2019-0721 | Microsoft | Improper Input Validation vulnerability in Microsoft products A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'. | 9.0 |
2019-11-12 | CVE-2019-0719 | Microsoft | Improper Input Validation vulnerability in Microsoft products A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'. | 9.0 |
137 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2019-11-15 | CVE-2019-14869 | Artifex Fedoraproject Opensuse | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. | 8.8 |
2019-11-14 | CVE-2019-3661 | Mcafee | SQL Injection vulnerability in Mcafee Advanced Threat Defense Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute database commands via carefully constructed time based payloads. | 8.8 |
2019-11-13 | CVE-2019-3660 | Mcafee | Unspecified vulnerability in Mcafee Advanced Threat Defense Improper Neutralization of HTTP requests in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute commands on the server remotely via carefully constructed HTTP requests. | 8.8 |
2019-11-13 | CVE-2019-3651 | Mcafee | Improper Privilege Management vulnerability in Mcafee Advanced Threat Defense Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to ePO as an administrator via using the atduser credentials, which were too permissive. | 8.8 |
2019-11-13 | CVE-2019-18279 | Phoenix | Unspecified vulnerability in Phoenix Securecore Technology 1.1.12.0/1.5.74.0 In Phoenix SCT WinFlash 1.1.12.0 through 1.5.74.0, the included drivers could be used by a malicious Windows application to gain elevated privileges. | 8.8 |
2019-11-13 | CVE-2019-18837 | Crun Project Fedoraproject | Link Following vulnerability in multiple products An issue was discovered in crun before 0.10.5. | 8.6 |
2019-11-13 | CVE-2019-18839 | Fudforum | Cross-site Scripting vulnerability in Fudforum 3.0.9 FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. | 8.5 |
2019-11-12 | CVE-2019-18873 | Fudforum | Cross-site Scripting vulnerability in Fudforum 3.0.9 FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. | 8.5 |
2019-11-14 | CVE-2019-11137 | Intel HPE | Improper Input Validation vulnerability in multiple products Insufficient input validation in system firmware for Intel(R) Xeon(R) Scalable Processors, Intel(R) Xeon(R) Processors D Family, Intel(R) Xeon(R) Processors E5 v4 Family, Intel(R) Xeon(R) Processors E7 v4 Family and Intel(R) Atom(R) processor C Series may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. | 8.2 |
2019-11-14 | CVE-2019-11111 | Intel Netapp | NULL Pointer Dereference vulnerability in multiple products Pointer corruption in the Unified Shader Compiler in Intel(R) Graphics Drivers before 10.18.14.5074 (aka 15.36.x.5074) may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2019-11-14 | CVE-2019-0124 | Intel | Unspecified vulnerability in Intel products Insufficient memory protection in Intel(R) 6th Generation Core Processors and greater, supporting TXT, may allow a privileged user to potentially enable escalation of privilege via local access. | 7.8 |
2019-11-14 | CVE-2019-0123 | Intel | Unspecified vulnerability in Intel products Insufficient memory protection in Intel(R) 6th Generation Core Processors and greater, supporting SGX, may allow a privileged user to potentially enable escalation of privilege via local access. | 7.8 |
2019-11-14 | CVE-2019-0155 | Redhat Intel Canonical | Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2019-11-14 | CVE-2019-0145 | Intel Linux | Classic Buffer Overflow vulnerability in multiple products Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. | 7.8 |
2019-11-14 | CVE-2019-14566 | Intel | Improper Input Validation vulnerability in Intel Software Guard Extensions SDK Insufficient input validation in Intel(R) SGX SDK multiple Linux and Windows versions may allow an authenticated user to enable information disclosure, escalation of privilege or denial of service via local access. | 7.8 |
2019-11-14 | CVE-2019-14565 | Intel | Improper Initialization vulnerability in Intel Software Guard Extensions SDK Insufficient initialization in Intel(R) SGX SDK Windows versions 2.4.100.51291 and earlier, and Linux versions 2.6.100.51363 and earlier, may allow an authenticated user to enable information disclosure, escalation of privilege or denial of service via local access. | 7.8 |
2019-11-14 | CVE-2019-11182 | Intel | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel Baseboard Management Controller Firmware Memory corruption in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access. | 7.8 |
2019-11-14 | CVE-2019-11180 | Intel | Improper Input Validation vulnerability in Intel Baseboard Management Controller Firmware Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access. | 7.8 |
2019-11-14 | CVE-2019-11177 | Intel | Improper Handling of Exceptional Conditions vulnerability in Intel Baseboard Management Controller Firmware Unhandled exception in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access. | 7.8 |
2019-11-14 | CVE-2019-11151 | Intel | Out-of-bounds Write vulnerability in Intel products Memory corruption issues in Intel(R) WIFI Drivers before version 21.40 may allow a privileged user to potentially enable escalation of privilege, denial of service, and information disclosure via local access. | 7.8 |
2019-11-14 | CVE-2019-3663 | Mcafee | Insufficiently Protected Credentials vulnerability in Mcafee Advanced Threat Defense Unprotected Storage of Credentials vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows local attacker to gain access to the root password via accessing sensitive files on the system. | 7.8 |
2019-11-13 | CVE-2019-2211 | SQL Injection vulnerability in Google Android In createProjectionMapForQuery of TvProvider.java, there is possible SQL injection. | 7.8 | |
2019-11-13 | CVE-2019-2208 | Out-of-bounds Read vulnerability in Google Android 9.0 In PromiseBuiltinsAssembler::NewPromiseCapability of builtins-promise.cc, there is a possible out of bounds read in v8 JIT code due to a bug in code generation. | 7.8 | |
2019-11-13 | CVE-2019-2201 | Google Canonical | Out-of-bounds Write vulnerability in multiple products In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. | 7.8 |
2019-11-13 | CVE-2013-4655 | Belkin | Link Following vulnerability in Belkin N900 Firmware Symlink Traversal vulnerability in Belkin N900 due to misconfiguration in the SMB service. | 7.8 |
2019-11-13 | CVE-2019-18397 | GNU Debian | Classic Buffer Overflow vulnerability in multiple products A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application that uses FriBidi for text layout calculations. | 7.8 |
2019-11-12 | CVE-2019-1408 | Microsoft | Out-of-bounds Write vulnerability in Microsoft products An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. | 7.8 |
2019-11-12 | CVE-2019-1405 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'. | 7.8 |
2019-11-12 | CVE-2019-1396 | Microsoft | Out-of-bounds Write vulnerability in Microsoft products An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. | 7.8 |
2019-11-12 | CVE-2019-1395 | Microsoft | Out-of-bounds Write vulnerability in Microsoft products An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. | 7.8 |
2019-11-12 | CVE-2019-1394 | Microsoft | Out-of-bounds Write vulnerability in Microsoft products An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. | 7.8 |
2019-11-12 | CVE-2019-1393 | Microsoft | Out-of-bounds Write vulnerability in Microsoft products An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. | 7.8 |
2019-11-12 | CVE-2019-1398 | Microsoft | Improper Input Validation vulnerability in Microsoft products A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. | 7.7 |
2019-11-12 | CVE-2019-1397 | Microsoft | Improper Input Validation vulnerability in Microsoft products A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. | 7.7 |
2019-11-12 | CVE-2019-1389 | Microsoft | Improper Input Validation vulnerability in Microsoft products A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. | 7.7 |
2019-11-12 | CVE-2019-1428 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.6 |
2019-11-12 | CVE-2019-1427 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.6 |
2019-11-12 | CVE-2019-1426 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.6 |
2019-11-12 | CVE-2019-1390 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 10/11/9 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. | 7.6 |
2019-11-17 | CVE-2019-19011 | Miniupnp Project | NULL Pointer Dereference vulnerability in Miniupnp Project Ngiflib 0.4 MiniUPnP ngiflib 0.4 has a NULL pointer dereference in GifIndexToTrueColor in ngiflib.c via a file that lacks a palette. | 7.5 |
2019-11-15 | CVE-2019-13582 | Marvell | Out-of-bounds Write vulnerability in Marvell 88W8688 Firmware An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. | 7.5 |
2019-11-15 | CVE-2019-13581 | Marvell | Out-of-bounds Write vulnerability in Marvell 88W8688 Firmware An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. | 7.5 |
2019-11-15 | CVE-2011-0703 | Gksu Polkit Project Debian | Improper Input Validation vulnerability in multiple products In gksu-polkit before 0.0.3, the source file for xauth may contain arbitrary commands that may allow an attacker to overtake an administrator X11 session. | 7.5 |
2019-11-15 | CVE-2013-7088 | Clamav Debian Fedoraproject | Classic Buffer Overflow vulnerability in multiple products ClamAV before 0.97.7 has buffer overflow in the libclamav component | 7.5 |
2019-11-15 | CVE-2013-7087 | Clamav Debian Fedoraproject | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products ClamAV before 0.97.7 has WWPack corrupt heap memory | 7.5 |
2019-11-15 | CVE-2019-18981 | Pimcore | Inappropriate Encoding for Output Context vulnerability in Pimcore Pimcore before 6.2.2 lacks an Access Denied outcome for a certain scenario of an incorrect recipient ID of a notification. | 7.5 |
2019-11-14 | CVE-2019-14678 | SAS | XXE vulnerability in SAS Base SAS and XML Mapper SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. | 7.5 |
2019-11-14 | CVE-2013-4108 | Cryptocat Project | Security vulnerability in Cryptocat Project Cryptocat 2.0.18 Multiple unspecified vulnerabilities in Cryptocat Project Cryptocat 2.0.18 have unknown impact and attack vectors. | 7.5 |
2019-11-14 | CVE-2019-18939 | HM Print Project EQ 3 | Improper Input Validation vulnerability in multiple products eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the HM-Print AddOn through 1.2a installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the exec.cgi and exec1.cgi scripts, which execute TCL script content from an HTTP POST request. | 7.5 |
2019-11-14 | CVE-2019-18938 | HM Email Project EQ 3 | Improper Input Validation vulnerability in multiple products eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the E-Mail AddOn through 1.6.8.c installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the save.cgi script for payload upload and the testtcl.cgi script for its execution. | 7.5 |
2019-11-14 | CVE-2019-18937 | Scriptparser Project EQ 3 | Improper Input Validation vulnerability in multiple products eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the Script Parser AddOn through 1.8 installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the exec.cgi script, which executes TCL script content from an HTTP POST request. | 7.5 |
2019-11-14 | CVE-2013-3072 | Netgear | Improper Authentication vulnerability in Netgear Wndr4700 Firmware 1.0.0.34 An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in http://<router_ip>/apply.cgi?/hdd_usr_setup.htm that when visited by any user, authenticated or not, causes the router to no longer require a password to access the web administration portal. | 7.5 |
2019-11-14 | CVE-2019-14818 | Dpdk Redhat Fedoraproject | Memory Leak vulnerability in multiple products A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. | 7.5 |
2019-11-14 | CVE-2019-11171 | Intel | Out-of-bounds Write vulnerability in Intel Baseboard Management Controller Firmware Heap corruption in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure, escalation of privilege and/or denial of service via network access. | 7.5 |
2019-11-13 | CVE-2019-18952 | Sibsoft | Unrestricted Upload of File with Dangerous Type vulnerability in Sibsoft Xfilesharing 2.5.1 SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary file upload. | 7.5 |
2019-11-13 | CVE-2019-18240 | Fujielectric | Out-of-bounds Write vulnerability in Fujielectric V-Server 3.3.22.0/4.0.3.0/4.0.6 In Fuji Electric V-Server 4.0.6 and prior, several heap-based buffer overflows have been identified, which may allow an attacker to remotely execute arbitrary code. | 7.5 |
2019-11-13 | CVE-2010-4533 | Debian Offlineimap | Improper Certificate Validation vulnerability in multiple products offlineimap before 6.3.4 added support for SSL server certificate validation but it is still possible to use SSL v2 protocol, which is a flawed protocol with multiple security deficiencies. | 7.5 |
2019-11-13 | CVE-2019-16948 | Enghouse | Server-Side Request Forgery (SSRF) vulnerability in Enghouse web Chat 6.1.300.31 An SSRF issue was discovered in Enghouse Web Chat 6.1.300.31. | 7.5 |
2019-11-12 | CVE-2019-6188 | Lenovo | Unspecified vulnerability in Lenovo products The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T460p, BIOS versions up to R07ET90W, and T470p, BIOS versions up to R0FET50W, which may allow for unauthorized access. | 7.5 |
2019-11-12 | CVE-2011-2335 | Double Free vulnerability in Google Blink M11 A double-free vulnerability exists in WebKit in Google Chrome before Blink M12 in the WebCore::CSSSelector function. | 7.5 | |
2019-11-12 | CVE-2010-3438 | Libpoe Component IRC Perl Project Debian Fedoraproject | Use of Externally-Controlled Format String vulnerability in multiple products libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. | 7.5 |
2019-11-12 | CVE-2019-1429 | Microsoft | Use After Free vulnerability in Microsoft Internet Explorer 10/11/9 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.5 |
2019-11-12 | CVE-2019-1373 | Microsoft | Deserialization of Untrusted Data vulnerability in Microsoft Exchange Server 2013/2016/2019 A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka 'Microsoft Exchange Remote Code Execution Vulnerability'. | 7.5 |
2019-11-12 | CVE-2019-12719 | AUO | Unrestricted Upload of File with Dangerous Type vulnerability in AUO Sunveillance Monitoring System & Data Recorder An issue was discovered in Picture_Manage_mvc.aspx in AUO SunVeillance Monitoring System before v1.1.9e. | 7.5 |
2019-11-12 | CVE-2019-18925 | Systematic | Missing Authentication for Critical Function vulnerability in Systematic Iris Webforms 5.4 Systematic IRIS WebForms 5.4 and its functionalities can be accessed and used without any form of authentication. | 7.5 |
2019-11-12 | CVE-2019-18658 | Helm | Link Following vulnerability in Helm In Helm 2.x before 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide an opportunity for a maliciously designed chart to include sensitive content such as /etc/passwd, or to execute a denial of service (DoS) via a special file such as /dev/urandom, via symlinks. | 7.5 |
2019-11-12 | CVE-2011-2936 | Elgg | SQL Injection vulnerability in Elgg Elgg through 1.7.10 has a SQL injection vulnerability | 7.5 |
2019-11-12 | CVE-2011-2897 | Gnome Redhat Debian | Improper Input Validation vulnerability in multiple products gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw | 7.5 |
2019-11-12 | CVE-2019-18874 | Psutil Project | Double Free vulnerability in Psutil Project Psutil psutil (aka python-psutil) through 5.6.5 can have a double free. | 7.5 |
2019-11-11 | CVE-2019-18855 | 10Up | Unspecified vulnerability in 10Up Safe SVG A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to potentially unwanted elements or attributes. | 7.5 |
2019-11-11 | CVE-2019-18854 | 10Up | Uncontrolled Recursion vulnerability in 10Up Safe SVG A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '<use ... | 7.5 |
2019-11-11 | CVE-2019-18841 | Chartkick | Unspecified vulnerability in Chartkick Chartkick.Js Chartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem before 3.3.0 for Ruby, allows prototype pollution. | 7.5 |
2019-11-11 | CVE-2019-18836 | Envoyproxy Istio | Infinite Loop vulnerability in multiple products Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection being able to keep a worker thread in an infinite busy loop when continue_on_listener_filters_timeout is used." | 7.5 |
2019-11-15 | CVE-2019-18372 | Symantec | Unspecified vulnerability in Symantec Endpoint Protection 11/11.0/11.0.1 Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 7.2 |
