Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-5271 | 1 Huawei | 2 Myna, Myna Firmware | 2020-08-24 | 4.8 MEDIUM | 5.4 MEDIUM |
| There is an information leak vulnerability in Huawei smart speaker Myna. When the smart speaker is paired with the cloud through Wi-Fi, the speaker incorrectly processes some data. Attackers can exploit this vulnerability to read and modify specific configurations of speakers through a series of operations. | |||||
| CVE-2019-5279 | 1 Huawei | 2 Emily-l29c, Emily-l29c Firmware | 2020-08-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| Huawei smart phones Emily-L29C with Versions earlier than 9.1.0.311(C10E2R1P13T8), Versions earlier than 9.1.0.311(C461E2R1P11T8), Versions earlier than 9.1.0.316(C635E2R1P11T8), Versions earlier than 9.1.0.311(C185E2R1P12T8), Versions earlier than 9.1.0.311(C605E2R1P12T8), Versions earlier than 9.1.0.311(C636E7R1P13T8) have an information leakage vulnerability. An attacker tricks the user into installing a malicious application, which can copy specific files to the sdcard, resulting in information leakage. | |||||
| CVE-2019-5281 | 1 Huawei | 2 Y9 2019, Y9 2019 Firmware | 2020-08-24 | 2.1 LOW | 4.6 MEDIUM |
| There is an information leak vulnerability in some Huawei phones, versions earlier than Jackman-L21 8.2.0.155(C185R1P2). When a local attacker uses the camera of a smartphone, the attacker can exploit this vulnerability to obtain sensitive information by performing a series of operations. | |||||
| CVE-2019-5283 | 1 Huawei | 2 P20, P20 Firmware | 2020-08-24 | 2.1 LOW | 4.6 MEDIUM |
| There is Factory Reset Protection (FRP) bypass security vulnerability in P20 Huawei smart phones versions earlier than Emily-AL00A 9.0.0.167 (C00E81R1P21T8). When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the Talkback mode and can perform some operations to access the setting page. As a result, the FRP function is bypassed. | |||||
| CVE-2019-5295 | 1 Huawei | 2 Honor View 10, Honor View 10 Firmware | 2020-08-24 | 4.4 MEDIUM | 6.4 MEDIUM |
| Huawei Honor V10 smartphones versions earlier than Berkeley-AL20 9.0.0.125(C00E125R2P14T8) have an authorization bypass vulnerability. Due to improper authorization implementation logic, attackers can bypass certain authorization scopes of smart phones by performing specific operations. This vulnerability can be exploited to perform operations beyond the scope of authorization. | |||||
| CVE-2019-5297 | 1 Huawei | 2 Emily-l29c, Emily-l29c Firmware | 2020-08-24 | 2.1 LOW | 4.6 MEDIUM |
| Emily-L29C Huawei phones versions earlier than 9.0.0.159 (C185E2R1P12T8) have a Factory Reset Protection (FRP) bypass security vulnerability. Before the FRP account is verified and activated during the reset process, the attacker can perform some special operations to bypass the FRP function and obtain the right to use the mobile phone. | |||||
| CVE-2019-5306 | 1 Huawei | 2 P20, P20 Firmware | 2020-08-24 | 2.1 LOW | 4.6 MEDIUM |
| There is a Factory Reset Protection (FRP) bypass security vulnerability in P20 Huawei smart phones versions before Emily-AL00A 9.0.0.167(C00E81R1P21T8). When re-configuring the mobile phone using the FRP function, an attacker can delete the activation lock after a series of operations. As a result, the FRP function is bypassed and the attacker gains access to the smartphone. | |||||
| CVE-2019-5307 | 1 Huawei | 4 P30, P30 Firmware, P30 Pro and 1 more | 2020-08-24 | 4.3 MEDIUM | 4.2 MEDIUM |
| Some Huawei 4G LTE devices, P30 versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) and P30 Pro versions before VOG-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), are exposed to a message replay vulnerability. For the sake of better compatibility, these devices implement a less strict check on the NAS message sequence number (SN), specifically NAS COUNT. As a result, an attacker can construct a rogue base station and replay the GUTI reallocation command message in certain conditions to tamper with GUTIs, or replay the Identity request message to obtain IMSIs. (Vulnerability ID: HWPSIRT-2019-04107) | |||||
| CVE-2019-5309 | 1 Huawei | 2 Honor Play, Honor Play Firmware | 2020-08-24 | 2.1 LOW | 4.6 MEDIUM |
| Honor play smartphones with versions earlier than 9.1.0.333(C00E333R1P1T8) have an information disclosure vulnerability in certain Huawei . An attacker could view certain information after a series of operation without unlock the screen lock. Successful exploit could cause an information disclosure condition. | |||||
| CVE-2019-5314 | 1 Arubanetworks | 1 Arubaos | 2020-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Some web components in the ArubaOS software are vulnerable to HTTP Response splitting (CRLF injection) and Reflected XSS. An attacker would be able to accomplish this by sending certain URL parameters that would trigger this vulnerability. | |||||
| CVE-2019-5392 | 1 Hp | 1 Intelligent Management Center | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| A disclosure of information vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
| CVE-2019-5393 | 1 Hp | 1 Intelligent Management Center | 2020-08-24 | 6.8 MEDIUM | 4.3 MEDIUM |
| A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
| CVE-2019-5394 | 1 Hp | 3 Blade Maintenance Entity, Integrated Maintenance Entity, Maintenance Entity | 2020-08-24 | 4.9 MEDIUM | 5.1 MEDIUM |
| The HPE Nonstop Maintenance Entity family of products are vulnerable to local disclosure of information, such as system layout and configuration. | |||||
| CVE-2019-5407 | 1 Hp | 1 3par Storeserv Management Console | 2020-08-24 | 6.5 MEDIUM | 6.3 MEDIUM |
| A remote information disclosure vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. | |||||
| CVE-2019-5408 | 1 Hp | 3 Xp7 Device Manager, Xp7 Replication Manager, Xp7 Tiered Storage Manager | 2020-08-24 | 6.4 MEDIUM | 6.5 MEDIUM |
| Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due to a vulnerability in Device Manager GUI. The following products are affected. DevMgr version 7.0.0-00 to earlier than 8.6.1-02 RepMgr if it is installed on the same machine as DevMgr TSMgr if it is installed on the same machine as DevMgr. The resolution is to upgrade to the fixed version as described below or later version of DevMgr 8.6.2-02 or later. RepMgr and TSMgr will be corrected by upgrading DevMgr. | |||||
