Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-13685 | 1 Google | 1 Chrome | 2019-11-27 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in sharing view in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2019-13686 | 1 Google | 1 Chrome | 2019-11-27 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in offline mode in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2019-13687 | 1 Google | 1 Chrome | 2019-11-27 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2019-13688 | 1 Google | 1 Chrome | 2019-11-27 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2019-13694 | 1 Google | 1 Chrome | 2019-11-27 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in WebRTC in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2019-13696 | 1 Google | 1 Chrome | 2019-11-27 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in JavaScript in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2018-13760 | 1 Moneychainnettoken Project | 1 Moneychainnettoken | 2019-11-26 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for MoneyChainNet (MCN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-14005 | 1 Malaysiancoin Project | 1 Malaysiancoin | 2019-11-26 | 5.0 MEDIUM | 7.5 HIGH |
| An integer overflow vulnerability exists in the function transferAny of Malaysia coins (Xmc), an Ethereum token smart contract. An attacker could use it to set any user's balance. | |||||
| CVE-2018-13916 | 1 Qualcomm | 110 Apq8009, Apq8009 Firmware, Apq8017 and 107 more | 2019-11-26 | 7.2 HIGH | 7.8 HIGH |
| Out-of-bounds memory access in Qurt kernel function when using the identifier to access Qurt kernel buffer to retrieve thread data. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8976, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX55, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130 | |||||
| CVE-2019-13693 | 1 Google | 1 Chrome | 2019-11-26 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in IndexedDB in Google Chrome prior to 77.0.3865.120 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. | |||||
| CVE-2019-10486 | 1 Qualcomm | 72 Apq8009, Apq8009 Firmware, Apq8017 and 69 more | 2019-11-26 | 4.4 MEDIUM | 7.0 HIGH |
| Race condition due to the lack of resource lock which will be concurrently modified in the memcpy statement leads to out of bound access in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8939, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150 | |||||
| CVE-2019-10503 | 1 Qualcomm | 54 Apq8009, Apq8009 Firmware, Apq8017 and 51 more | 2019-11-26 | 4.6 MEDIUM | 7.8 HIGH |
| Out-of-bounds access can occur in camera driver due to improper validation of array index in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, QCN7605, SDA660, SDM450, SDM630, SDM636, SDM660, SDX20 | |||||
| CVE-2019-19207 | 1 Rconfig | 1 Rconfig | 2019-11-26 | 6.5 MEDIUM | 8.8 HIGH |
| rConfig 3.9.2 allows devices.php?searchColumn= SQL injection. | |||||
| CVE-2019-13695 | 1 Google | 1 Chrome | 2019-11-26 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in audio in Google Chrome on Android prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2019-2315 | 1 Qualcomm | 86 Apq8009, Apq8009 Firmware, Apq8017 and 83 more | 2019-11-25 | 7.2 HIGH | 7.8 HIGH |
| While invoking the API to copy from fd or local buffer to the secure buffer, Parameters being populated are from non secure environment. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCS404, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, Snapdragon_High_Med_2016, SXR1130, SXR2130 | |||||
| CVE-2012-2350 | 2 Debian, Pam Shield Project | 2 Debian Linux, Pam Shield | 2019-11-25 | 5.0 MEDIUM | 7.5 HIGH |
| pam_shield before 0.9.4: Default configuration does not perform protective action | |||||
| CVE-2012-3407 | 1 Plow Project | 1 Plow | 2019-11-25 | 4.6 MEDIUM | 7.8 HIGH |
| plow has local buffer overflow vulnerability | |||||
| CVE-2012-6071 | 2 Debian, Nusoap Project | 2 Debian Linux, Nusoap | 2019-11-25 | 5.0 MEDIUM | 7.5 HIGH |
| nuSOAP before 0.7.3-5 does not properly check the hostname of a cert. | |||||
| CVE-2019-2329 | 1 Qualcomm | 26 Mdm9205, Mdm9205 Firmware, Qcs404 and 23 more | 2019-11-25 | 7.2 HIGH | 7.8 HIGH |