2019-11-15 | CVE-2019-12759 | Symantec | Unspecified vulnerability in Symantec Endpoint Protection Manager and Mail Security Symantec Endpoint Protection Manager (SEPM) and Symantec Mail Security for MS Exchange (SMSMSE), prior to versions 14.2 RU2 and 7.5.x respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 7.2 |
2019-11-15 | CVE-2019-12758 | Symantec | Uncontrolled Search Path Element vulnerability in Symantec Endpoint Protection 11/11.0/11.0.1 Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to an unsigned code execution vulnerability, which may allow an individual to execute code without a resident proper digital signature. | 7.2 |
2019-11-15 | CVE-2011-2910 | Linux Ax25 Debian | Improper Privilege Management vulnerability in multiple products The AX.25 daemon (ax25d) in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. | 7.2 |
2019-11-14 | CVE-2019-11112 | Intel Netapp | Out-of-bounds Write vulnerability in multiple products Memory corruption in Kernel Mode Driver in Intel(R) Graphics Driver before 26.20.100.6813 (DCH) or 26.20.100.6812 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.2 |
2019-11-14 | CVE-2019-0142 | Intel | Improper Privilege Management vulnerability in Intel products Insufficient access control in ilp60x64.sys driver for Intel(R) Ethernet 700 Series Controllers before version 1.33.0.0 may allow a privileged user to potentially enable escalation of privilege via local access. | 7.2 |
2019-11-14 | CVE-2019-15450 | Samsung | Unspecified vulnerability in Samsung Galaxy J3 POP Firmware The Samsung j3popeltecan Android device with a build fingerprint of samsung/j3popeltevl/j3popeltecan:8.1.0/M1AJQ/J327WVLS3BSA2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 7.2 |
2019-11-14 | CVE-2019-15442 | Samsung | Unspecified vulnerability in Samsung ON 7 Firmware The Samsung on7xelteskt Android device with a build fingerprint of samsung/on7xelteskt/on7xelteskt:8.1.0/M1AJQ/G610SKSU2CSB1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 7.2 |
2019-11-14 | CVE-2019-15429 | Panasonic | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Panasonic Eluga I9 Firmware The Panasonic ELUGA_I9 Android device with a build fingerprint of Panasonic/ELUGA_I9/ELUGA_I9:7.0/NRD90M/1501740649:user/release-keys contains a pre-installed app with a package name of com.ovvi.modem app (versionCode=1, versionName=1) that allows unauthorized attacker-controlled at command via a confused deputy attack. | 7.2 |
2019-11-14 | CVE-2019-15419 | Asus | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Asus X105D Firmware The Asus ASUS_X015_1 Android device with a build fingerprint of asus/CN_X015/ASUS_X015_1:7.0/NRD90M/CN_X015-14.00.1709.35-20171215:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app (versionCode=5, versionName=5.0.1) that allows unauthorized command execution via a confused deputy attack. | 7.2 |
2019-11-14 | CVE-2019-15418 | Asus | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Asus Pegasus 4 MAX Firmware and Pegasus 4A Firmware The Asus ASUS_X00K_1 Android device with a build fingerprint of asus/CN_X00K/ASUS_X00K_1:7.0/NRD90M/CN_X00K-14.01.1711.27-20180420:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app (versionCode=5, versionName=5.0.1) that allows unauthorized command execution via a confused deputy attack. | 7.2 |
2019-11-14 | CVE-2019-15417 | Tecno | Unspecified vulnerability in Tecno Spark PRO Firmware The Tecno Spark Pro Android device with a build fingerprint of TECNO/H3722/TECNO-K8:7.0/NRD90M/K8-H3722ABCDE-N-171229V96:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app (versionCode=7, versionName=7.0.5) that allows unauthorized dynamic code loading via a confused deputy attack. | 7.2 |
2019-11-14 | CVE-2019-15414 | Asus | Unspecified vulnerability in Asus Zenfone AR Firmware The Asus ZenFone AR Android device with a build fingerprint of asus/WW_ASUS_A002/ASUS_A002:7.0/NRD90M/14.1600.1805.51-20180626:user/release-keys contains a pre-installed app with a package name of com.asus.splendidcommandagent app (versionCode=1510200105, versionName=1.2.0.21_180605) that allows other pre-installed apps to perform command execution via an accessible app component. | 7.2 |
2019-11-14 | CVE-2019-15413 | Asus | Unspecified vulnerability in Asus Zenfone 3 Ultra Firmware The Asus ZenFone 3 Ultra Android device with a build fingerprint of asus/WW_Phone/ASUS_A001:7.0/NRD90M/14.1010.1804.75-20180612:user/release-keys contains a pre-installed app with a package name of com.asus.splendidcommandagent app (versionCode=1510200105, versionName=1.2.0.21_180605) that allows other pre-installed apps to perform command execution via an accessible app component. | 7.2 |
2019-11-14 | CVE-2019-15411 | Asus | Unspecified vulnerability in Asus Zenfone 3 Laser Firmware The Asus ZenFone 3 Laser Android device with a build fingerprint of asus/WW_msm8937/msm8937:7.1.1/NMF26F/WW_32.40.106.114_20180928:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. | 7.2 |
2019-11-14 | CVE-2019-15410 | Asus | Unspecified vulnerability in Asus Zenfone 5Q Firmware The Asus ZenFone 5Q Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_2:7.1.1/NGI77B/14.0400.1809.059-20181016:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. | 7.2 |
2019-11-14 | CVE-2019-15409 | Asus | Unspecified vulnerability in Asus Zenfone 5Q Firmware The Asus ZenFone 5Q Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_2:7.1.1/NGI77B/14.0400.1809.059-20181016:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. | 7.2 |
2019-11-14 | CVE-2019-15408 | Asus | Unspecified vulnerability in Asus Zenfone 5 Lite Firmware The Asus ZenFone 5 Lite Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_1:7.1.1/NMF26F/14.0400.1810.061-20181107:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. | 7.2 |
2019-11-14 | CVE-2019-15407 | Asus | Unspecified vulnerability in Asus Zenfone 4 MAX Firmware The Asus ASUS_X015_1 Android device with a build fingerprint of asus/CN_X015/ASUS_X015_1:7.0/NRD90M/CN_X015-14.00.1709.35-20171215:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. | 7.2 |
2019-11-14 | CVE-2019-15406 | Asus | Unspecified vulnerability in Asus Zenfone 4 Selfie Firmware The Asus ASUS_X00LD_3 Android device with a build fingerprint of asus/WW_Phone/ASUS_X00LD_3:7.1.1/NMF26F/14.0400.1806.203-20180720:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. | 7.2 |
2019-11-14 | CVE-2019-15405 | Asus | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Asus Pegasus 4 MAX Firmware and Pegasus 4A Firmware The Asus ASUS_X00K_1 Android device with a build fingerprint of asus/CN_X00K/ASUS_X00K_1:7.0/NRD90M/CN_X00K-14.01.1711.27-20180420:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. | 7.2 |
2019-11-14 | CVE-2019-15404 | Asus | Unspecified vulnerability in Asus Zenfone 4 MAX Firmware The Asus ZenFone Max 4 Android device with a build fingerprint of asus/WW_Phone/ASUS_X00HD_4:7.1.1/NMF26F/14.2016.1712.367-20171225:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. | 7.2 |
2019-11-14 | CVE-2019-15403 | Asus | Unspecified vulnerability in Asus Zenfone 3S MAX Firmware The Asus ZenFone 3s Max Android device with a build fingerprint of asus/IN_X00G/ASUS_X00G_1:7.0/NRD90M/IN_X00G-14.02.1807.33-20180706:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. | 7.2 |
2019-11-14 | CVE-2019-15402 | Asus | Unspecified vulnerability in Asus Zenfone AR Firmware The Asus ASUS_A002_2 Android device with a build fingerprint of asus/WW_ASUS_A002_2/ASUS_A002_2:7.0/NRD90M/14.1610.1802.18-20180321:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. | 7.2 |
2019-11-14 | CVE-2019-15401 | Asus | Unspecified vulnerability in Asus Zenfone AR Firmware The Asus ASUS_A002 Android device with a build fingerprint of asus/WW_ASUS_A002/ASUS_A002:7.0/NRD90M/14.1600.1805.51-20180626:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. | 7.2 |
2019-11-14 | CVE-2019-15400 | Asus | Unspecified vulnerability in Asus Zenfone 3 Ultra Firmware The Asus ZenFone 3 Ultra Android device with a build fingerprint of asus/WW_Phone/ASUS_A001:7.0/NRD90M/14.1010.1804.75-20180612:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. | 7.2 |
2019-11-14 | CVE-2019-15399 | Asus | Unspecified vulnerability in Asus Zenfone 5Q Firmware The Asus ZenFone 5Q Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_2:7.1.1/NGI77B/14.0400.1809.059-20181016:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. | 7.2 |
2019-11-14 | CVE-2019-15398 | Asus | Unspecified vulnerability in Asus Zenfone 4 Selfie Firmware The Asus ZenFone 4 Selfie Android device with a build fingerprint of asus/WW_Z01M/ASUS_Z01M_1:7.1.1/NMF26F/WW_user_11.40.208.77_20170922:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. | 7.2 |
2019-11-14 | CVE-2019-15397 | Asus | Unspecified vulnerability in Asus Zenfone MAX 4 Firmware The Asus ZenFone Max 4 Android device with a build fingerprint of asus/WW_Phone/ASUS_X00HD_4:7.1.1/NMF26F/14.2016.1803.373-20180308:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. | 7.2 |
2019-11-14 | CVE-2019-15396 | Asus | Unspecified vulnerability in Asus Zenfone 3 Firmware The Asus ZenFone 3 Android device with a build fingerprint of asus/WW_Phone/ASUS_Z012D:7.0/NRD90M/14.2020.1708.56-20170719:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. | 7.2 |
2019-11-14 | CVE-2019-15395 | Asus | Unspecified vulnerability in Asus Zenfone 3S MAX Firmware The Asus ZenFone 3s Max Android device with a build fingerprint of asus/IN_X00G/ASUS_X00G_1:7.0/NRD90M/IN_X00G-14.02.1807.33-20180706:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. | 7.2 |
2019-11-14 | CVE-2019-15394 | Asus | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Asus Zenfone 5 Selfie Firmware The Asus ZenFone 5 Selfie Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_1:7.1.1/NMF26F/14.0400.1810.061-20181107:user/release-keys contains a pre-installed app with a package name of com.asus.atd.smmitest app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. | 7.2 |
2019-11-14 | CVE-2019-15351 | Tecno Mobile | OS Command Injection vulnerability in Tecno-Mobile Tecno/H622/Tecno-Id5B:8.1.0/O11019/G-180829V31:User/Release-Keys Firmware The Tecno Camon Android device with a build fingerprint of TECNO/H622/TECNO-ID5b:8.1.0/O11019/G-180829V31:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). | 7.2 |
2019-11-14 | CVE-2019-15350 | Tecno Mobile | Exposure of Resource to Wrong Sphere vulnerability in Tecno-Mobile Tecno/H622/Tecno-Id5B:8.1.0/O11019/G-180829V31:User/Release-Keys Firmware The Tecno Camon Android device with a build fingerprint of TECNO/H622/TECNO-ID5b:8.1.0/O11019/G-180829V31:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). | 7.2 |
2019-11-14 | CVE-2019-15349 | Tecno Mobile | Exposure of Resource to Wrong Sphere vulnerability in Tecno-Mobile Tecno/H612/Tecno-Id5A:8.1.0/O11019/F-180828V106:User/Release-Keys Firmware The Tecno Camon Android device with a build fingerprint of TECNO/H612/TECNO-ID5a:8.1.0/O11019/F-180828V106:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). | 7.2 |
2019-11-14 | CVE-2019-15348 | Tecno Mobile | OS Command Injection vulnerability in Tecno-Mobile Tecno/H612/Tecno-Id5A:8.1.0/O11019/F-180828V106:User/Release-Keys Firmware The Tecno Camon Android device with a build fingerprint of TECNO/H612/TECNO-ID5a:8.1.0/O11019/F-180828V106:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). | 7.2 |
2019-11-14 | CVE-2019-15347 | Tecno Mobile | OS Command Injection vulnerability in Tecno-Mobile Camon Iclick 2 Firmware The Tecno Camon iClick 2 Android device with a build fingerprint of TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). | 7.2 |
2019-11-14 | CVE-2019-15346 | Tecno Mobile | Exposure of Resource to Wrong Sphere vulnerability in Tecno-Mobile Camon Iclick 2 Firmware The Tecno Camon iClick 2 Android device with a build fingerprint of TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). | 7.2 |
2019-11-14 | CVE-2019-15345 | Tecno Mobile | Exposure of Resource to Wrong Sphere vulnerability in Tecno-Mobile Camon Iclick Firmware The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). | 7.2 |
2019-11-14 | CVE-2019-15343 | Tecno Mobile | OS Command Injection vulnerability in Tecno-Mobile Camon Iclick Firmware The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). | 7.2 |
2019-11-14 | CVE-2019-15342 | Tecno Mobile | OS Command Injection vulnerability in Tecno-Mobile Camon Iair 2+ Firmware The Tecno Camon iAir 2 Plus Android device with a build fingerprint of TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). | 7.2 |
2019-11-14 | CVE-2019-15341 | Tecno Mobile | Exposure of Resource to Wrong Sphere vulnerability in Tecno-Mobile Camon Iair 2+ Firmware The Tecno Camon iAir 2 Plus Android device with a build fingerprint of TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). | 7.2 |
2019-11-14 | CVE-2019-11181 | Intel | Out-of-bounds Read vulnerability in Intel Baseboard Management Controller Firmware Out of bound read in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 7.2 |
2019-11-14 | CVE-2019-11170 | Intel | Improper Authentication vulnerability in Intel Baseboard Management Controller Firmware Authentication bypass in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure, escalation of privilege and/or denial of service via local access. | 7.2 |
2019-11-14 | CVE-2011-1070 | V86D Project Debian | Incorrect Authorization vulnerability in multiple products v86d before 0.1.10 do not verify if received netlink messages are sent by the kernel. | 7.2 |
2019-11-13 | CVE-2019-9467 | OS Command Injection vulnerability in Google Android In the Bootloader, there is a possible kernel command injection due to missing command sanitization. | 7.2 | |
2019-11-13 | CVE-2019-2210 | Classic Buffer Overflow vulnerability in Google Android 10.0/9.0 In load_logging_config of qmi_vs_service.cc, there is a possible out of bounds write due to a heap buffer overflow. | 7.2 | |
2019-11-13 | CVE-2019-2233 | Unspecified vulnerability in Google Android 10.0 In getUserCount and getCount of UserSwitcherController.java, there is possible new user creation due to a logic error. | 7.2 | |
2019-11-13 | CVE-2019-2214 | Google Canonical | Out-of-bounds Write vulnerability in multiple products In binder_transaction of binder.c, there is a possible out of bounds write due to a missing bounds check. | 7.2 |
2019-11-13 | CVE-2019-2207 | Out-of-bounds Write vulnerability in Google Android In nfa_hci_handle_admin_gate_rsp of nfa_hci_act.cc, there is a possible out of bound write due to missing bounds checks. | 7.2 | |
2019-11-13 | CVE-2019-2203 | Out-of-bounds Write vulnerability in Google Android In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a heap buffer overflow. | 7.2 | |
2019-11-13 | CVE-2019-2202 | Out-of-bounds Write vulnerability in Google Android 10.0/9.0 In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a heap buffer overflow. | 7.2 | |
2019-11-13 | CVE-2019-2199 | Unspecified vulnerability in Google Android 10.0 In createSessionInternal of PackageInstallerService.java, there is a possible permissions bypass. | 7.2 | |
2019-11-13 | CVE-2019-2195 | Improper Input Validation vulnerability in Google Android In tokenize of sqlite3_android.cpp, there is a possible attacker controlled INSERT statement due to improper input validation. | 7.2 | |
2019-11-13 | CVE-2019-2193 | Improper Privilege Management vulnerability in Google Android In WelcomeActivity.java and related files, there is a possible permissions bypass due to a partially provisioned Device Policy Client. | 7.2 | |
2019-11-13 | CVE-2019-2192 | Improper Input Validation vulnerability in Google Android 10.0/9.0 In call of SliceProvider.java, there is a possible permissions bypass due to improper input validation. | 7.2 | |
2019-11-12 | CVE-2019-1438 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. | 7.2 |
2019-11-12 | CVE-2019-1437 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. | 7.2 |
2019-11-12 | CVE-2019-1435 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. | 7.2 |
2019-11-12 | CVE-2019-1434 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. | 7.2 |
2019-11-12 | CVE-2019-1433 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. | 7.2 |
2019-11-12 | CVE-2019-1407 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. | 7.2 |
2019-11-12 | CVE-2019-1392 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. | 7.2 |
2019-11-12 | CVE-2019-1388 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certificate Dialog Elevation of Privilege Vulnerability'. | 7.2 |
