Search
Total
2136 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-6586 | 1 Symantec | 1 Norton Mobile Security | 2020-01-15 | 4.3 MEDIUM | 3.7 LOW |
| A security bypass vulnerability exists in Symantec Norton Mobile Security for Android before 3.16, which could let a malicious user conduct a man-in-the-middle via specially crafted JavaScript to add arbitrary URLs to the URL whitelist. | |||||
| CVE-2019-6331 | 1 Hp | 1 Samsung Mobile Print | 2020-01-15 | 2.1 LOW | 3.3 LOW |
| An issue was found in Samsung Mobile Print (Android) versions prior to 4.08.007. A potential security vulnerability caused by incomplete obfuscation of application configuration information. | |||||
| CVE-2016-4980 | 3 Ethz, Fedoraproject, Redhat | 3 Xquest, Fedora, Enterprise Linux | 2020-01-09 | 1.9 LOW | 2.5 LOW |
| A password generation weakness exists in xquest through 2016-06-13. | |||||
| CVE-2019-6679 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2020-01-02 | 3.6 LOW | 3.3 LOW |
| On BIG-IP versions 15.0.0-15.0.1, 14.1.0.2-14.1.2.2, 14.0.0.5-14.0.1, 13.1.1.5-13.1.3.1, 12.1.4.1-12.1.5, 11.6.4-11.6.5, and 11.5.9-11.5.10, the access controls implemented by scp.whitelist and scp.blacklist are not properly enforced for paths that are symlinks. This allows authenticated users with SCP access to overwrite certain configuration files that would otherwise be restricted. | |||||
| CVE-2019-20057 | 1 Proxyman | 1 Proxyman | 2020-01-02 | 4.3 MEDIUM | 3.7 LOW |
| com.proxyman.NSProxy.HelperTool in Privileged Helper Tool in Proxyman for macOS 1.11.0 and earlier allows an attacker to change the System Proxy and redirect all traffic to an attacker-controlled computer, enabling MITM attacks. | |||||
| CVE-2019-8502 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-12-31 | 4.3 MEDIUM | 3.3 LOW |
| An API issue existed in the handling of dictation requests. This issue was addressed with improved validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to initiate a Dictation request without user authorization. | |||||
| CVE-2019-8541 | 1 Apple | 2 Iphone Os, Watchos | 2019-12-30 | 2.1 LOW | 3.3 LOW |
| A privacy issue existed in motion sensor calibration. This issue was addressed with improved motion sensor processing. This issue is fixed in iOS 12.2, watchOS 5.2. A malicious app may be able to track users between installs. | |||||
| CVE-2016-4053 | 3 Canonical, Oracle, Squid-cache | 3 Ubuntu Linux, Linux, Squid | 2019-12-27 | 4.3 MEDIUM | 3.7 LOW |
| Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization. | |||||
| CVE-2016-5444 | 4 Ibm, Mariadb, Oracle and 1 more | 11 Powerkvm, Mariadb, Linux and 8 more | 2019-12-27 | 4.3 MEDIUM | 3.7 LOW |
| Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection. | |||||
| CVE-2016-3452 | 4 Ibm, Mariadb, Oracle and 1 more | 5 Powerkvm, Mariadb, Linux and 2 more | 2019-12-27 | 4.3 MEDIUM | 3.7 LOW |
| Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption. | |||||
| CVE-2019-5252 | 1 Huawei | 12 Enjoy 8 Plus, Enjoy 8 Plus Firmware, Honor 8x and 9 more | 2019-12-27 | 3.6 LOW | 3.5 LOW |
| There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant. | |||||
| CVE-2019-8630 | 1 Apple | 1 Iphone Os | 2019-12-26 | 2.1 LOW | 3.3 LOW |
| The issue was addressed with improved UI handling. This issue is fixed in iOS 12.3. The lock screen may show a locked icon after unlocking. | |||||
| CVE-2019-8757 | 1 Apple | 1 Mac Os X | 2019-12-26 | 1.9 LOW | 2.5 LOW |
| A race condition existed when reading and writing user preferences. This was addressed with improved state handling. This issue is fixed in macOS Catalina 10.15. The "Share Mac Analytics" setting may not be disabled when a user deselects the switch to share analytics. | |||||