| Use after free issue in cleanup routine due to missing pointer sanitization for a failed start of a trusted application. in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, QCS404, QCS605, SDA845, SDM670, SDM710, SDM845, SDX55, SM6150, SM7150, SM8150, SXR1130, SXR2130 | |||||
| CVE-2018-14006 | 1 Ngtoken Project | 1 Ngtoken | 2019-11-25 | 5.0 MEDIUM | 7.5 HIGH |
| An integer overflow vulnerability exists in the function multipleTransfer of Neo Genesis Token (NGT), an Ethereum token smart contract. An attacker could use it to set any user's balance. | |||||
| CVE-2018-13781 | 1 Myylctoken Project | 1 Myylctoken | 2019-11-25 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for MyYLC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2015-2156 | 3 Lightbend, Netty, Playframework | 3 Play Framework, Netty, Play Framework | 2019-11-25 | 4.3 MEDIUM | 7.5 HIGH |
| Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters. | |||||
| CVE-2018-13864 | 2 Lightbend, Microsoft | 2 Play Framework, Windows | 2019-11-25 | 5.0 MEDIUM | 7.5 HIGH |
| A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 (fixed in 2.6.16) when running on Windows. It allows a remote attacker to download arbitrary files from the target server via specially crafted HTTP requests. | |||||
| CVE-2019-2126 | 1 Google | 1 Android | 2019-11-25 | 9.3 HIGH | 8.8 HIGH |
| In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-127702368. | |||||
| CVE-2019-15419 | 1 Asus | 2 X105d, X105d Firmware | 2019-11-25 | 7.2 HIGH | 7.8 HIGH |
| The Asus ASUS_X015_1 Android device with a build fingerprint of asus/CN_X015/ASUS_X015_1:7.0/NRD90M/CN_X015-14.00.1709.35-20171215:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app (versionCode=5, versionName=5.0.1) that allows unauthorized command execution via a confused deputy attack. This capability can be accessed by any app co-located on the device. | |||||
| CVE-2014-1936 | 2 Debian, Rc Project | 2 Debian Linux, Rc | 2019-11-25 | 5.0 MEDIUM | 7.5 HIGH |
| rc before 1.7.1-5 insecurely creates temporary files. | |||||
| CVE-2014-1937 | 1 Gamera Project | 1 Gamera | 2019-11-25 | 5.0 MEDIUM | 7.5 HIGH |
| Gamera before 3.4.1 insecurely creates temporary files. | |||||
| CVE-2019-10566 | 1 Qualcomm | 52 Apq8017, Apq8017 Firmware, Apq8053 and 49 more | 2019-11-22 | 4.6 MEDIUM | 7.8 HIGH |
| Buffer overflow can occur in wlan module if supported rates or extended rates element length is greater than max rate set length in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8905, MSM8996AU, Nicobar, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS405, QCS605, SDA845, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR2130 | |||||
| CVE-2019-16544 | 1 Qmetry | 1 Jenkins Qmetry For Jira | 2019-11-22 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins QMetry for JIRA - Test Management Plugin 1.12 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2012-1155 | 4 Debian, Fedoraproject, Moodle and 1 more | 4 Debian Linux, Fedora, Moodle and 1 more | 2019-11-22 | 5.0 MEDIUM | 7.5 HIGH |
| Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to | |||||
| CVE-2012-1156 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2019-11-22 | 5.0 MEDIUM | 7.5 HIGH |
| Moodle before 2.2.2 has users' private files included in course backups | |||||
| CVE-2012-3543 | 3 Canonical, Debian, Mono-project | 3 Ubuntu Linux, Debian Linux, Mono | 2019-11-22 | 5.0 MEDIUM | 7.5 HIGH |
| mono 2.10.x ASP.NET Web Form Hash collision DoS | |||||
| CVE-2012-1168 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2019-11-22 | 6.4 MEDIUM | 8.2 HIGH |
| Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified. | |||||
| CVE-2011-4967 | 2 Openpegasus, Redhat | 2 Tog-pegasus, Enterprise Linux | 2019-11-22 | 5.0 MEDIUM | 7.5 HIGH |
| tog-Pegasus has a package hash collision DoS vulnerability | |||||
| CVE-2010-2243 | 1 Linux | 1 Linux Kernel | 2019-11-22 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability exists in kernel/time/clocksource.c in the Linux kernel before 2.6.34 where on non-GENERIC_TIME systems (GENERIC_TIME=n), accessing /sys/devices/system/clocksource/clocksource0/current_clocksource results in an OOPS. | |||||
| CVE-2019-4561 | 1 Ibm | 1 Security Identity Manager | 2019-11-22 | 9.3 HIGH | 8.8 HIGH |