262 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2019-11-13 | CVE-2019-2213 | Use After Free vulnerability in Google Android In binder_free_transaction of binder.c, there is a possible use-after-free due to a race condition. | 6.9 | |
2019-11-12 | CVE-2019-5695 | Nvidia | Uncontrolled Search Path Element vulnerability in Nvidia Geforce Experience and GPU Driver NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution. | 6.9 |
2019-11-14 | CVE-2019-11931 | Out-of-bounds Write vulnerability in Whatsapp A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. | 6.8 | |
2019-11-14 | CVE-2019-16110 | Blade Group | Unspecified vulnerability in Blade-Group Shadow 2.13.3 The network protocol of Blade Shadow though 2.13.3 allows remote attackers to take control of a Shadow instance and execute arbitrary code by only knowing the victim's IP address, because packet data can be injected into the unencrypted UDP packet stream. | 6.8 |
2019-11-14 | CVE-2011-1588 | Xfce Opensuse Debian | Use of Externally-Controlled Format String vulnerability in multiple products Thunar before 1.3.1 could crash when copy and pasting a file name with % format characters due to a format string error. | 6.8 |
2019-11-13 | CVE-2019-18884 | Fairsketch | Cross-Site Request Forgery (CSRF) vulnerability in Fairsketch Rise - Ultimate Project Manager 2.3 index.php/team_members/add_team_member in RISE Ultimate Project Manager 2.3 has CSRF for adding authorized users. | 6.8 |
2019-11-13 | CVE-2019-5282 | Huawei | Double Free vulnerability in Huawei products Bastet module of some Huawei smartphones with Versions earlier than Emily-AL00A 9.0.0.182(C00E82R1P21), Versions earlier than Emily-TL00B 9.0.0.182(C01E82R1P21), Versions earlier than Emily-L09C 9.0.0.203(C432E7R1P11), Versions earlier than Emily-L29C 9.0.0.203(C432E7R1P11), Versions earlier than Emily-L29C 9.0.0.202(C185E2R1P12) have a double free vulnerability. | 6.8 |
2019-11-13 | CVE-2019-5233 | Huawei | Improper Authentication vulnerability in Huawei Taurus-Al00B Firmware 10.0.0.41(Sp2C00E41R3P2) Huawei smartphones with versions earlier than Taurus-AL00B 10.0.0.41(SP2C00E41R3P2) have an improper authentication vulnerability. | 6.8 |
2019-11-12 | CVE-2019-5228 | Huawei | Race Condition vulnerability in Huawei P30 Firmware Certain detection module of P30, P30 Pro, Honor V20 smartphone whith Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12), Versions earlier than Princeton-AL10B 9.1.0.233(C00E233R4P3) have a race condition vulnerability. | 6.8 |
2019-11-12 | CVE-2010-3844 | Ettercap Project Debian | Classic Buffer Overflow vulnerability in multiple products An unchecked sscanf() call in ettercap before 0.7.5 allows an insecure temporary settings file to overflow a static-sized buffer on the stack. | 6.8 |
2019-11-12 | CVE-2010-3305 | Pixelpost | Cross-Site Request Forgery (CSRF) vulnerability in Pixelpost 1.7.3 Cross-site request forgery (CSRF) vulnerability in pixelpost 1.7.3 could allow remote attackers to change the admin password. | 6.8 |
2019-11-12 | CVE-2019-1457 | Microsoft | Incorrect Permission Assignment for Critical Resource vulnerability in Microsoft Office 2016/2019 A security feature bypass vulnerability exists in Microsoft Office software by not enforcing macro settings on an Excel document, aka 'Microsoft Office Excel Security Feature Bypass'. | 6.8 |
2019-11-12 | CVE-2019-1456 | Microsoft | Out-of-bounds Write vulnerability in Microsoft products A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts, aka 'OpenType Font Parsing Remote Code Execution Vulnerability'. | 6.8 |
2019-11-12 | CVE-2019-1424 | Microsoft | Unspecified vulnerability in Microsoft products A security feature bypass vulnerability exists when Windows Netlogon improperly handles a secure communications channel, aka 'NetLogon Security Feature Bypass Vulnerability'. | 6.8 |
2019-11-12 | CVE-2019-1419 | Microsoft | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts, aka 'OpenType Font Parsing Remote Code Execution Vulnerability'. | 6.8 |
2019-11-12 | CVE-2019-1310 | Microsoft | Improper Input Validation vulnerability in Microsoft products A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. | 6.8 |
2019-11-12 | CVE-2019-1309 | Microsoft | Improper Input Validation vulnerability in Microsoft products A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. | 6.8 |
2019-11-12 | CVE-2019-0712 | Microsoft | Improper Input Validation vulnerability in Microsoft products A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. | 6.8 |
2019-11-12 | CVE-2019-17237 | Getigniteup | Cross-Site Request Forgery (CSRF) vulnerability in Getigniteup Igniteup includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows CSRF. | 6.8 |
2019-11-14 | CVE-2019-0152 | Intel | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel products Insufficient memory protection in System Management Mode (SMM) and Intel(R) TXT for certain Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
2019-11-14 | CVE-2019-0151 | Intel | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel products Insufficient memory protection in Intel(R) TXT for certain Intel(R) Core Processors and Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
2019-11-14 | CVE-2019-0139 | Intel | Unspecified vulnerability in Intel products Insufficient access control in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow a privileged user to potentially enable an escalation of privilege, denial of service, or information disclosure via local access. | 6.7 |
2019-11-14 | CVE-2019-11136 | Intel HPE | Insufficient access control in system firmware for Intel(R) Xeon(R) Scalable Processors, 2nd Generation Intel(R) Xeon(R) Scalable Processors and Intel(R) Xeon(R) Processors D Family may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. | 6.7 |
2019-11-13 | CVE-2019-3648 | Mcafee | Untrusted Search Path vulnerability in Mcafee products A Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0.R22 and earlier allows administrators to execute arbitrary code via carefully placing malicious files in specific locations protected by administrator permission. | 6.7 |
2019-11-14 | CVE-2018-12207 | Intel Debian Opensuse Fedoraproject Canonical F5 Redhat Oracle | Improper Input Validation vulnerability in multiple products Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. | 6.5 |
2019-11-14 | CVE-2019-11135 | Opensuse Fedoraproject Slackware HP Intel Canonical Debian Redhat Oracle | TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. | 6.5 |
2019-11-14 | CVE-2019-18646 | Untangle | SQL Injection vulnerability in Untangle NG Firewall 14.2.0 The Untangle NG firewall 14.2.0 is vulnerable to authenticated inline-query SQL injection within the timeDataDynamicColumn parameter when logged in as an admin user. | 6.5 |
2019-11-14 | CVE-2019-3662 | Mcafee | Path Traversal vulnerability in Mcafee Advanced Threat Defense Path Traversal: '/absolute/pathname/here' vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to gain unintended access to files on the system via carefully constructed HTTP requests. | 6.5 |
2019-11-14 | CVE-2019-3640 | Mcafee | Cleartext Transmission of Sensitive Information vulnerability in Mcafee Data Loss Prevention Unprotected Transport of Credentials in ePO extension in McAfee Data Loss Prevention 11.x prior to 11.4.0 allows remote attackers with access to the network to collect login details to the LDAP server via the ePO extension not using a secure connection when testing LDAP connectivity. | 6.5 |
2019-11-13 | CVE-2019-3650 | Mcafee | Unspecified vulnerability in Mcafee Advanced Threat Defense Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to the atduser credentials via carefully constructed GET request extracting insecurely information stored in the database. | 6.5 |
2019-11-13 | CVE-2019-3649 | Mcafee | Information Exposure Through Log Files vulnerability in Mcafee Advanced Threat Defense Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attackers to gain access to hashed credentials via carefully constructed POST request extracting incorrectly recorded data from log files. | 6.5 |
2019-11-13 | CVE-2019-0386 | SAP | Missing Authorization vulnerability in SAP ERP Sales and S4Hana Sales Order processing in SAP ERP Sales (corrected in SAP_APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18) and S4HANA Sales (corrected in S4CORE 1.0, 1.01, 1.02, 1.03, 1.04) does not execute the required authorization checks for an authenticated user, which can result in an escalation of privileges. | 6.5 |
2019-11-13 | CVE-2019-0389 | SAP | Unspecified vulnerability in SAP Netweaver Application Server Java An administrator of SAP NetWeaver Application Server Java (J2EE-Framework), (corrected in versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), may change privileges for all or some functions in Java Server, and enable users to execute functions, they are not allowed to execute otherwise. | 6.5 |
2019-11-13 | CVE-2010-4664 | Consolekit Project Debian Redhat | Improper Privilege Management vulnerability in multiple products In ConsoleKit before 0.4.2, an intended security policy restriction bypass was found. | 6.5 |
2019-11-13 | CVE-2014-1214 | Projoom | Unrestricted Upload of File with Dangerous Type vulnerability in Projoom Smart Flash Header 3.0.2 views/upload.php in the ProJoom Smart Flash Header (NovaSFH) component 3.0.2 and earlier for Joomla! allows remote attackers to upload and execute arbitrary files via a crafted (1) dest parameter and (2) arbitrary extension in the Filename parameter. | 6.5 |
2019-11-13 | CVE-2010-4653 | Freedesktop Debian | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts. | 6.5 |
2019-11-12 | CVE-2011-1803 | Double Free vulnerability in Google Blink An issue exists in third_party/WebKit/Source/WebCore/svg/animation/SVGSMILElement.h in WebKit in Google Chrome before Blink M11 and M12 when trying to access a removed smil element. | 6.5 | |
2019-11-12 | CVE-2011-1802 | NULL Pointer Dereference vulnerability in Google Blink WebKit in Google Chrome before Blink M11 and M12 does not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption). | 6.5 | |
2019-11-12 | CVE-2011-2334 | Use After Free vulnerability in Google Blink M11 Use after free vulnerability exists in WebKit in Google Chrome before Blink M12 in RenderLayerwhen removing elements with reflections. | 6.5 | |
2019-11-12 | CVE-2019-1384 | Microsoft | Insufficiently Protected Credentials vulnerability in Microsoft products A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.To exploit this vulnerability, an attacker could send a specially crafted authentication request, aka 'Microsoft Windows Security Feature Bypass Vulnerability'. | 6.5 |
2019-11-14 | CVE-2019-15803 | Zyxel | Improper Authentication vulnerability in Zyxel products An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. | 6.4 |
2019-11-14 | CVE-2012-1168 | Moodle Fedoraproject Redhat | Improper Input Validation vulnerability in multiple products Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified. | 6.4 |
2019-11-12 | CVE-2019-17234 | Getigniteup | Improper Input Validation vulnerability in Getigniteup Igniteup includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows unauthenticated arbitrary file deletion. | 6.4 |
2019-11-14 | CVE-2011-1136 | Tesseract Project Debian | Link Following vulnerability in multiple products In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user file by guessing the PID and creating a link to the user's file. | 6.3 |
2019-11-12 | CVE-2019-1385 | Microsoft | Link Following vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges., aka 'Windows AppX Deployment Extensions Elevation of Privilege Vulnerability'. | 6.1 |
2019-11-14 | CVE-2019-11139 | Debian Opensuse Intel | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access. | 6.0 |
2019-11-15 | CVE-2013-4584 | Horms Debian | Improper Handling of Exceptional Conditions vulnerability in multiple products Perdition before 2.2 may have weak security when handling outbound connections, caused by an error in the STARTTLS IMAP and POP server. | 5.9 |
2019-11-14 | CVE-2019-16863 | ST | Information Exposure Through Discrepancy vulnerability in ST products STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL. | 5.9 |
2019-11-14 | CVE-2019-18651 | 3Xlogic | Cross-Site Request Forgery (CSRF) vulnerability in 3Xlogic Infinias Access Control Firmware 6.6.9586.0 A cross-site request forgery (CSRF) vulnerability in 3xLogic Infinias Access Control through 6.6.9586.0 allows remote attackers to execute malicious and unauthorized actions (e.g., delete application users) by sending a crafted HTML document or encoded URL to a user that the website trusts. | 5.8 |
2019-11-14 | CVE-2019-0140 | Intel | Classic Buffer Overflow vulnerability in Intel products Buffer overflow in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow an unauthenticated user to potentially enable an escalation of privilege via an adjacent access. | 5.8 |
2019-11-14 | CVE-2019-11152 | Intel | Out-of-bounds Write vulnerability in Intel products Memory corruption issues in Intel(R) WIFI Drivers before version 21.40 may allow a privileged user to potentially enable escalation of privilege, denial of service, and information disclosure via adjacent access. | 5.8 |
2019-11-13 | CVE-2019-15948 | TI | Classic Buffer Overflow vulnerability in TI products Texas Instruments CC256x and WL18xx dual-mode Bluetooth controller devices, when LE scan mode is used, allow remote attackers to trigger a buffer overflow via a malformed Bluetooth Low Energy advertising packet, to cause a denial of service or potentially execute arbitrary code. | 5.8 |
2019-11-12 | CVE-2017-17224 | Huawei | NULL Pointer Dereference vulnerability in Huawei Hg655M Firmware Harryal00C9.1.0.206(C00E205R3P1) Some Huawei smart phones with versions earlier than Harry-AL00C 9.1.0.206(C00E205R3P1) have a null pointer dereference vulnerability. | 5.8 |
2019-11-12 | CVE-2019-1447 | Microsoft | Origin Validation Error vulnerability in Microsoft Office Online Server A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. | 5.8 |
2019-11-12 | CVE-2019-1445 | Microsoft | Origin Validation Error vulnerability in Microsoft Office Online Server A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. | 5.8 |
2019-11-12 | CVE-2019-1425 | Microsoft | Link Following vulnerability in Microsoft Visual Studio 2017 and Visual Studio 2019 An elevation of privilege vulnerability exists when Visual Studio fails to properly validate hardlinks while extracting archived files, aka 'Visual Studio Elevation of Privilege Vulnerability'. | 5.8 |
2019-11-17 | CVE-2019-19035 | Jhead Project | Out-of-bounds Read vulnerability in Jhead Project Jhead 3.03 jhead 3.03 is affected by: heap-based buffer over-read. | 5.5 |
2019-11-14 | CVE-2019-14591 | Intel Netapp | Improper Input Validation vulnerability in multiple products Improper input validation in the API for Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable denial of service via local access. | 5.5 |
2019-11-14 | CVE-2019-14590 | Intel Netapp | Improper Privilege Management vulnerability in multiple products Improper access control in the API for the Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
2019-11-14 | CVE-2019-14574 | Intel Netapp | Out-of-bounds Read vulnerability in multiple products Out of bounds read in a subsystem for Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable denial of service via local access. | 5.5 |
2019-11-14 | CVE-2019-11089 | Intel Netapp | Improper Input Validation vulnerability in multiple products Insufficient input validation in Kernel Mode module for Intel(R) Graphics Driver before version 25.20.100.6519 may allow an authenticated user to potentially enable denial of service via local access. | 5.5 |
2019-11-14 | CVE-2019-0184 | Intel | Unspecified vulnerability in Intel products Insufficient access control in protected memory subsystem for Intel(R) TXT for 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 Families; Intel(R) Xeon(R) E-2100 and E-2200 Processor Families with Intel(R) Processor Graphics and Intel(R) TXT may allow a privileged user to potentially enable information disclosure via local access. | 5.5 |
2019-11-14 | CVE-2019-0185 | Intel | Unspecified vulnerability in Intel products Insufficient access control in protected memory subsystem for SMM for 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor families; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 families; Intel(R) Xeon(R) E-2100 and E-2200 Processor families with Intel(R) Processor Graphics may allow a privileged user to potentially enable information disclosure via local access. | 5.5 |