| CVE-2019-8698 | 1 Apple | 2 Iphone Os, Tvos | 2019-12-20 | 4.3 MEDIUM | 3.3 LOW |
| A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue is fixed in iOS 12.4, tvOS 12.4. A malicious application may be able to restrict access to websites. | |||||
| CVE-2019-8682 | 1 Apple | 2 Iphone Os, Watchos | 2019-12-20 | 2.1 LOW | 2.4 LOW |
| The issue was addressed with improved UI handling. This issue is fixed in iOS 12.4, watchOS 5.3. A user may inadvertently complete an in-app purchase while on the lock screen. | |||||
| CVE-2016-5429 | 1 Jose-php Project | 1 Jose-php | 2019-12-19 | 4.3 MEDIUM | 3.7 LOW |
| jose-php before 2.2.1 does not use constant-time operations for HMAC comparison, which makes it easier for remote attackers to obtain sensitive information via a timing attack, related to JWE.php and JWS.php. | |||||
| CVE-2019-19620 | 1 Dell | 1 Red Cloak Windows Agent | 2019-12-17 | 2.1 LOW | 3.3 LOW |
| In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user can bypass the generation of telemetry alerts by removing NT AUTHORITY\SYSTEM permissions from a file. This is limited in scope to the collection of process-execution telemetry, for executions against specific files where the SYSTEM user was denied access to the source file. | |||||
| CVE-2012-2148 | 2 Linux, Redhat | 3 Linux Kernel, Jboss Community Application Server, Jboss Enterprise Web Server | 2019-12-16 | 1.9 LOW | 3.3 LOW |
| An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policies | |||||
| CVE-2012-6655 | 4 Accountsservice Project, Debian, Opensuse and 1 more | 4 Accountsservice, Debian Linux, Opensuse and 1 more | 2019-12-16 | 2.1 LOW | 3.3 LOW |
| An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords. | |||||
| CVE-2019-15919 | 2 Linux, Opensuse | 2 Linux Kernel, Leap | 2019-12-11 | 2.1 LOW | 3.3 LOW |
| An issue was discovered in the Linux kernel before 5.0.10. SMB2_write in fs/cifs/smb2pdu.c has a use-after-free. | |||||
| CVE-2019-13679 | 1 Google | 1 Chrome | 2019-12-03 | 4.3 MEDIUM | 3.3 LOW |
| Insufficient policy enforcement in PDFium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to show print dialogs via a crafted PDF file. | |||||
| CVE-2019-18458 | 1 Gitlab | 1 Gitlab | 2019-11-27 | 4.0 MEDIUM | 2.7 LOW |
| An issue was discovered in GitLab Community and Enterprise Edition through 12.4. It has Insecure Permissions (issue 2 of 4). | |||||
| CVE-2019-15393 | 1 Asus | 2 Zenfone Live \(l1\), Zenfone Live \(l1\) Firmware | 2019-11-27 | 2.1 LOW | 3.3 LOW |
| The Asus ZenFone Live Android device with a build fingerprint of asus/WW_Phone/ASUS_X00LD_3:7.1.1/NMF26F/14.0400.1806.203-20180720:user/release-keys contains a pre-installed app with a package name of com.asus.atd.smmitest app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | |||||
| CVE-2019-15421 | 1 Blackview | 2 Bv7000 Pro, Bv7000 Pro Firmware | 2019-11-27 | 2.1 LOW | 3.3 LOW |
| The Blackview BV7000_Pro Android device with a build fingerprint of Blackview/BV7000_Pro/BV7000_Pro:7.0/NRD90M/1493011204:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | |||||
| CVE-2019-15422 | 1 Doogee | 2 Mix, Mix Firmware | 2019-11-27 | 2.1 LOW | 3.3 LOW |
| The Doogee Mix Android device with a build fingerprint of DOOGEE/MIX/MIX:7.0/NRD90M/1495809471:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | |||||
| CVE-2019-15423 | 1 Bluboo S1 Project | 2 Blueboo S1, Blueboo S1 Firmware | 2019-11-27 | 2.1 LOW | 3.3 LOW |
| The Bluboo Bluboo_S1 Android device with a build fingerprint of BLUBOO/Bluboo_S1/Bluboo_S1:7.0/NRD90M/1495809471:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | |||||