| IBM Security Identity Manager 6.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 166456. | |||||
| CVE-2015-3167 | 3 Canonical, Debian, Postgresql | 3 Ubuntu Linux, Debian Linux, Postgresql | 2019-11-22 | 5.0 MEDIUM | 7.5 HIGH |
| contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack. | |||||
| CVE-2019-6852 | 1 Schneider-electric | 20 140 Cpu6x, 140 Cpu6x Firmware, 140 Noc 77101 and 17 more | 2019-11-22 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network. | |||||
| CVE-2012-2238 | 1 Tryton | 1 Trytond | 2019-11-22 | 5.0 MEDIUM | 7.5 HIGH |
| trytond 2.4: ModelView.button fails to validate authorization | |||||
| CVE-2012-6070 | 1 Falconpl | 1 Falconpl | 2019-11-22 | 5.0 MEDIUM | 7.5 HIGH |
| Falconpl before 0.9.6.9-git20120606 misuses the libcurl API which may allow remote attackers to interfere with security checks. | |||||
| CVE-2011-0529 | 2 Debian, Weborf Project | 2 Debian Linux, Weborf | 2019-11-22 | 5.0 MEDIUM | 7.5 HIGH |
| Weborf before 0.12.5 is affected by a Denial of Service (DOS) due to malformed fields in HTTP. | |||||
| CVE-2019-11137 | 2 Hpe, Intel | 568 Apollo 4200 Gen10 Server, Apollo 4200 Gen10 Server Firmware, Apollo 4200 Gen9 Server and 565 more | 2019-11-22 | 4.6 MEDIUM | 8.2 HIGH |
| Insufficient input validation in system firmware for Intel(R) Xeon(R) Scalable Processors, Intel(R) Xeon(R) Processors D Family, Intel(R) Xeon(R) Processors E5 v4 Family, Intel(R) Xeon(R) Processors E7 v4 Family and Intel(R) Atom(R) processor C Series may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. | |||||
| CVE-2019-6186 | 1 Lenovo | 1 System Interface Foundation | 2019-11-22 | 6.5 MEDIUM | 8.8 HIGH |
| A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an authenticated user to execute code as another user. | |||||
| CVE-2019-6189 | 1 Lenovo | 1 System Interface Foundation | 2019-11-22 | 4.4 MEDIUM | 7.8 HIGH |
| A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an administrative user to load an unsigned DLL. | |||||
| CVE-2019-16548 | 1 Jenkins | 1 Google Compute Engine | 2019-11-22 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability in Jenkins Google Compute Engine Plugin 4.1.1 and earlier in ComputeEngineCloud#doProvision could be used to provision new agents. | |||||
| CVE-2019-6176 | 1 Lenovo | 2 Thinkpad Usb-c Dock, Thinkpad Usb-c Dock Firmware | 2019-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A potential vulnerability reported in ThinkPad USB-C Dock Firmware version 3.7.2 may allow a denial of service. | |||||
| CVE-2019-3688 | 1 Suse | 1 Suse Linux Enterprise Server | 2019-11-21 | 6.6 MEDIUM | 7.1 HIGH |
| The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions. This allowed an attacker that compromissed the squid user to gain persistence by changing the binary | |||||
| CVE-2019-18986 | 1 Pimcore | 1 Pimcore | 2019-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Pimcore before 6.2.2 allow attackers to brute-force (guess) valid usernames by using the 'forgot password' functionality as it returns distinct messages for invalid password and non-existing users. | |||||
| CVE-2019-15799 | 1 Zyxel | 18 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 15 more | 2019-11-21 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. User accounts created through the web interface of the device, when given non-admin level privileges, have the same level of privileged access as administrators when connecting to the device via SSH (while their permissions via the web interface are in fact restricted). This allows normal users to obtain the administrative password by running the tech-support command via the CLI: this contains the encrypted passwords for all users on the device. As these passwords are encrypted using well-known and static parameters, they can be decrypted and the original passwords (including the administrator password) can be obtained. | |||||
| CVE-2019-16860 | 2 Code42, Microsoft | 2 Code42, Windows | 2019-11-21 | 6.9 MEDIUM | 7.3 HIGH |
| Code42 app through version 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local machine could create or modify a dynamic-link library (DLL). The Code42 service could then load it at runtime, and potentially execute arbitrary code at an elevated privilege on the local machine. | |||||