2019-11-14 | CVE-2019-0154 | Canonical Intel | Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may allow an authenticated user to potentially enable denial of service via local access. | 5.5 |
2019-11-14 | CVE-2019-11178 | Intel | Classic Buffer Overflow vulnerability in Intel Baseboard Management Controller Firmware Stack overflow in Intel(R) Baseboard Management Controller firmware may allow an authenticated user to potentially enable information disclosure and/or denial of service via network access. | 5.5 |
2019-11-13 | CVE-2019-0396 | SAP | Improper Input Validation vulnerability in SAP Businessobjects Business Intelligence Platform 4.0/4.1 SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), corrected in versions 4.1 and 4.2, does not sufficiently validate an XML document accepted from an untrusted source. | 5.5 |
2019-11-12 | CVE-2019-1399 | Microsoft | Improper Input Validation vulnerability in Microsoft products A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. | 5.5 |
2019-11-11 | CVE-2019-18849 | Tnef Project Fedoraproject Canonical Debian | Out-of-bounds Read vulnerability in multiple products In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup. | 5.5 |
2019-11-15 | CVE-2019-14343 | Vocabularyserver | Cross-site Scripting vulnerability in Vocabularyserver Tematres 3.0 TemaTres 3.0 has stored XSS via the value parameter to the vocab/admin.php?vocabulario_id=list URI. | 5.4 |
2019-11-17 | CVE-2019-19022 | Iterm2 | Information Exposure vulnerability in Iterm2 iTerm2 through 3.3.6 has potentially insufficient documentation about the presence of search history in com.googlecode.iterm2.plist, which might allow remote attackers to obtain sensitive information, as demonstrated by searching for the NoSyncSearchHistory string in .plist files within public Git repositories. | 5.0 |
2019-11-15 | CVE-2019-6664 | F5 | Unspecified vulnerability in F5 products On BIG-IP 15.0.0 and 14.1.0-14.1.0.6, under certain conditions, network protections on the management port do not follow current best practices. | 5.0 |
2019-11-15 | CVE-2019-6661 | F5 | Resource Exhaustion vulnerability in F5 Big-Ip Access Policy Manager When the BIG-IP APM 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.4.1, or 11.5.1-11.6.5 system processes certain requests, the APD/APMD daemon may consume excessive resources. | 5.0 |
2019-11-15 | CVE-2019-6660 | F5 | Resource Exhaustion vulnerability in F5 products On BIG-IP 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.1, undisclosed HTTP requests may consume excessive amounts of systems resources which may lead to a denial of service. | 5.0 |
2019-11-15 | CVE-2019-6659 | F5 | Unspecified vulnerability in F5 products On version 14.0.0-14.1.0.1, BIG-IP virtual servers with TLSv1.3 enabled may experience a denial of service due to undisclosed incoming messages. | 5.0 |
2019-11-15 | CVE-2011-2726 | Drupal Debian Redhat Fedoraproject | Incorrect Authorization vulnerability in multiple products An access bypass issue was found in Drupal 7.x before version 7.5. | 5.0 |
2019-11-15 | CVE-2016-5285 | Mozilla Debian Redhat Suse Avaya | NULL Pointer Dereference vulnerability in multiple products A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service. | 5.0 |
2019-11-15 | CVE-2014-0021 | Chrony Project Debian Fedoraproject | Remote Denial of Service vulnerability in Chrony cmdmon Protocol Amplification Chrony before 1.29.1 has traffic amplification in cmdmon protocol | 5.0 |
2019-11-15 | CVE-2013-7089 | Clamav Debian Fedoraproject | Information Exposure vulnerability in multiple products ClamAV before 0.97.7: dbg_printhex possible information leak | 5.0 |
2019-11-15 | CVE-2019-18987 | Mediawiki | Information Exposure vulnerability in Mediawiki Abusefilter An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. | 5.0 |
2019-11-15 | CVE-2019-18986 | Pimcore | Improper Restriction of Excessive Authentication Attempts vulnerability in Pimcore Pimcore before 6.2.2 allow attackers to brute-force (guess) valid usernames by using the 'forgot password' functionality as it returns distinct messages for invalid password and non-existing users. | 5.0 |
2019-11-15 | CVE-2019-18985 | Pimcore | Improper Restriction of Excessive Authentication Attempts vulnerability in Pimcore Pimcore before 6.2.2 lacks brute force protection for the 2FA token. | 5.0 |
2019-11-14 | CVE-2019-18980 | Philips | Missing Authentication for Critical Function vulnerability in Philips Taolight Smart Wi-Fi WIZ Connected LED Bulb 9290022656 Firmware On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022656 devices, an unprotected API lets remote users control the bulb's operation. | 5.0 |
2019-11-14 | CVE-2019-18978 | Rack Cors Project Debian Canonical | Path Traversal vulnerability in multiple products An issue was discovered in the rack-cors (aka Rack CORS Middleware) gem before 1.0.4 for Ruby. | 5.0 |
2019-11-14 | CVE-2019-15804 | Zyxel | Unspecified vulnerability in Zyxel products An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. | 5.0 |
2019-11-14 | CVE-2019-15801 | Zyxel | Insufficiently Protected Credentials vulnerability in Zyxel products An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. | 5.0 |
2019-11-14 | CVE-2013-3070 | Netgear | Information Exposure vulnerability in Netgear Wndr4700 Firmware 1.0.0.34 An Information Disclosure vulnerability exists in Netgear WNDR4700 running firmware 1.0.0.34 in the management web interface, which discloses the PSK of the wireless LAN. | 5.0 |
2019-11-14 | CVE-2019-11175 | Intel | Improper Input Validation vulnerability in Intel Baseboard Management Controller Firmware Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access. | 5.0 |
2019-11-14 | CVE-2019-11174 | Intel | Unspecified vulnerability in Intel Baseboard Management Controller Firmware Insufficient access control in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure via network access. | 5.0 |
2019-11-14 | CVE-2019-11172 | Intel | Out-of-bounds Read vulnerability in Intel Baseboard Management Controller Firmware Out of bound read in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure via network access. | 5.0 |
2019-11-14 | CVE-2012-1170 | Moodle Fedoraproject | Improper Validation of Integrity Check Value vulnerability in multiple products Moodle before 2.2.2 has an external enrolment plugin context check issue where capability checks are not thorough | 5.0 |
2019-11-14 | CVE-2012-1169 | Moodle Fedoraproject | Information Exposure vulnerability in multiple products Moodle before 2.2.2 has Personal information disclosure, when administrative setting users name display is set to first name only full names are shown in page breadcrumbs. | 5.0 |
2019-11-14 | CVE-2019-8240 | Adobe | Out-of-bounds Write vulnerability in Adobe Bridge CC Adobe Bridge CC versions 9.1 and earlier have a memory corruption vulnerability. | 5.0 |
2019-11-14 | CVE-2019-8239 | Adobe | Out-of-bounds Write vulnerability in Adobe Bridge CC Adobe Bridge CC versions 9.1 and earlier have a memory corruption vulnerability. | 5.0 |
2019-11-14 | CVE-2012-1156 | Moodle Fedoraproject Redhat | Information Exposure Through Log Files vulnerability in multiple products Moodle before 2.2.2 has users' private files included in course backups | 5.0 |
2019-11-14 | CVE-2012-1155 | Moodle Fedoraproject Redhat Debian | Information Exposure vulnerability in multiple products Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to | 5.0 |
2019-11-14 | CVE-2019-18949 | Snowhaze | Improper Input Validation vulnerability in Snowhaze SnowHaze before 2.6.6 is sometimes too late to honor a per-site JavaScript blocking setting, which leads to unintended JavaScript execution via a chain of webpage redirections targeted to the user's browser configuration. | 5.0 |
2019-11-14 | CVE-2019-18954 | Netease | Exposure of Resource to Wrong Sphere vulnerability in Netease Pomelo 2.2.5 Pomelo v2.2.5 allows external control of critical state data. | 5.0 |
2019-11-13 | CVE-2019-18951 | Sibsoft | Path Traversal vulnerability in Sibsoft Xfilesharing 2.5.1 SibSoft Xfilesharing through 2.5.1 allows op=page&tmpl=../ directory traversal to read arbitrary files. | 5.0 |
2019-11-13 | CVE-2019-0388 | SAP | Authentication Bypass by Spoofing vulnerability in SAP UI SAP UI5 HTTP Handler (corrected in SAP_UI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI_700 version 2.0) allows an attacker to manipulate content due to insufficient URL validation. | 5.0 |
2019-11-13 | CVE-2010-5108 | Edgewall Debian | Incorrect Default Permissions vulnerability in multiple products Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. | 5.0 |
2019-11-13 | CVE-2011-4972 | Ckeditor | Information Exposure vulnerability in Ckeditor 7.X1.4 hook_file_download in the CKEditor module 7.x-1.4 for Drupal does not properly restrict access to private files, which allows remote attackers to read private files via a direct request. | 5.0 |
2019-11-13 | CVE-2010-4657 | PHP Redhat Debian | Missing Release of Resource after Effective Lifetime vulnerability in multiple products PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. | 5.0 |
2019-11-13 | CVE-2019-18844 | Linux | Reachable Assertion vulnerability in Linux Acrn The Device Model in ACRN before 2019w25.5-140000p relies on assert calls in devicemodel/hw/pci/core.c and devicemodel/include/pci_core.h (instead of other mechanisms for propagating error information or diagnostic information), which might allow attackers to cause a denial of service (assertion failure) within pci core. | 5.0 |
2019-11-13 | CVE-2019-16951 | Enghouse | Information Exposure vulnerability in Enghouse web Chat 6.1.300.31/6.2.284.34 A remote file include (RFI) issue was discovered in Enghouse Web Chat 6.2.284.34. | 5.0 |
2019-11-13 | CVE-2019-5294 | Huawei | Out-of-bounds Read vulnerability in Huawei products There is an out of bound read vulnerability in some Huawei products. | 5.0 |
2019-11-13 | CVE-2019-5289 | Huawei | Out-of-bounds Read vulnerability in Huawei Manageone 6.5.0 Gauss100 OLTP database in ManageOne with versions of 6.5.0 have an out-of-bounds read vulnerability due to the insufficient checks of the specific packet length. | 5.0 |
2019-11-12 | CVE-2019-14367 | Slack Chat Project | Information Exposure vulnerability in Slack-Chat Project Slack-Chat 1.5.5 Slack-Chat through 1.5.5 leaks a Slack Access Token in source code. | 5.0 |
2019-11-12 | CVE-2019-14366 | Slack | Information Exposure vulnerability in Slack WP Slacksync WP SlackSync plugin through 1.8.5 for WordPress leaks a Slack Access Token in source code. | 5.0 |
2019-11-12 | CVE-2019-14365 | Intercom | Information Exposure vulnerability in Intercom 1.2.1 The Intercom plugin through 1.2.1 for WordPress leaks a Slack Access Token in source code. | 5.0 |
2019-11-12 | CVE-2010-2488 | ZNC | NULL Pointer Dereference vulnerability in ZNC NULL pointer dereference vulnerability in ZNC before 0.092 caused by traffic stats when there are unauthenticated connections. | 5.0 |
2019-11-12 | CVE-2019-1324 | Microsoft | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles IPv6 flowlabel filled in packets, aka 'Windows TCP/IP Information Disclosure Vulnerability'. | 5.0 |
2019-11-12 | CVE-2019-12720 | AUO | SQL Injection vulnerability in AUO Sunveillance Monitoring System & Data Recorder AUO SunVeillance Monitoring System before v1.1.9e is vulnerable to mvc_send_mail.aspx (MailAdd parameter) SQL Injection. | 5.0 |
2019-11-12 | CVE-2019-1234 | Microsoft | Authentication Bypass by Spoofing vulnerability in Microsoft Azure Stack A spoofing vulnerability exists when Azure Stack fails to validate certain requests, aka 'Azure Stack Spoofing Vulnerability'. | 5.0 |
2019-11-12 | CVE-2019-17360 | Hitachi | Resource Exhaustion vulnerability in Hitachi products A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.7.0-00 allows an unauthenticated remote user to trigger a denial of service (DoS) condition because of Uncontrolled Resource Consumption. | 5.0 |
2019-11-12 | CVE-2018-21026 | Hitachi Linux Microsoft Oracle | Information Exposure vulnerability in Hitachi products A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.6.5-00 allows an unauthenticated remote user to read internal information. | 5.0 |
2019-11-12 | CVE-2019-18924 | Systematic | Path Traversal vulnerability in Systematic Iris Webforms 5.4 Systematic IRIS WebForms 5.4 is vulnerable to directory traversal. | 5.0 |
2019-11-12 | CVE-2019-17235 | Getigniteup | Information Exposure vulnerability in Getigniteup Igniteup includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows information disclosure. | 5.0 |
2019-11-12 | CVE-2012-1572 | Openstack Debian | Resource Exhaustion vulnerability in multiple products OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space | 5.0 |
2019-11-12 | CVE-2019-18848 | Json JWT Project Debian | Improper Authentication vulnerability in multiple products The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string. | 5.0 |
2019-11-12 | CVE-2012-1109 | Pediapress | Improper Handling of Exceptional Conditions vulnerability in Pediapress Mwlib mwlib 0.13 through 0.13.4 has a denial of service vulnerability when parsing #iferror magic functions | 5.0 |
2019-11-12 | CVE-2019-18817 | Istio | Infinite Loop vulnerability in Istio Istio 1.3.x before 1.3.5 allows Denial of Service because continue_on_listener_filters_timeout is set to True, a related issue to CVE-2019-18836. | 5.0 |
2019-11-12 | CVE-2018-18819 | Mitel | Incorrect Authorization vulnerability in Mitel Micollab and Mivoice Business Express A vulnerability in the web conference chat component of MiCollab, versions 7.3 PR6 (7.3.0.601) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP2 (8.0.2.202), and MiVoice Business Express versions 7.3 PR3 (7.3.1.302) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP1 (8.0.2.202), could allow creation of unauthorized chat sessions, due to insufficient access controls. | 5.0 |
2019-11-12 | CVE-2014-7143 | Twistedmatrix | Improper Certificate Validation vulnerability in Twistedmatrix Twisted 14.0.0 Python Twisted 14.0 trustRoot is not respected in HTTP client | 5.0 |
2019-11-11 | CVE-2019-18857 | SVG Sanitizer Project | Cross-site Scripting vulnerability in Svg-Sanitizer Project Svg-Sanitizer darylldoyle svg-sanitizer before 0.12.0 mishandles script and data values in attributes, as demonstrated by unexpected whitespace such as in the javascript	:alert substring. | 5.0 |
2019-11-11 | CVE-2019-18856 | Drupal | Incorrect Permission Assignment for Critical Resource vulnerability in Drupal SVG Sanitizer A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled. | 5.0 |
2019-11-15 | CVE-2019-16762 | Simpleledger | Improper Input Validation vulnerability in Simpleledger Slpjs A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slpjs npm package. | 4.9 |
2019-11-15 | CVE-2019-16761 | Simpleledger | Improper Input Validation vulnerability in Simpleledger Slp-Validate 1.0.0 A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the [email protected] npm package. | 4.9 |
2019-11-14 | CVE-2019-0144 | Intel | Improper Handling of Exceptional Conditions vulnerability in Intel products Unhandled exception in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow an authenticated user to potentially enable a denial of service via local access. | 4.9 |
2019-11-14 | CVE-2019-0143 | Intel | Improper Handling of Exceptional Conditions vulnerability in Intel products Unhandled exception in Kernel-mode drivers for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access. | 4.9 |
2019-11-13 | CVE-2019-2212 | Out-of-bounds Read vulnerability in Google Android In poisson_distribution of random, there is an out of bounds read. | 4.9 | |
2019-11-13 | CVE-2019-2209 | Out-of-bounds Read vulnerability in Google Android In BTA_DmPinReply of bta_dm_api.cc, there is a possible out of bounds read due to an incorrect bounds check. | 4.9 | |
2019-11-13 | CVE-2019-2198 | SQL Injection vulnerability in Google Android In Download Provider, there is a possible SQL injection vulnerability. | 4.9 | |
2019-11-13 | CVE-2019-2196 | SQL Injection vulnerability in Google Android In Download Provider, there is possible SQL injection. | 4.9 | |
2019-11-12 | CVE-2019-1391 | Microsoft | Unspecified vulnerability in Microsoft products A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. | 4.9 |
2019-11-15 | CVE-2019-12757 | Symantec | Unspecified vulnerability in Symantec Endpoint Protection Symantec Endpoint Protection (SEP), prior to 14.2 RU2 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to 12.1 RU6 MP10d (12.1.7510.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 4.6 |