| CVE-2019-15424 | 1 Doogee | 2 Bl5000, Bl5000 Firmware | 2019-11-27 | 2.1 LOW | 3.3 LOW |
| The Doogee BL5000 Android device with a build fingerprint of DOOGEE/BL5000/BL5000:7.0/NRD90M/1497072355:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | |||||
| CVE-2019-15420 | 1 Blackview | 2 Bv9000pro-f, Bv9000pro-f Firmware | 2019-11-26 | 2.1 LOW | 3.3 LOW |
| The Blackview BV9000Pro-F Android device with a build fingerprint of Blackview/BV9000Pro-F/BV9000Pro-F:7.1.1/N4F26M/1514363110:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | |||||
| CVE-2019-15340 | 1 Mi | 2 Redmi 6, Redmi 6 Firmware | 2019-11-25 | 2.1 LOW | 3.3 LOW |
| The Xiaomi Redmi 6 Pro Android device with a build fingerprint of xiaomi/sakura_india/sakura_india:8.1.0/OPM1.171019.019/V9.6.4.0.ODMMIFD:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=QL1715_201805292006) that allows any app co-located on the device to programmatically disable and enable Wi-Fi, Bluetooth, and GPS without the corresponding access permission through an exported interface. | |||||
| CVE-2019-15415 | 1 Mi | 2 Redmi 5, Redmi 5 Firmware | 2019-11-25 | 2.1 LOW | 3.3 LOW |
| The Xiaomi Redmi 5 Android device with a build fingerprint of xiaomi/vince/vince:7.1.2/N2G47H/V9.5.4.0.NEGMIFA:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=QL1711_201803291645) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | |||||
| CVE-2019-15425 | 1 Katadigital | 2 M4s, M4s Firmware | 2019-11-25 | 2.1 LOW | 3.3 LOW |
| The Kata M4s Android device with a build fingerprint of alps/full_hct6750_66_n/hct6750_66_n:7.0/NRD90M/1495624556:user/test-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | |||||
| CVE-2019-15426 | 1 Mi | 2 5s Plus, 5s Plus Firmware | 2019-11-25 | 2.1 LOW | 3.3 LOW |
| The Xiaomi 5S Plus Android device with a build fingerprint of Xiaomi/natrium/natrium:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app (versionCode=40000, versionName=4.0.00) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | |||||
| CVE-2019-15427 | 1 Mi | 2 Mix, Mix Firmware | 2019-11-25 | 2.1 LOW | 3.3 LOW |
| The Xiaomi Mi Mix Android device with a build fingerprint of Xiaomi/lithium/lithium:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app (versionCode=40000, versionName=4.0.00) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | |||||
| CVE-2019-15428 | 1 Mi | 2 Note 2, Note 2 Firmware | 2019-11-25 | 2.1 LOW | 3.3 LOW |
| The Xiaomi Mi Note 2 Android device with a build fingerprint of Xiaomi/scorpio/scorpio:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app (versionCode=40000, versionName=4.0.00) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | |||||
| CVE-2019-15339 | 1 Lavamobiles | 2 Z60s, Z60s Firmware | 2019-11-25 | 2.1 LOW | 3.3 LOW |
| The Lava Z60s Android device with a build fingerprint of LAVA/Z60s/Z60s:8.1.0/O11019/1530331229:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | |||||
| CVE-2019-15338 | 1 Lavamobiles | 2 Iris 88, Iris 88 Firmware | 2019-11-22 | 2.1 LOW | 3.3 LOW |
| The Lava Iris 88 Lite Android device with a build fingerprint of LAVA/iris88_lite/iris88_lite:8.1.0/O11019/1536323070:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | |||||
| CVE-2019-15337 | 1 Lavamobiles | 2 Z81, Z81 Firmware | 2019-11-22 | 2.1 LOW | 3.3 LOW |
| The Lava Z81 Android device with a build fingerprint of LAVA/Z81/Z81:8.1.0/O11019/1532317309:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.31) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | |||||
| CVE-2019-15336 | 1 Lavamobiles | 2 Z61, Z61 Firmware | 2019-11-22 | 2.1 LOW | 3.3 LOW |
| The Lava Z61 Turbo Android device with a build fingerprint of LAVA/Z61_Turbo/Z61_Turbo:8.1.0/O11019/1536917928:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.31) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | |||||
| CVE-2019-15335 | 1 Lavamobiles | 2 Z92, Z92 Firmware | 2019-11-22 | 2.1 LOW | 3.3 LOW |
| The Lava Z92 Android device with a build fingerprint of LAVA/Z92/Z92:8.1.0/O11019/1535088037:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | |||||
| CVE-2019-15334 | 1 Lavamobiles | 2 Iris 88, Iris 88 Firmware | 2019-11-22 | 2.1 LOW | 3.3 LOW |
| The Lava Iris 88 Go Android device with a build fingerprint of LAVA/iris88_go/iris88_go:8.1.0/O11019/1538188945:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | |||||
| CVE-2019-15333 | 1 Lavamobiles | 2 Flair Z1, Flair Z1 Firmware | 2019-11-22 | 2.1 LOW | 3.3 LOW |
| The Lava Flair Z1 Android device with a build fingerprint of LAVA/Z1/Z1:8.1.0/O11019/1536680131:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | |||||
| CVE-2018-20855 | 3 Linux, Netapp, Opensuse | 6 Linux Kernel, Active Iq Performance Analytics Services, Active Iq Unified Manager and 3 more | 2019-11-20 | 2.1 LOW | 3.3 LOW |
| An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace. | |||||
| CVE-2019-15466 | 1 Mi | 2 Redmi 6 Pro, Redmi 6 Pro Firmware | 2019-11-20 | 2.1 LOW | 3.3 LOW |
| The Xiaomi Redmi 6 Pro Android device with a build fingerprint of xiaomi/sakura_india/sakura_india:8.1.0/OPM1.171019.019/V10.2.6.0.ODMMIXM:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=QL1715_201812191721) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | |||||
| CVE-2019-15467 | 1 Mi | 2 Mix 2s, Mix 2s Firmware | 2019-11-20 | 2.1 LOW | 3.3 LOW |
| The Xiaomi Mi Mix 2S Android device with a build fingerprint of Xiaomi/polaris/polaris:8.0.0/OPR1.170623.032/V9.5.19.0.ODGMIFA:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=A2060_201801032053) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | |||||
| CVE-2019-15744 | 1 Sony | 2 Xperia Xzs, Xperia Xzs Firmware | 2019-11-19 | 2.1 LOW | 3.3 LOW |
| The Sony Xperia Xperia XZs Android device with a build fingerprint of Sony/keyaki_softbank/keyaki_softbank:7.1.1/TONE3-3.0.0-SOFTBANK-170517-0323/1:user/dev-keys contains a pre-installed app with a package name of jp.softbank.mb.tdrl app (versionCode=1413005, versionName=1.3.0) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | |||||
| CVE-2019-2910 | 1 Oracle | 1 Mysql | 2019-11-18 | 4.3 MEDIUM | 3.7 LOW |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2012-1160 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2019-11-18 | 4.0 MEDIUM | 2.7 LOW |
| Moodle before 2.2.2 has a permission issue in Forum Subscriptions where unenrolled users can subscribe/unsubscribe via mod/forum/index.php | |||||
| CVE-2019-5213 | 1 Huawei | 2 Honor Play, Honor Play Firmware | 2019-11-15 | 1.9 LOW | 2.4 LOW |
| Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8) have an insufficient authentication vulnerability. The system has a logic judge error under certain scenario. Successful exploit could allow the attacker to modify the alarm clock settings after a serious of uncommon operations without unlock the screen lock. | |||||
| CVE-2019-1418 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-11-14 | 2.1 LOW | 3.3 LOW |
| An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure Vulnerability'. | |||||
| CVE-2019-5642 | 1 Rapid7 | 1 Metasploit | 2019-11-13 | 2.1 LOW | 3.3 LOW |
| Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to intercept otherwise private communications to the Metasploit Pro web interface. | |||||