2019-11-15 | CVE-2018-18368 | Symantec | Improper Privilege Management vulnerability in Symantec Endpoint Protection Manager Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 4.6 |
2019-11-15 | CVE-2014-0023 | Redhat | Exposure of Resource to Wrong Sphere vulnerability in Redhat Openshift OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution | 4.6 |
2019-11-14 | CVE-2019-15465 | Samsung | Unspecified vulnerability in Samsung Galaxy J7 PRO Firmware The Samsung J7 Pro Android device with a build fingerprint of samsung/j7y17lteubm/j7y17lte:8.1.0/M1AJQ/J730GMUBS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 4.6 |
2019-11-14 | CVE-2019-15464 | Samsung | Unspecified vulnerability in Samsung Galaxy J7 PRO Firmware The Samsung J7 Pro Android device with a build fingerprint of samsung/j7y17lteub/j7y17lte:8.1.0/M1AJQ/J730GUBS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 4.6 |
2019-11-14 | CVE-2019-15463 | Samsung | Unspecified vulnerability in Samsung Galaxy J7 Prime Firmware The Samsung j7popeltemtr Android device with a build fingerprint of samsung/j7popeltemtr/j7popeltemtr:8.1.0/M1AJQ/J727T1UVS5BSC2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 4.6 |
2019-11-14 | CVE-2019-15462 | Samsung | Unspecified vulnerability in Samsung Galaxy J7 DUO Firmware The Samsung J7 Duo Android device with a build fingerprint of samsung/j7duolteub/j7duolte:8.0.0/R16NW/J720MUBS3ASB2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 4.6 |
2019-11-14 | CVE-2019-15461 | Samsung | Unspecified vulnerability in Samsung Galaxy J7 NEO Firmware The Samsung J7 Neo Android device with a build fingerprint of samsung/j7velteub/j7velte:8.1.0/M1AJQ/J701MUBS6BSB4:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 4.6 |
2019-11-14 | CVE-2019-15460 | Samsung | Unspecified vulnerability in Samsung Galaxy J7 NEO Firmware The Samsung J7 Neo Android device with a build fingerprint of samsung/j7veltedx/j7velte:8.1.0/M1AJQ/J701FXVS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 4.6 |
2019-11-14 | CVE-2019-15459 | Samsung | Unspecified vulnerability in Samsung Galaxy J7 NEO Firmware The Samsung J7 Neo Android device with a build fingerprint of samsung/j7velteub/j7velte:8.1.0/M1AJQ/J701MUBS6BSB3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 4.6 |
2019-11-14 | CVE-2019-15458 | Samsung | Unspecified vulnerability in Samsung Galaxy J7 NEO Firmware The Samsung J7 Neo Android device with a build fingerprint of samsung/j7veltedx/j7velte:8.1.0/M1AJQ/J701FXXS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 4.6 |
2019-11-14 | CVE-2019-15457 | Samsung | Unspecified vulnerability in Samsung Galaxy J6 Firmware The Samsung J6 Android device with a build fingerprint of samsung/j6ltexx/j6lte:8.0.0/R16NW/J600FNXXU3ASC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 4.6 |
2019-11-14 | CVE-2019-15456 | Samsung | Unspecified vulnerability in Samsung Galaxy J6 Firmware The Samsung J6 Android device with a build fingerprint of samsung/j6ltexx/j6lte:8.0.0/R16NW/J600FNXXU3ASC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 4.6 |
2019-11-14 | CVE-2019-15455 | Samsung | Unspecified vulnerability in Samsung Galaxy J5 Firmware The Samsung J5 Android device with a build fingerprint of samsung/j5y17ltexx/j5y17lte:8.1.0/M1AJQ/J530FXXU3BRL1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 4.6 |
2019-11-14 | CVE-2019-15454 | Samsung | Unspecified vulnerability in Samsung Galaxy J4 Firmware The Samsung J4 Android device with a build fingerprint of samsung/j4lteub/j4lte:8.0.0/R16NW/J400MUBU2ARL4:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 4.6 |
2019-11-14 | CVE-2019-15453 | Samsung | Unspecified vulnerability in Samsung Galaxy J4 Firmware The Samsung J4 Android device with a build fingerprint of samsung/j4lteub/j4lte:8.0.0/R16NW/J400MUBS2ASC2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 4.6 |
2019-11-14 | CVE-2019-15452 | Samsung | Unspecified vulnerability in Samsung Galaxy J3 Firmware The Samsung J3 Android device with a build fingerprint of samsung/j3y17ltedx/j3y17lte:8.0.0/R16NW/J330GDXS3BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=6010000, versionName=6.1.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 4.6 |
2019-11-14 | CVE-2019-15451 | Samsung | Unspecified vulnerability in Samsung Galaxy J3 Firmware The Samsung J3 Android device with a build fingerprint of samsung/j3y17ltedx/j3y17lte:8.0.0/R16NW/J330GDXS3BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=6010000, versionName=6.1.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 4.6 |
2019-11-14 | CVE-2019-15449 | Samsung | Unspecified vulnerability in Samsung Galaxy S7 Edge Firmware The Samsung S7 Edge Android device with a build fingerprint of samsung/hero2ltexx/hero2lte:8.0.0/R16NW/G935FXXS4ESC3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 4.6 |
2019-11-14 | CVE-2019-15448 | Samsung | Unspecified vulnerability in Samsung Galaxy S7 Edge Firmware The Samsung S7 Edge Android device with a build fingerprint of samsung/hero2ltexx/hero2lte:8.0.0/R16NW/G935FXXS4ESC3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 4.6 |
2019-11-14 | CVE-2019-15447 | Samsung | Unspecified vulnerability in Samsung Galaxy S7 Edge Firmware The Samsung S7 Edge Android device with a build fingerprint of samsung/hero2ltexx/hero2lte:8.0.0/R16NW/G935FXXS4ESC3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 4.6 |
2019-11-14 | CVE-2019-15446 | Samsung | Unspecified vulnerability in Samsung Galaxy S7 Firmware The Samsung S7 Android device with a build fingerprint of samsung/heroltexx/herolte:8.0.0/R16NW/G930FXXU3ESAC:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 4.6 |
2019-11-14 | CVE-2019-15445 | Samsung | Unspecified vulnerability in Samsung Galaxy S7 Firmware The Samsung S7 Android device with a build fingerprint of samsung/heroltexx/herolte:8.0.0/R16NW/G930FXXS4ESC3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 4.6 |
2019-11-14 | CVE-2019-15444 | Samsung | Unspecified vulnerability in Samsung Galaxy S7 Firmware The Samsung S7 Android device with a build fingerprint of samsung/heroltexx/herolte:8.0.0/R16NW/G930FXXS4ESC3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 4.6 |
2019-11-14 | CVE-2019-15443 | Samsung | Unspecified vulnerability in Samsung Galaxy J7 MAX Firmware The Samsung J7 Max Android device with a build fingerprint of samsung/j7maxlteins/j7maxlte:8.1.0/M1AJQ/G615FXXU2BSB1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 4.6 |
2019-11-14 | CVE-2019-15441 | Samsung | Unspecified vulnerability in Samsung ON 7 Firmware The Samsung on7xeltelgt Android device with a build fingerprint of samsung/on7xeltelgt/on7xeltelgt:8.1.0/M1AJQ/G610LKLU2CSB1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 4.6 |
2019-11-14 | CVE-2019-15440 | Samsung | Unspecified vulnerability in Samsung Galaxy J5 Firmware The Samsung J5 Android device with a build fingerprint of samsung/on5xeltedx/on5xelte:8.0.0/R16NW/G570YDXU2CRL1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=6010000, versionName=6.1.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 4.6 |
2019-11-14 | CVE-2019-15439 | Samsung | Unspecified vulnerability in Samsung Galaxy Xcover4 Firmware The Samsung XCover4 Android device with a build fingerprint of samsung/xcover4ltedo/xcover4lte:8.1.0/M1AJQ/G390YDXU2BSA1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 4.6 |
2019-11-14 | CVE-2019-15438 | Samsung | Unspecified vulnerability in Samsung Galaxy Xcover4 Firmware The Samsung XCover4 Android device with a build fingerprint of samsung/xcover4ltedo/xcover4lte:8.1.0/M1AJQ/G390YDXU2BSA1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 4.6 |
2019-11-14 | CVE-2019-15437 | Samsung | Unspecified vulnerability in Samsung Galaxy Xcover4 Firmware The Samsung XCover4 Android device with a build fingerprint of samsung/xcover4ltexx/xcover4lte:8.1.0/M1AJQ/G390FXXU3BSA2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 4.6 |
2019-11-14 | CVE-2019-15436 | Samsung | Unspecified vulnerability in Samsung Galaxy A8+ Firmware The Samsung A8+ Android device with a build fingerprint of samsung/jackpot2ltexx/jackpot2lte:8.0.0/R16NW/A730FXXS4BSC2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 4.6 |
2019-11-14 | CVE-2019-15435 | Samsung | Unspecified vulnerability in Samsung Galaxy A7 Firmware The Samsung A7 Android device with a build fingerprint of samsung/a7y17ltexx/a7y17lte:8.0.0/R16NW/A720FXXU7CSC2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 4.6 |
2019-11-14 | CVE-2019-15434 | Samsung | Unspecified vulnerability in Samsung Galaxy A5 Firmware The Samsung A5 Android device with a build fingerprint of samsung/a5y17ltexx/a5y17lte:8.0.0/R16NW/A520FXXS8CSC5:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 4.6 |
2019-11-14 | CVE-2019-15433 | Samsung | Unspecified vulnerability in Samsung Galaxy A3 Firmware The Samsung A3 Android device with a build fingerprint of samsung/a3y17ltedx/a3y17lte:8.0.0/R16NW/A320YDXU4CSB3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. | 4.6 |
2019-11-14 | CVE-2019-15432 | Evercoss | Unspecified vulnerability in Evercoss U6 Firmware The Evercoss U6 Android device with a build fingerprint of EVERCOSS/U6/U6:7.0/NRD90M/1504236704:user/release-keys contains a pre-installed app with a package name of com.qiku.cleaner app (versionCode=2, versionName=2.0.0_VER_32516486284094) that allows other pre-installed apps to perform system properties modification via an accessible app component. | 4.6 |
2019-11-14 | CVE-2019-15416 | Sony | Unspecified vulnerability in Sony Xperia XZS Firmware The Sony keyaki_kddi Android device with a build fingerprint of Sony/keyaki_kddi/keyaki_kddi:7.1.1/TONE3-3.0.0-KDDI-170517-0326/1:user/dev-keys contains a pre-installed app with a package name of com.kddi.android.packageinstaller app (versionCode=70008, versionName=08.10.03) that allows other pre-installed apps to perform app installation via an accessible app component. | 4.6 |
2019-11-14 | CVE-2019-15412 | Asus | Unspecified vulnerability in Asus Zenfone 4 Selfie Firmware The Asus ZenFone 4 Selfie Android device with a build fingerprint of asus/WW_Z01M/ASUS_Z01M_1:7.1.1/NMF26F/WW_71.50.395.57_20180913:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. | 4.6 |
2019-11-14 | CVE-2019-14602 | Intel | Incorrect Default Permissions vulnerability in Intel Nuvoton Consumer Infrared 1.02.1002 Improper permissions in the installer for the Nuvoton* CIR Driver versions 1.02.1002 and before may allow an authenticated user to potentially enable escalation of privilege via local access. | 4.6 |
2019-11-14 | CVE-2019-11156 | Intel | Improper Privilege Management vulnerability in Intel Proset/Wireless Wifi Logic errors in Intel(R) PROSet/Wireless WiFi Software before version 21.40 may allow an authenticated user to potentially enable escalation of privilege, denial of service, and information disclosure via local access. | 4.6 |
2019-11-14 | CVE-2019-11153 | Intel | Out-of-bounds Write vulnerability in Intel Proset/Wireless Wifi Memory corruption issues in Intel(R) PROSet/Wireless WiFi Software extension DLL before version 21.40 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and a denial of service via local access. | 4.6 |
2019-11-14 | CVE-2019-18895 | Scanguard | Incorrect Default Permissions vulnerability in Scanguard Antivirus 20191112 Scanguard through 2019-11-12 on Windows has Insecure Permissions for the installation directory, leading to privilege escalation via a Trojan horse executable file. | 4.6 |
2019-11-14 | CVE-2011-1145 | Unixodbc Debian Opensuse Redhat | Classic Buffer Overflow vulnerability in multiple products The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string. | 4.6 |
2019-11-13 | CVE-2010-4661 | Udisks Project Debian Fedoraproject Opensuse Redhat | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules. | 4.6 |
2019-11-13 | CVE-2019-5246 | Huawei | Insufficient Verification of Data Authenticity vulnerability in Huawei Elle-Al00B Firmware Smartphones with software of ELLE-AL00B 9.1.0.109(C00E106R1P21), 9.1.0.113(C00E110R1P21), 9.1.0.125(C00E120R1P21), 9.1.0.135(C00E130R1P21), 9.1.0.153(C00E150R1P21), 9.1.0.155(C00E150R1P21), 9.1.0.162(C00E160R2P1) have an insufficient verification vulnerability. | 4.6 |
2019-11-12 | CVE-2019-5229 | Huawei | Insufficient Verification of Data Authenticity vulnerability in Huawei P30 Firmware P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an insufficient verification vulnerability. | 4.6 |
2019-11-12 | CVE-2019-1423 | Microsoft | Link Following vulnerability in Microsoft Windows 10 1903 An elevation of privilege vulnerability exists in the way that the StartTileData.dll handles file creation in protected locations, aka 'Windows Elevation of Privilege Vulnerability'. | 4.6 |
2019-11-12 | CVE-2019-1422 | Microsoft | Link Following vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the iphlpsvc.dll handles file creation allowing for a file overwrite, aka 'Windows Elevation of Privilege Vulnerability'. | 4.6 |
2019-11-12 | CVE-2019-1420 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the dssvc.dll handles file creation allowing for a file overwrite or creation in a secured location, aka 'Windows Elevation of Privilege Vulnerability'. | 4.6 |
2019-11-12 | CVE-2019-1417 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. | 4.6 |
2019-11-12 | CVE-2019-1415 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. | 4.6 |
2019-11-12 | CVE-2019-1383 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. | 4.6 |
2019-11-12 | CVE-2019-1380 | Microsoft | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Microsoft products A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege Vulnerability'. | 4.6 |
2019-11-12 | CVE-2019-1379 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2019 An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. | 4.6 |
2019-11-12 | CVE-2011-3618 | Atop Project Debian | Link Following vulnerability in multiple products atop: symlink attack possible due to insecure tempfile handling | 4.6 |
2019-11-11 | CVE-2019-18862 | GNU | Unspecified vulnerability in GNU Mailutils 0.5/0.6 maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode. | 4.6 |
2019-11-13 | CVE-2019-3641 | Mcafee | Unspecified vulnerability in Mcafee Threat Intelligence Exchange Server 3.0.0 Abuse of Authorization vulnerability in APIs exposed by TIE server in McAfee Threat Intelligence Exchange Server (TIE Server) 3.0.0 allows remote authenticated users to modify stored reputation data via specially crafted messages. | 4.5 |
2019-11-14 | CVE-2019-11113 | Intel Netapp | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer overflow in Kernel Mode module for Intel(R) Graphics Driver before version 25.20.100.6618 (DCH) or 21.20.x.5077 (aka15.45.5077) may allow a privileged user to potentially enable information disclosure via local access. | 4.4 |
2019-11-14 | CVE-2019-0117 | Intel | Unspecified vulnerability in Intel products Insufficient access control in protected memory subsystem for Intel(R) SGX for 6th, 7th, 8th, 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Xeon(R) Processor E3-1500 v5, v6 Families; Intel(R) Xeon(R) E-2100 & E-2200 Processor Families with Intel(R) Processor Graphics may allow a privileged user to potentially enable information disclosure via local access. | 4.4 |
2019-11-14 | CVE-2019-7962 | Adobe | Uncontrolled Search Path Element vulnerability in Adobe Illustrator CC Adobe Illustrator CC versions 23.1 and earlier have an insecure library loading (dll hijacking) vulnerability. | 4.4 |
2019-11-14 | CVE-2019-7960 | Adobe | Uncontrolled Search Path Element vulnerability in Adobe Animate CC Adobe Animate CC versions 19.2.1 and earlier have an insecure library loading (dll hijacking) vulnerability. | 4.4 |
2019-11-12 | CVE-2019-6172 | Lenovo | Unspecified vulnerability in Lenovo products A potential vulnerability in the SMI callback function used in Legacy USB driver using passed parameter without sufficient checking in some Lenovo ThinkPad models may allow arbitrary code execution. | 4.4 |
2019-11-12 | CVE-2019-6170 | Lenovo | Unspecified vulnerability in Lenovo products A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution. | 4.4 |
2019-11-12 | CVE-2019-1416 | Microsoft | Race Condition vulnerability in Microsoft products An elevation of privilege vulnerability exists due to a race condition in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'. | 4.4 |
2019-11-12 | CVE-2010-3359 | Gargoyle Project Debian | Improper Input Validation vulnerability in multiple products If LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, the variable will point to the current directory. | 4.4 |
2019-11-17 | CVE-2019-19040 | Kairosdb Project | Cross-site Scripting vulnerability in Kairosdb Project Kairosdb KairosDB through 1.2.2 has XSS in view.html because of showErrorMessage in js/graph.js, as demonstrated by view.html?q= with a '"sampling":{"value":"<script>' substring. | 4.3 |
2019-11-15 | CVE-2019-6663 | F5 | Improper Input Validation vulnerability in F5 products The BIG-IP 15.0.0-15.0.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5.1, BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1 configuration utility is vulnerable to Anti DNS Pinning (DNS Rebinding) attack. | 4.3 |
2019-11-15 | CVE-2019-18982 | Pimcore | Cross-site Scripting vulnerability in Pimcore bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore before 6.3.0 allows script execution in the Email Log preview window because of the lack of a Content-Security-Policy header. | 4.3 |
2019-11-14 | CVE-2019-15802 | Zyxel | Use of Hard-coded Credentials vulnerability in Zyxel products An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. | 4.3 |
2019-11-14 | CVE-2013-4106 | Cryptocat Project | Cross-site Scripting vulnerability in Cryptocat Project Cryptocat A Cross-site scripting (XSS) vulnerability exists in Conversation Overview Nickname in Cryptocat before 2.0.22. | 4.3 |
2019-11-14 | CVE-2013-4109 | Cryptocat Project | Cross-site Scripting vulnerability in Cryptocat Project Cryptocat 1.1.165 An unspecified cross-site scripting (XSS) vulnerability exists in Cryptocat Message Handling 1.1.165. | 4.3 |
2019-11-14 | CVE-2019-8244 | Adobe | Out-of-bounds Read vulnerability in Adobe Media Encoder 13.0.2/13.1 Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds read vulnerability. | 4.3 |
2019-11-14 | CVE-2019-8243 | Adobe | Out-of-bounds Read vulnerability in Adobe Media Encoder 13.0.2/13.1 Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds read vulnerability. | 4.3 |
2019-11-14 | CVE-2019-8242 | Adobe | Out-of-bounds Read vulnerability in Adobe Media Encoder 13.0.2/13.1 Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds read vulnerability. | 4.3 |
2019-11-14 | CVE-2019-8241 | Adobe | Out-of-bounds Read vulnerability in Adobe Media Encoder 13.0.2/13.1 Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds read vulnerability. | 4.3 |
2019-11-14 | CVE-2019-18957 | Microstrategy | Cross-site Scripting vulnerability in Microstrategy Library Microstrategy Library in MicroStrategy before 2019 before 11.1.3 has reflected XSS. | 4.3 |
2019-11-14 | CVE-2011-0544 | Phpbb Debian | Cross-site Scripting vulnerability in multiple products phpbb 3.0.x-3.0.6 has an XSS vulnerability via the [flash] BB tag. | 4.3 |
2019-11-13 | CVE-2019-13555 | Mitsubishielectric | Resource Exhaustion vulnerability in Mitsubishielectric products In Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial number 21081 and prior, Q04/06/13/26UDPVCPU: serial number 21081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 21081 and prior, MELSEC-L Series L02/06/26CPU, L26CPU-BT: serial number 21101 and prior, L02/06/26CPU-P, L26CPU-PBT: serial number 21101 and prior, and L02/06/26CPU-CM, L26CPU-BT-CM: serial number 21101 and prior, a remote attacker can cause the FTP service to enter a denial-of-service condition dependent on the timing at which a remote attacker connects to the FTP server on the above CPU modules. | 4.3 |
2019-11-13 | CVE-2019-18923 | GO Camo Project | Cross-site Scripting vulnerability in Go-Camo Project Go-Camo Insufficient content type validation of proxied resources in go-camo before 2.1.1 allows a remote attacker to serve arbitrary content from go-camo's origin. | 4.3 |
2019-11-13 | CVE-2013-3097 | Actiontec | Cross-site Scripting vulnerability in Actiontec Mi424Wr-Gen3I Firmware Unspecified Cross-site scripting (XSS) vulnerability in the Verizon FIOS Actiontec MI424WR-GEN3I router. | 4.3 |
2019-11-13 | CVE-2019-17550 | Adenion | Cross-site Scripting vulnerability in Adenion Blog2Social The Blog2Social plugin before 5.9.0 for WordPress is affected by: Cross Site Scripting (XSS). | 4.3 |
2019-11-13 | CVE-2019-17515 | Cleantalk | Cross-site Scripting vulnerability in Cleantalk Spam Protection, Antispam, Firewall The CleanTalk cleantalk-spam-protect plugin before 5.127.4 for WordPress is affected by: Cross Site Scripting (XSS). | 4.3 |
2019-11-13 | CVE-2012-5193 | Bitweaver | Cross-site Scripting vulnerability in Bitweaver 2.8.1 Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) stats/index.php or (2) newsletters/edition.php or the (3) username parameter to users/remind_password.php, (4) days parameter to stats/index.php, (5) login parameter to users/register.php, or (6) highlight parameter. | 4.3 |
2019-11-13 | CVE-2019-18883 | Lavalite | Cross-site Scripting vulnerability in Lavalite 5.7.0 XSS exists in Lavalite CMS 5.7 via the admin/profile name or designation field. | 4.3 |
2019-11-13 | CVE-2019-18793 | Parallels | Cross-site Scripting vulnerability in Parallels Plesk Panel 9.5 Parallels Plesk Panel 9.5 allows XSS in target/locales/tr-TR/help/index.htm? via the "fileName" parameter. | 4.3 |
2019-11-13 | CVE-2013-3516 | Netgear | Cross-Site Request Forgery (CSRF) vulnerability in Netgear Wnr3500L Firmware and Wnr3500U Firmware NETGEAR WNR3500U and WNR3500L routers uses form tokens abased solely on router's current date and time, which allows attackers to guess the CSRF tokens. | 4.3 |
2019-11-13 | CVE-2019-16950 | Enghouse | Cross-site Scripting vulnerability in Enghouse web Chat 6.1.300.31/6.2.284.34 An XSS issue was discovered in Enghouse Web Chat 6.1.300.31 and 6.2.284.34. | 4.3 |
2019-11-13 | CVE-2010-4532 | Debian Offlineimap | Improper Certificate Validation vulnerability in multiple products offlineimap before 6.3.2 does not check for SSL server certificate validation when "ssl = yes" option is specified which can allow man-in-the-middle attacks. | 4.3 |
2019-11-13 | CVE-2014-8167 | Redhat | Improper Certificate Validation vulnerability in Redhat products vdsm and vdsclient does not validate certficate hostname from another vdsm which could facilitate a man-in-the-middle attack | 4.3 |
2019-11-13 | CVE-2012-4385 | Trilexnet Debian | Cross-Site Request Forgery (CSRF) vulnerability in multiple products letodms 3.3.6 has CSRF via change password | 4.3 |
2019-11-13 | CVE-2014-3655 | Redhat | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Jboss Enterprise web Server and Keycloak JBoss KeyCloak is vulnerable to soft token deletion via CSRF | 4.3 |
2019-11-13 | CVE-2014-3592 | Redhat | Cross-site Scripting vulnerability in Redhat Openshift Origin OpenShift Origin: Improperly validated team names could allow stored XSS attacks | 4.3 |
2019-11-13 | CVE-2012-4384 | Trilexnet Debian | Cross-site Scripting vulnerability in multiple products letodms has multiple XSS issues: Reflected XSS in Login Page, Stored XSS in Document Owner/User name, Stored XSS in Calendar | 4.3 |
2019-11-13 | CVE-2019-5279 | Huawei | Unspecified vulnerability in Huawei Emily-L29C Firmware Huawei smart phones Emily-L29C with Versions earlier than 9.1.0.311(C10E2R1P13T8), Versions earlier than 9.1.0.311(C461E2R1P11T8), Versions earlier than 9.1.0.316(C635E2R1P11T8), Versions earlier than 9.1.0.311(C185E2R1P12T8), Versions earlier than 9.1.0.311(C605E2R1P12T8), Versions earlier than 9.1.0.311(C636E7R1P13T8) have an information leakage vulnerability. | 4.3 |
2019-11-13 | CVE-2019-5230 | Huawei | Improper Input Validation vulnerability in Huawei Mate RS Firmware, P20 Firmware and P20 PRO Firmware P20 Pro, P20, Mate RS smartphones with versions earlier than Charlotte-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than Emily-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than NEO-AL00D NEO-AL00 9.1.0.321(C786E320R1P1T8) have an improper validation vulnerability. | 4.3 |
2019-11-12 | CVE-2010-3857 | Redhat | Cross-site Scripting vulnerability in Redhat Jboss Business Rules Management System JBoss BRMS before 5.1.0 has a XSS vulnerability via asset=UUID parameter. | 4.3 |
2019-11-12 | CVE-2010-3299 | Rubyonrails Debian | Missing Encryption of Sensitive Data vulnerability in multiple products The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks. | 4.3 |
2019-11-12 | CVE-2019-17332 | Tibco | Cross-site Scripting vulnerability in Tibco EBX Add-Ons The Digital Asset Manager Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. | 4.3 |
2019-11-12 | CVE-2019-17330 | Tibco | Cross-site Scripting vulnerability in Tibco EBX The Web server component of TIBCO Software Inc.'s TIBCO EBX contains multiple vulnerabilities that theoretically allow authenticated users to perform stored cross-site scripting (XSS) attacks, and unauthenticated users to perform reflected cross-site scripting attacks. | 4.3 |
2019-11-12 | CVE-2019-1446 | Microsoft | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'. | 4.3 |
2019-11-12 | CVE-2019-1442 | Microsoft | Origin Validation Error vulnerability in Microsoft Sharepoint Server 2019 A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka 'Microsoft Office Security Feature Bypass Vulnerability'. | 4.3 |
2019-11-12 | CVE-2019-1439 | Microsoft | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. | 4.3 |
2019-11-12 | CVE-2019-1432 | Microsoft | Out-of-bounds Read vulnerability in Microsoft products An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. | 4.3 |
2019-11-12 | CVE-2019-1413 | Microsoft | Origin Validation Error vulnerability in Microsoft Edge A security feature bypass vulnerability exists when Microsoft Edge improperly handles extension requests and fails to request host permission for all_urls, aka 'Microsoft Edge Security Feature Bypass Vulnerability'. | 4.3 |
2019-11-12 | CVE-2019-1411 | Microsoft | Out-of-bounds Read vulnerability in Microsoft products An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. | 4.3 |
2019-11-12 | CVE-2019-1374 | Microsoft | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory, aka 'Windows Error Reporting Information Disclosure Vulnerability'. | 4.3 |
2019-11-12 | CVE-2019-18926 | Systematicinc | Cross-site Scripting vulnerability in Systematicinc Iris Standards Management 2.1 Systematic IRIS Standards Management (ISM) v2.1 SP1 89 is vulnerable to unauthenticated reflected Cross Site Scripting (XSS). | 4.3 |
2019-11-12 | CVE-2019-17236 | Getigniteup | Cross-site Scripting vulnerability in Getigniteup Igniteup includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress is vulnerable to stored XSS. | 4.3 |
2019-11-12 | CVE-2014-3599 | Redhat | XXE vulnerability in Redhat Hornetq HornetQ REST is vulnerable to XML External Entity due to insecure configuration of RestEasy | 4.3 |
2019-11-12 | CVE-2011-3370 | Status | Cross-site Scripting vulnerability in Status Statusnet 0.9.6/1.0.0 statusnet before 0.9.9 has XSS | 4.3 |
2019-11-12 | CVE-2011-2935 | Elgg | Cross-site Scripting vulnerability in Elgg Elgg through 1.7.10 has XSS | 4.3 |
2019-11-12 | CVE-2019-18882 | Wso2 | Cross-site Scripting vulnerability in Wso2 Identity Server 5.7.0 WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled. | 4.3 |
2019-11-12 | CVE-2019-18881 | Wso2 | Cross-site Scripting vulnerability in Wso2 Identity Server 5.7.0 WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile. | 4.3 |
2019-11-11 | CVE-2019-18853 | Imagemagick | Uncontrolled Recursion vulnerability in Imagemagick ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2. | 4.3 |
2019-11-15 | CVE-2019-6662 | F5 | Information Exposure Through Log Files vulnerability in F5 products On BIG-IP 13.1.0-13.1.1.4, sensitive information is logged into the local log files and/or remote logging targets when restjavad processes an invalid request. | 4.0 |
2019-11-14 | CVE-2019-11179 | Intel | Improper Input Validation vulnerability in Intel Baseboard Management Controller Firmware Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an authenticated user to potentially enable information disclosure via network access. | 4.0 |
2019-11-14 | CVE-2012-1161 | Moodle Fedoraproject | Information Exposure vulnerability in multiple products Moodle before 2.2.2: Course information leak via hidden courses being displayed in tag search results | 4.0 |
2019-11-14 | CVE-2012-1160 | Moodle Fedoraproject | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Moodle before 2.2.2 has a permission issue in Forum Subscriptions where unenrolled users can subscribe/unsubscribe via mod/forum/index.php | 4.0 |
2019-11-14 | CVE-2012-1159 | Moodle Fedoraproject | Information Exposure vulnerability in multiple products Moodle before 2.2.2: Overview report allows users to see hidden courses | 4.0 |
2019-11-14 | CVE-2012-1158 | Moodle Fedoraproject | Information Exposure vulnerability in multiple products Moodle before 2.2.2 has a course information leak in gradebook where users are able to see hidden grade items in export | 4.0 |
2019-11-14 | CVE-2012-1157 | Moodle Fedoraproject | Incorrect Default Permissions vulnerability in multiple products Moodle before 2.2.2 has a default repository capabilities issue where all repositories are viewable by all users by default | 4.0 |
2019-11-13 | CVE-2019-0393 | SAP | SQL Injection vulnerability in SAP Quality Management An SQL Injection vulnerability in SAP Quality Management (corrected in S4CORE versions 1.0, 1.01, 1.02, 1.03) allows an attacker to carry out targeted database queries that can read individual fields of historical inspection results. | 4.0 |
2019-11-13 | CVE-2019-0391 | SAP | Unspecified vulnerability in SAP Netweaver Application Server Java Under certain conditions SAP NetWeaver AS Java (corrected in 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise be restricted. | 4.0 |
2019-11-13 | CVE-2019-0390 | SAP | Information Exposure vulnerability in SAP Diagnostics Agent 7.2 Under certain conditions SAP Data Hub (corrected in DH_Foundation version 2) allows an attacker to access information which would otherwise be restricted. | 4.0 |
2019-11-13 | CVE-2019-16949 | Enghouse | Improper Input Validation vulnerability in Enghouse web Chat 6.1.300.31/6.2.284.34 An issue was discovered in Enghouse Web Chat 6.1.300.31 and 6.2.284.34. | 4.0 |
2019-11-13 | CVE-2019-5293 | Huawei | Missing Release of Resource after Effective Lifetime vulnerability in Huawei products Some Huawei products have a memory leak vulnerability when handling some messages. | 4.0 |
2019-11-12 | CVE-2010-3439 | COR Entertainment Debian Fedoraproject | Improper Input Validation vulnerability in multiple products It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command. | 4.0 |
2019-11-12 | CVE-2019-1443 | Microsoft | Unrestricted Upload of File with Dangerous Type vulnerability in Microsoft products An information disclosure vulnerability exists in Microsoft SharePoint when an attacker uploads a specially crafted file to the SharePoint Server.An authenticated attacker who successfully exploited this vulnerability could potentially leverage SharePoint functionality to obtain SMB hashes.The security update addresses the vulnerability by correcting how SharePoint checks file content., aka 'Microsoft SharePoint Information Disclosure Vulnerability'. | 4.0 |
2019-11-12 | CVE-2019-15815 | Zyxel | Authorization Bypass Through User-Controlled Key vulnerability in Zyxel 2.00(Abbx.3) ZyXEL P-1302-T10D v3 devices with firmware version 2.00(ABBX.3) and earlier do not properly enforce access control and could allow an unauthorized user to access certain pages that require admin privileges. | 4.0 |
118 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2019-11-14 | CVE-2019-11173 | Intel | Session Fixation vulnerability in Intel Baseboard Management Controller Firmware Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via local access. | 3.6 |
2019-11-14 | CVE-2019-11155 | Intel | Incorrect Default Permissions vulnerability in Intel Proset/Wireless Wifi Improper directory permissions in Intel(R) PROSet/Wireless WiFi Software before version 21.40 may allow an authenticated user to potentially enable denial of service and information disclosure via local access. | 3.6 |
2019-11-14 | CVE-2019-11154 | Intel | Incorrect Default Permissions vulnerability in Intel Proset/Wireless Wifi Improper directory permissions in Intel(R) PROSet/Wireless WiFi Software before version 21.40 may allow an authenticated user to potentially enable denial of service and information disclosure via local access. | 3.6 |
2019-11-13 | CVE-2010-4817 | Pithos Project Debian | Link Following vulnerability in multiple products pithos before 0.3.5 allows overwrite of arbitrary files via symlinks. | 3.6 |
2019-11-12 | CVE-2019-4652 | IBM | Incorrect Default Permissions vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure file permissions on restored files and directories in Windows which could allow a local user to obtain sensitive information or perform unauthorized actions. | 3.6 |
2019-11-14 | CVE-2019-18649 | Untangle | Cross-site Scripting vulnerability in Untangle NG Firewall 14.2.0 When logged in as an admin user, the Title input field (under Reports) within Untangle NG firewall 14.2.0 is vulnerable to stored XSS. | 3.5 |
2019-11-14 | CVE-2019-18648 | Untangle | Cross-site Scripting vulnerability in Untangle NG Firewall 14.2.0 When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input fields. | 3.5 |
2019-11-13 | CVE-2019-0385 | SAP | Cross-site Scripting vulnerability in SAP Enable NOW 1902 SAP Enable Now, before version 1908, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 3.5 |
2019-11-13 | CVE-2019-0382 | SAP | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform A Cross-Site Scripting vulnerability exists in SAP BusinessObjects Business Intelligence Platform (Web Intelligence-Publication related pages); corrected in version 4.2. | 3.5 |
2019-11-13 | CVE-2013-4275 | ZEN Project | Cross-site Scripting vulnerability in ZEN Project ZEN Cross-site scripting (XSS) vulnerability in the zen_breadcrumb function in template.php in the Zen theme 6.x-1.x, 7.x-3.x before 7.x-3.2, and 7.x-5.x before 7.x-5.4 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via the breadcrumb separator field. | 3.5 |
2019-11-13 | CVE-2013-3517 | Netgear | Cross-site Scripting vulnerability in Netgear Wnr3500L Firmware and Wnr3500U Firmware Cross-site scripting (XSS) vulnerability in NETGEAR WNR3500U and WNR3500L. | 3.5 |
2019-11-13 | CVE-2019-17524 | Technicolor | Cross-site Scripting vulnerability in Technicolor Tc7300.B0 Firmware Stfa.51.20 An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the "Connected Clients" field to /wlanAccess.asp. | 3.5 |
2019-11-13 | CVE-2019-17523 | Technicolor | Cross-site Scripting vulnerability in Technicolor Tc7300.B0 Firmware Stfa.51.20 An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the FileName parameter to /FTPDiag.asp. | 3.5 |
2019-11-12 | CVE-2019-17331 | Tibco | Cross-site Scripting vulnerability in Tibco EBX Add-Ons 3.20.13/4.1.0 The Data Exchange Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. | 3.5 |
2019-11-13 | CVE-2019-3420 | ZTE | Unspecified vulnerability in ZTE Zxhn H108N Firmware 2.5.0Eg1T5Ted All versions up to V2.5.0_EG1T5_TED of ZTE ZXHN H108N product are impacted by an information leak vulnerability. | 3.3 |
2019-11-12 | CVE-2010-3440 | Babiloo Project Debian | Download of Code Without Integrity Check vulnerability in multiple products babiloo 2.0.9 before 2.0.11 creates temporary files with predictable names when downloading and unpacking dictionary files, allowing a local attacker to overwrite arbitrary files. | 3.3 |
2019-11-12 | CVE-2010-3095 | Mailscanner | Link Following vulnerability in Mailscanner mailscanner before 4.79.11-2.1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files. | 3.3 |
2019-11-12 | CVE-2011-5271 | Clusterlabs | Link Following vulnerability in Clusterlabs Pacemaker Pacemaker before 1.1.6 configure script creates temporary files insecurely | 3.3 |
2019-11-15 | CVE-2011-2916 | Qtnx Project | Cleartext Storage of Sensitive Information vulnerability in Qtnx Project Qtnx 0.9 qtnx 0.9 stores non-custom SSH keys in a world-readable configuration file. | 2.1 |
2019-11-15 | CVE-2019-12756 | Symantec | Unspecified vulnerability in Symantec Endpoint Protection Symantec Endpoint Protection (SEP), prior to 14.2 RU2 may be susceptible to a password protection bypass vulnerability whereby the secondary layer of password protection could by bypassed for individuals with local administrator rights. | 2.1 |
2019-11-14 | CVE-2019-17391 | Espressif | Improper Handling of Exceptional Conditions vulnerability in Espressif products An issue was discovered in the Espressif ESP32 mask ROM code 2016-06-08 0 through 2. | 2.1 |
2019-11-14 | CVE-2019-0150 | Intel | Unspecified vulnerability in Intel products Insufficient access control in firmware Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow a privileged user to potentially enable a denial of service via local access. | 2.1 |
2019-11-14 | CVE-2019-0149 | Intel | Improper Input Validation vulnerability in Intel products Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 2.8.43 may allow an authenticated user to potentially enable a denial of service via local access. | 2.1 |
2019-11-14 | CVE-2019-0148 | Intel | Missing Release of Resource after Effective Lifetime vulnerability in Intel products Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access. | 2.1 |
2019-11-14 | CVE-2019-0147 | Intel | Improper Input Validation vulnerability in Intel products Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access. | 2.1 |
2019-11-14 | CVE-2019-0146 | Intel | Missing Release of Resource after Effective Lifetime vulnerability in Intel products Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 2.8.43 may allow an authenticated user to potentially enable a denial of service via local access. | 2.1 |
2019-11-14 | CVE-2019-15744 | Sony | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Sony Xperia XZS Firmware The Sony Xperia Xperia XZs Android device with a build fingerprint of Sony/keyaki_softbank/keyaki_softbank:7.1.1/TONE3-3.0.0-SOFTBANK-170517-0323/1:user/dev-keys contains a pre-installed app with a package name of jp.softbank.mb.tdrl app (versionCode=1413005, versionName=1.3.0) that allows unauthorized wireless settings modification via a confused deputy attack. | 2.1 |
2019-11-14 | CVE-2019-15743 | Sony | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Sony Xperia Touch Firmware The Sony Xperia Touch Android device with a build fingerprint of Sony/blanc_windy/blanc_windy:7.0/LOIRE-SMART-BLANC-1.0.0-170530-0834/1:user/dev-keys contains a pre-installed app with a package name of com.sonymobile.android.maintenancetool.testmic app (versionCode=24, versionName=7.0) that allows unauthorized microphone audio recording via a confused deputy attack. | 2.1 |
2019-11-14 | CVE-2019-15475 | MI | Externally Controlled Reference to a Resource in Another Sphere vulnerability in MI A3 Firmware The Xiaomi Mi A3 Android device with a build fingerprint of xiaomi/onc_eea/onc:9/PKQ1.181021.001/V10.2.8.0.PFLEUXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. | 2.1 |
2019-11-14 | CVE-2019-15474 | MI | Externally Controlled Reference to a Resource in Another Sphere vulnerability in MI Cepheus Firmware The Xiaomi Cepheus Android device with a build fingerprint of Xiaomi/cepheus/cepheus:9/PKQ1.181121.001/V10.2.6.0.PFAMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. | 2.1 |
2019-11-14 | CVE-2019-15473 | MI | Externally Controlled Reference to a Resource in Another Sphere vulnerability in MI A2 Lite Firmware The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/jasmine/jasmine_sprout:9/PKQ1.180904.001/V10.0.2.0.PDIMIFJ:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. | 2.1 |
2019-11-14 | CVE-2019-15472 | MI | Externally Controlled Reference to a Resource in Another Sphere vulnerability in MI A2 Lite Firmware The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/daisy/daisy_sprout:9/PKQ1.180917.001/V10.0.3.0.PDLMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. | 2.1 |
2019-11-14 | CVE-2019-15471 | MI | Unspecified vulnerability in MI MIX 2S Firmware The Xiaomi Mi Mix 2S Android device with a build fingerprint of Xiaomi/polaris/polaris:8.0.0/OPR1.170623.032/V9.5.19.0.ODGMIFA:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=27, versionName=8.1.0) that allows other pre-installed apps to perform microphone audio recording via an accessible app component. | 2.1 |
2019-11-14 | CVE-2019-15470 | MI | Unspecified vulnerability in MI Redmi Note 6 PRO Firmware The Xiaomi Redmi Note 6 Pro Android device with a build fingerprint of xiaomi/tulip/tulip:8.1.0/OPM1.171019.011/V10.2.2.0.OEKMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=27, versionName=8.1.0) that allows other pre-installed apps to perform microphone audio recording via an accessible app component. | 2.1 |
2019-11-14 | CVE-2019-15469 | MI | Unspecified vulnerability in MI PAD 4 Firmware The Xiaomi Mi Pad 4 Android device with a build fingerprint of Xiaomi/clover/clover:8.1.0/OPM1.171019.019/V9.6.26.0.ODJCNFD:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=27, versionName=8.1.0) that allows other pre-installed apps to perform microphone audio recording via an accessible app component. | 2.1 |
2019-11-14 | CVE-2019-15468 | MI | Externally Controlled Reference to a Resource in Another Sphere vulnerability in MI A2 Lite Firmware The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/daisy/daisy_sprout:9/PKQ1.180917.001/V10.0.3.0.PDLMIXM:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=QL1715_201812071953) that allows unauthorized wireless settings modification via a confused deputy attack. | 2.1 |
2019-11-14 | CVE-2019-15467 | MI | Externally Controlled Reference to a Resource in Another Sphere vulnerability in MI MIX 2S Firmware The Xiaomi Mi Mix 2S Android device with a build fingerprint of Xiaomi/polaris/polaris:8.0.0/OPR1.170623.032/V9.5.19.0.ODGMIFA:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=A2060_201801032053) that allows unauthorized wireless settings modification via a confused deputy attack. | 2.1 |
2019-11-14 | CVE-2019-15466 | MI | Externally Controlled Reference to a Resource in Another Sphere vulnerability in MI Redmi 6 PRO Firmware The Xiaomi Redmi 6 Pro Android device with a build fingerprint of xiaomi/sakura_india/sakura_india:8.1.0/OPM1.171019.019/V10.2.6.0.ODMMIXM:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=QL1715_201812191721) that allows unauthorized wireless settings modification via a confused deputy attack. | 2.1 |
2019-11-14 | CVE-2019-15431 | Evercoss | Unspecified vulnerability in Evercoss U50A MAX Firmware The Evercoss U50A Android device with a build fingerprint of EVERCOSS/U50A./EVERCOSS:7.0/NRD90M/1499911028:eng/test-keys contains a pre-installed app with a package name of com.qiku.cleaner app (versionCode=2, versionName=2.0_VER_2017.04.21_17:55:55) that allows other pre-installed apps to perform system properties modification via an accessible app component. | 2.1 |
2019-11-14 | CVE-2019-15430 | Bluboo D3 PRO Project | Unspecified vulnerability in Bluboo D3 PRO Project Bluboo D3 PRO Firmware The Bluboo D3 Pro Android device with a build fingerprint of BLUBOO/Bluboo_D2_Pro/Bluboo_D2_Pro:7.0/NRD90M/1510370501:user/release-keys contains a pre-installed app with a package name of com.qiku.cleaner app (versionCode=2, versionName=2.0.0_VER_32516508295515) that allows other pre-installed apps to perform system properties modification via an accessible app component. | 2.1 |
2019-11-14 | CVE-2019-15428 | MI | Externally Controlled Reference to a Resource in Another Sphere vulnerability in MI Note 2 Firmware The Xiaomi Mi Note 2 Android device with a build fingerprint of Xiaomi/scorpio/scorpio:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app (versionCode=40000, versionName=4.0.00) that allows unauthorized wireless settings modification via a confused deputy attack. | 2.1 |
2019-11-14 | CVE-2019-15427 | MI | Externally Controlled Reference to a Resource in Another Sphere vulnerability in MI MIX Firmware The Xiaomi Mi Mix Android device with a build fingerprint of Xiaomi/lithium/lithium:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app (versionCode=40000, versionName=4.0.00) that allows unauthorized wireless settings modification via a confused deputy attack. | 2.1 |
2019-11-14 | CVE-2019-15426 | MI | Externally Controlled Reference to a Resource in Another Sphere vulnerability in MI 5S Plus Firmware The Xiaomi 5S Plus Android device with a build fingerprint of Xiaomi/natrium/natrium:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app (versionCode=40000, versionName=4.0.00) that allows unauthorized wireless settings modification via a confused deputy attack. | 2.1 |
2019-11-14 | CVE-2019-15425 | Katadigital | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Katadigital M4S Firmware The Kata M4s Android device with a build fingerprint of alps/full_hct6750_66_n/hct6750_66_n:7.0/NRD90M/1495624556:user/test-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. | 2.1 |
2019-11-14 | CVE-2019-15424 | Doogee | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Doogee Bl5000 Firmware The Doogee BL5000 Android device with a build fingerprint of DOOGEE/BL5000/BL5000:7.0/NRD90M/1497072355:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. | 2.1 |
2019-11-14 | CVE-2019-15423 | Bluboo S1 Project | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Bluboo S1 Project Blueboo S1 Firmware The Bluboo Bluboo_S1 Android device with a build fingerprint of BLUBOO/Bluboo_S1/Bluboo_S1:7.0/NRD90M/1495809471:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. | 2.1 |
2019-11-14 | CVE-2019-15422 | Doogee | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Doogee MIX Firmware The Doogee Mix Android device with a build fingerprint of DOOGEE/MIX/MIX:7.0/NRD90M/1495809471:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. | 2.1 |
2019-11-14 | CVE-2019-15421 | Blackview | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Blackview Bv7000 PRO Firmware The Blackview BV7000_Pro Android device with a build fingerprint of Blackview/BV7000_Pro/BV7000_Pro:7.0/NRD90M/1493011204:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. | 2.1 |
2019-11-14 | CVE-2019-15420 | Blackview | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Blackview Bv9000Pro-F Firmware The Blackview BV9000Pro-F Android device with a build fingerprint of Blackview/BV9000Pro-F/BV9000Pro-F:7.1.1/N4F26M/1514363110:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. | 2.1 |
2019-11-14 | CVE-2019-15415 | MI | Externally Controlled Reference to a Resource in Another Sphere vulnerability in MI Redmi 5 Firmware The Xiaomi Redmi 5 Android device with a build fingerprint of xiaomi/vince/vince:7.1.2/N2G47H/V9.5.4.0.NEGMIFA:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=QL1711_201803291645) that allows unauthorized wireless settings modification via a confused deputy attack. | 2.1 |
2019-11-14 | CVE-2019-15393 | Asus | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Asus Zenfone Live (L1) Firmware The Asus ZenFone Live Android device with a build fingerprint of asus/WW_Phone/ASUS_X00LD_3:7.1.1/NMF26F/14.0400.1806.203-20180720:user/release-keys contains a pre-installed app with a package name of com.asus.atd.smmitest app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. | 2.1 |
2019-11-14 | CVE-2019-15392 | Asus | Unspecified vulnerability in Asus Zenfone 4 Selfie Firmware The Asus ZenFone 4 Selfie Android device with a build fingerprint of Android/sdm660_64/sdm660_64:8.1.0/OPM1/14.2016.1802.247-20180419:user/release-keys contains a pre-installed app with a package name of com.log.logservice app (versionCode=1, versionName=1) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2.1 |
2019-11-14 | CVE-2019-15391 | Asus | Unspecified vulnerability in Asus Zenfone 4 Selfie Firmware The Asus ZenFone 4 Selfie Android device with a build fingerprint of asus/WW_Phone/ASUS_X00LD_1:8.1.0/OPM1.171019.011/15.0400.1809.405-0:user/release-keys contains a pre-installed app with a package name of com.log.logservice app (versionCode=1, versionName=1) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2.1 |
2019-11-14 | CVE-2019-15390 | Haier G8 Project | Unspecified vulnerability in Haier G8 Project Haier G8 Firmware The Haier G8 Android device with a build fingerprint of Haier/HM-G559-FL/G8:8.1.0/O11019/1522294799:user/release-keys contains a pre-installed app with a package name of com.qiku.service.container app (versionCode=5, versionName=1.03.00_VER_32525983298984) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2.1 |
2019-11-14 | CVE-2019-15387 | Archos | Missing Authorization vulnerability in Archos Core 101 Firmware The Archos Core 101 Android device with a build fingerprint of archos/MTKAC101CR3G_ARCHOS/ac101cr3g:7.0/NRD90M/20180611.034442:user/release-keys contains a pre-installed app with a package name of com.roco.autogen app (versionCode=1, versionName=1) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | 2.1 |
2019-11-14 | CVE-2019-15386 | Lavamobiles | Missing Authorization vulnerability in Lavamobiles Z60S Firmware The Lava Z60s Android device with a build fingerprint of LAVA/Z60s/Z60s:8.1.0/O11019/1530331229:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2.1 |
2019-11-14 | CVE-2019-15385 | Infinixmobility | Unspecified vulnerability in Infinixmobility Note 5 Firmware The Infinix Note 5 Android device with a build fingerprint of Infinix/H633B/Infinix-X604_sprout:8.1.0/O11019/L-IN-180206V64:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2.1 |
2019-11-14 | CVE-2019-15384 | Elephone | Unspecified vulnerability in Elephone A4 Firmware The Elephone A4 Android device with a build fingerprint of Elephone/A4/A4:8.1.0/O11019/20180530.143559:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2.1 |
2019-11-14 | CVE-2019-15383 | Allviewmobile | Unspecified vulnerability in Allviewmobile Soul X5 Firmware The Allview X5 Android device with a build fingerprint of ALLVIEW/X5_Soul_Mini/X5_Soul_Mini:8.1.0/O11019/1522468763:userdebug/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2.1 |
2019-11-14 | CVE-2019-15382 | Cubot | Unspecified vulnerability in Cubot Nova Firmware The Cubot Nova Android device with a build fingerprint of CUBOT/CUBOT_NOVA/CUBOT_NOVA:8.1.0/O11019/1527060122:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2.1 |
2019-11-14 | CVE-2019-15381 | BQ | Unspecified vulnerability in BQ 5515L Firmware The BQ 5515L Android device with a build fingerprint of BQru/BQru-5515L/BQru-5515L:8.1.0/O11019/20180409.195525:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2.1 |
2019-11-14 | CVE-2019-15380 | FLY Phone | Unspecified vulnerability in Fly-Phone Photo PRO Firmware The Fly Photo Pro Android device with a build fingerprint of Fly/PhotoPro/Photo_Pro:8.1.0/O11019/1528117003:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2.1 |
2019-11-14 | CVE-2019-15379 | Waltonbd | Unspecified vulnerability in Waltonbd Primo G3 Firmware The Walton Primo G3 Android device with a build fingerprint of WALTON/Primo_GM3/Primo_GM3:8.1.0/O11019/1522737198:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2.1 |
2019-11-14 | CVE-2019-15378 | Panasonic | Unspecified vulnerability in Panasonic Eluga RAY 600 Firmware The Panasonic Eluga Ray 600 Android device with a build fingerprint of Panasonic/ELUGA_Ray_600/ELUGA_Ray_600:8.1.0/O11019/1532692680:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2.1 |
2019-11-14 | CVE-2019-15377 | Cherrymobile | Unspecified vulnerability in Cherrymobile Flare S7 Firmware The Cherry Flare S7 Android device with a build fingerprint of Cherry_Mobile/Flare_S7_Deluxe/Flare_S7_Deluxe:8.1.0/O11019/1533920920:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2.1 |
2019-11-14 | CVE-2019-15376 | Panasonic | Unspecified vulnerability in Panasonic Eluga RAY 530 Firmware The Panasonic Eluga Ray 530 Android device with a build fingerprint of Panasonic/ELUGA_Ray_530/ELUGA_Ray_530:8.1.0/O11019/1531828974:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2.1 |
2019-11-14 | CVE-2019-15375 | Haier | Unspecified vulnerability in Haier G8 Firmware The Haier G8 Android device with a build fingerprint of Haier/HM-G559-FL/G8:8.1.0/O11019/1522294799:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2.1 |
2019-11-14 | CVE-2019-15374 | Lavamobiles | Unspecified vulnerability in Lavamobiles Iris 88 Lite Firmware The Lava Iris 88 Lite Android device with a build fingerprint of LAVA/iris88_lite/iris88_lite:8.1.0/O11019/1536323070:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2.1 |
2019-11-14 | CVE-2019-15373 | Symphony Mobile | Unspecified vulnerability in Symphony-Mobile I95 Lite Firmware The Symphony i95 Lite Android device with a build fingerprint of LAVA/iris88_lite/iris88_lite:8.1.0/O11019/1536323070:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2.1 |
2019-11-14 | CVE-2019-15372 | Hisense | Unspecified vulnerability in Hisense Infinity F17 Firmware The Hisense F17 Android device with a build fingerprint of Hisense/F17_4G/HS6739MT:8.1.0/O11019/Hisense_F17_4G_00_S01:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2.1 |
2019-11-14 | CVE-2019-15371 | Symphony Mobile | Unspecified vulnerability in Symphony-Mobile G100 Firmware The Symphony G100 Android device with a build fingerprint of Symphony/G100/G100:8.1.0/O11019/1530618779:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2.1 |
2019-11-14 | CVE-2019-15370 | Haier G8 Project | Unspecified vulnerability in Haier G8 Project Haier G8 Firmware The Haier G8 Android device with a build fingerprint of Haier/HM-G559-FL/G8:8.1.0/O11019/1526527761:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2.1 |
2019-11-14 | CVE-2019-15369 | Lavamobiles | Unspecified vulnerability in Lavamobiles Z61 Turbo Firmware The Lava Z61 Turbo Android device with a build fingerprint of LAVA/Z61_Turbo/Z61_Turbo:8.1.0/O11019/1536917928:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2.1 |
2019-11-14 | CVE-2019-15368 | Coolpad | Unspecified vulnerability in Coolpad Mega 5 Firmware The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2.1 |
2019-11-14 | CVE-2019-15367 | Haier | Unspecified vulnerability in Haier P10 Firmware The Haier P10 Android device with a build fingerprint of Haier/P10/P10:8.1.0/O11019/1532662449:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2.1 |
2019-11-14 | CVE-2019-15366 | Infinixmobility | Unspecified vulnerability in Infinixmobility Note 5 Firmware The Infinix Note 5 Android device with a build fingerprint of Infinix/H633IJL/Infinix-X604_sprout:8.1.0/O11019/IJL-180531V181:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2.1 |
2019-11-14 | CVE-2019-15365 | Lavamobiles | Unspecified vulnerability in Lavamobiles Z92 Firmware The Lava Z92 Android device with a build fingerprint of LAVA/Z92/Z92:8.1.0/O11019/1535088037:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2.1 |
2019-11-14 | CVE-2019-15364 | Dexp | Unspecified vulnerability in Dexp Bl250 Firmware The Dexp BL250 Android device with a build fingerprint of DEXP/BL250/BL250:8.1.0/O11019/1530858027:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2.1 |
2019-11-14 | CVE-2019-15363 | Leagoo | Unspecified vulnerability in Leagoo Power 5 Firmware The Leagoo Power 5 Android device with a build fingerprint of LEAGOO/Power_5/Power_5:8.1.0/O11019/1532686195:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2.1 |
2019-11-14 | CVE-2019-15362 | Lavamobiles | Unspecified vulnerability in Lavamobiles Iris 88 Firmware The Lava Iris 88 Go Android device with a build fingerprint of LAVA/iris88_go/iris88_go:8.1.0/O11019/1538188945:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2.1 |
2019-11-14 | CVE-2019-15361 | Infinixmobility | Unspecified vulnerability in Infinixmobility Note 5 Firmware The Infinix Note 5 Android device with a build fingerprint of Infinix/H632C/Infinix-X605_sprout:8.1.0/O11019/CE-180914V59:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2.1 |
2019-11-14 | CVE-2019-15360 | Hisense | Unspecified vulnerability in Hisense Infinity U965 Firmware The Hisense U965 Android device with a build fingerprint of Hisense/U965_4G_10/HS6739MT:8.1.0/O11019/Hisense_U965_4G_10_S01:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2.1 |
2019-11-14 | CVE-2019-15359 | Haier | Unspecified vulnerability in Haier A6 Firmware The Haier A6 Android device with a build fingerprint of Haier/A6/A6:8.1.0/O11019/1534219877:userdebug/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2.1 |
2019-11-14 | CVE-2019-15358 | Dexp | Unspecified vulnerability in Dexp Z250 Firmware The Dexp Z250 Android device with a build fingerprint of DEXP/Z250/Z250:8.1.0/O11019/1531130719:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2.1 |
2019-11-14 | CVE-2019-15357 | Advandigital | Unspecified vulnerability in Advandigital I6A Firmware The Advan i6A Android device with a build fingerprint of ADVAN/i6A/i6A:8.1.0/O11019/1523602705:userdebug/test-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2.1 |
2019-11-14 | CVE-2019-15356 | Lavamobiles | Unspecified vulnerability in Lavamobiles Flair Z1 Firmware The Lava Flair Z1 Android device with a build fingerprint of LAVA/Z1/Z1:8.1.0/O11019/1536680131:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2.1 |
2019-11-14 | CVE-2019-15355 | Tecno Mobile | Unspecified vulnerability in Tecno-Mobile Camon Iclick Firmware The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2.1 |
2019-11-14 | CVE-2019-15354 | Ulefone | Unspecified vulnerability in Ulefone Armor 5 Firmware The Ulefone Armor 5 Android device with a build fingerprint of Ulefone/Ulefone_Armor_5/Ulefone_Armor_5:8.1.0/O11019/1528806701:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2.1 |
2019-11-14 | CVE-2019-15353 | Coolpad | Unspecified vulnerability in Coolpad N3C Firmware The Coolpad N3C Android device with a build fingerprint of Coolpad/N3C/N3C:8.1.0/O11019/1538236809:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2.1 |
2019-11-14 | CVE-2019-15352 | Coolpad | Unspecified vulnerability in Coolpad Mega 5 Firmware The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2.1 |
2019-11-14 | CVE-2019-15340 | MI | Incorrect Permission Assignment for Critical Resource vulnerability in MI Redmi 6 Firmware The Xiaomi Redmi 6 Pro Android device with a build fingerprint of xiaomi/sakura_india/sakura_india:8.1.0/OPM1.171019.019/V9.6.4.0.ODMMIFD:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=QL1715_201805292006) that allows any app co-located on the device to programmatically disable and enable Wi-Fi, Bluetooth, and GPS without the corresponding access permission through an exported interface. | 2.1 |
2019-11-14 | CVE-2019-15339 | Lavamobiles | Incorrect Permission Assignment for Critical Resource vulnerability in Lavamobiles Z60S Firmware The Lava Z60s Android device with a build fingerprint of LAVA/Z60s/Z60s:8.1.0/O11019/1530331229:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | 2.1 |
2019-11-14 | CVE-2019-15338 | Lavamobiles | Incorrect Permission Assignment for Critical Resource vulnerability in Lavamobiles Iris 88 Firmware The Lava Iris 88 Lite Android device with a build fingerprint of LAVA/iris88_lite/iris88_lite:8.1.0/O11019/1536323070:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | 2.1 |
2019-11-14 | CVE-2019-15337 | Lavamobiles | Incorrect Permission Assignment for Critical Resource vulnerability in Lavamobiles Z81 Firmware The Lava Z81 Android device with a build fingerprint of LAVA/Z81/Z81:8.1.0/O11019/1532317309:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.31) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | 2.1 |
2019-11-14 | CVE-2019-15336 | Lavamobiles | Incorrect Permission Assignment for Critical Resource vulnerability in Lavamobiles Z61 Firmware The Lava Z61 Turbo Android device with a build fingerprint of LAVA/Z61_Turbo/Z61_Turbo:8.1.0/O11019/1536917928:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.31) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | 2.1 |
2019-11-14 | CVE-2019-15335 | Lavamobiles | Incorrect Permission Assignment for Critical Resource vulnerability in Lavamobiles Z92 Firmware The Lava Z92 Android device with a build fingerprint of LAVA/Z92/Z92:8.1.0/O11019/1535088037:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | 2.1 |
2019-11-14 | CVE-2019-15334 | Lavamobiles | Incorrect Permission Assignment for Critical Resource vulnerability in Lavamobiles Iris 88 Firmware The Lava Iris 88 Go Android device with a build fingerprint of LAVA/iris88_go/iris88_go:8.1.0/O11019/1538188945:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | 2.1 |
2019-11-14 | CVE-2019-15333 | Lavamobiles | Incorrect Permission Assignment for Critical Resource vulnerability in Lavamobiles Flair Z1 Firmware The Lava Flair Z1 Android device with a build fingerprint of LAVA/Z1/Z1:8.1.0/O11019/1536680131:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | 2.1 |
2019-11-14 | CVE-2019-15332 | Lavamobiles | Improper Privilege Management vulnerability in Lavamobiles Z61 Firmware The Lava Z61 Android device with a build fingerprint of LAVA/Z61_2GB/Z61_2GB:8.1.0/O11019/1533889281:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | 2.1 |
2019-11-14 | CVE-2019-18885 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verify_dev_extents NULL pointer dereference via a crafted btrfs image because fs_devices->devices is mishandled within find_device, aka CID-09ba3bc9dd15. | 2.1 |
2019-11-14 | CVE-2011-1490 | Rsyslog Debian Opensuse | Missing Release of Resource after Effective Lifetime vulnerability in multiple products A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. | 2.1 |
2019-11-14 | CVE-2011-1489 | Rsyslog Opensuse Debian | Missing Release of Resource after Effective Lifetime vulnerability in multiple products A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. | 2.1 |
2019-11-13 | CVE-2019-2197 | Improper Privilege Management vulnerability in Google Android In processPhonebookAccess of CachedBluetoothDevice.java, there is a possible permission bypass due to an insecure default value. | 2.1 | |
2019-11-13 | CVE-2019-5292 | Huawei | Unspecified vulnerability in Huawei products Honor 10 Lite, Honor 8A, Huawei Y6 mobile phones with the versions before 9.1.0.217(C00E215R3P1), the versions before 9.1.0.205(C00E97R1P9), the versions before 9.1.0.205(C00E97R2P2) have an information leak vulnerability. | 2.1 |
2019-11-13 | CVE-2019-5231 | Huawei | Incorrect Authorization vulnerability in Huawei P30 Firmware P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.186(C00E180R2P1) have an improper authorization vulnerability. | 2.1 |
2019-11-12 | CVE-2010-4177 | Oracle Fedoraproject | Cleartext Transmission of Sensitive Information vulnerability in multiple products mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+openSUSE-2.3 exposes the password of a user connected to the MySQL server in clear text form via the list of running processes. | 2.1 |
2019-11-12 | CVE-2010-3292 | Mailscanner | Missing Encryption of Sensitive Data vulnerability in Mailscanner 4.79.112 The update{_bad,}_phishing_sites scripts in mailscanner 4.79.11-2 downloads files and trusts them without using encryption (e.g., https) or digital signature checking which could allow an attacker to replace certain configuration files (e.g., phishing whitelist) via dns/packet spoofing. | 2.1 |
2019-11-12 | CVE-2019-1440 | Microsoft | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. | 2.1 |
2019-11-12 | CVE-2019-1436 | Microsoft | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. | 2.1 |
2019-11-12 | CVE-2019-1418 | Microsoft | Information Exposure vulnerability in Microsoft products An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure Vulnerability'. | 2.1 |
2019-11-12 | CVE-2019-1412 | Microsoft | Out-of-bounds Read vulnerability in Microsoft products An information disclosure vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory, aka 'OpenType Font Driver Information Disclosure Vulnerability'. | 2.1 |
2019-11-12 | CVE-2019-1409 | Microsoft | Improper Initialization vulnerability in Microsoft products An information disclosure vulnerability exists when the Windows Remote Procedure Call (RPC) runtime improperly initializes objects in memory, aka 'Windows Remote Procedure Call Information Disclosure Vulnerability'. | 2.1 |
2019-11-12 | CVE-2019-1402 | Microsoft | Information Exposure vulnerability in Microsoft Office and Office 365 An information disclosure vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Information Disclosure Vulnerability'. | 2.1 |
2019-11-12 | CVE-2019-1382 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when ActiveX Installer service may allow access to files without proper authentication, aka 'Microsoft ActiveX Installer Service Elevation of Privilege Vulnerability'. | 2.1 |
2019-11-12 | CVE-2019-1381 | Microsoft | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists when the Windows Servicing Stack allows access to unprivileged file locations, aka 'Microsoft Windows Information Disclosure Vulnerability'. | 2.1 |
2019-11-12 | CVE-2019-1370 | Microsoft | Information Exposure vulnerability in Microsoft Open Enclave Software Development KIT An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory, aka 'Open Enclave SDK Information Disclosure Vulnerability'. | 2.1 |
2019-11-14 | CVE-2011-1488 | Rsyslog Opensuse Debian | Missing Release of Resource after Effective Lifetime vulnerability in multiple products A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when $RepeatedMsgReduction was enabled. | 1.9 |
2019-11-12 | CVE-2019-5213 | Huawei | Improper Authentication vulnerability in Huawei Honor Play Firmware 9.1.0.333(C00E333R1P1T8)/Cornellal00A9.0.0.156(C00E156R1P13T8) Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8) have an insufficient authentication vulnerability. | 1.9 |