| CVE-2019-5489 | 2 Linux, Netapp | 3 Linux Kernel, Active Iq Performance Analytics Services, Element Software Management Node | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. | |||||
| CVE-2019-5696 | 1 Nvidia | 1 Virtual Gpu Manager | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in which the provision of an incorrectly sized buffer by a guest VM leads to GPU out-of-bound access, which may lead to a denial of service. | |||||
| CVE-2019-5698 | 1 Nvidia | 1 Virtual Gpu Manager | 2020-08-24 | 2.1 LOW | 4.4 MEDIUM |
| NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in the vGPU plugin, in which an input index value is incorrectly validated, which may lead to denial of service. | |||||
| CVE-2019-5719 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-08-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the ISAKMP dissector could crash. This was addressed in epan/dissectors/packet-isakmp.c by properly handling the case of a missing decryption data block. | |||||
| CVE-2019-5765 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Android and 4 more | 2020-08-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted Intent. | |||||
| CVE-2019-5766 | 4 Debian, Fedoraproject, Google and 1 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2019-5767 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Android and 4 more | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK. | |||||
| CVE-2019-5768 | 4 Debian, Fedoraproject, Google and 1 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| DevTools API not correctly gating on extension capability in DevTools in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension. | |||||
| CVE-2019-5779 | 4 Debian, Fedoraproject, Google and 1 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2020-08-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2019-5804 | 2 Google, Microsoft | 2 Chrome, Windows | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| Incorrect command line processing in Chrome in Google Chrome prior to 73.0.3683.75 allowed a local attacker to perform domain spoofing via a crafted domain name. | |||||
| CVE-2019-5805 | 3 Fedoraproject, Google, Opensuse | 3 Fedora, Chrome, Leap | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| Use-after-free in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |||||
| CVE-2019-5810 | 1 Google | 1 Chrome | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| Information leak in autofill in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2019-5814 | 3 Fedoraproject, Google, Opensuse | 4 Fedora, Chrome, Backports and 1 more | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2019-5818 | 3 Fedoraproject, Google, Opensuse | 4 Fedora, Chrome, Backports and 1 more | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| Uninitialized data in media in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. | |||||
| CVE-2019-5825 | 1 Google | 1 Chrome | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2019-5826 | 1 Google | 1 Chrome | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| Use after free in IndexedDB in Google Chrome prior to 73.0.3683.86 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2019-8107 | 1 Magento | 1 Magento | 2020-08-24 | 5.5 MEDIUM | 6.5 MEDIUM |
| An arbitrary file deletion vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with export data transfer privileges can craft a request to perform arbitrary file deletion. | |||||
| CVE-2019-8123 | 1 Magento | 1 Magento | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| An insufficient logging and monitoring vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. The logging feature required for effective monitoring did not contain sufficent data to effectively track configuration changes. | |||||
| CVE-2019-8133 | 1 Magento | 1 Magento | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with privileges to generate sitemaps can bypass configuration that restricts directory access. The bypass allows overwrite of a subset of configuration files which can lead to denial of service. | |||||
| CVE-2019-8232 | 1 Magento | 1 Magento | 2020-08-24 | 6.0 MEDIUM | 6.6 MEDIUM |
| In Magento prior to 1.9.4.3, Magento prior to 1.14.4.3, Magento 2.2 prior to 2.2.10, and Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an authenticated user with administrative privileges for the import feature can execute arbitrary code through a race condition that allows webserver configuration file modification. | |||||
| CVE-2019-8235 | 1 Magento | 1 Magento | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| An insecure direct object reference (IDOR) vulnerability exists in Magento 2.3 prior to 2.3.1, 2.2 prior to 2.2.8, and 2.1 prior to 2.1.17 versions. An authenticated user may be able to view personally identifiable shipping details of another user due to insufficient validation of user controlled input. | |||||
| CVE-2019-8350 | 1 Simple | 1 Better Banking | 2020-08-24 | 2.1 LOW | 6.8 MEDIUM |
| The Simple - Better Banking application 2.45.0 through 2.45.3 (fixed in 2.46.0) for Android was affected by an information disclosure vulnerability that leaked the user's password to the keyboard autocomplete functionality. Third-party Android keyboards that capture the password may store this password in cleartext, or transmit the password to third-party services for keyboard customization purposes. A compromise of any datastore that contains keyboard autocompletion caches would result in the disclosure of the user's Simple Bank password. | |||||
| CVE-2019-8354 | 1 Sound Exchange Project | 1 Sound Exchange | 2020-08-24 | 4.3 MEDIUM | 5.0 MEDIUM |
| An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow. | |||||
| CVE-2019-8355 | 1 Sound Exchange Project | 1 Sound Exchange | 2020-08-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integer overflow on the result of multiplication fed into the lsx_valloc macro that wraps malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow in channels_start in remix.c. | |||||
| CVE-2019-8356 | 1 Sound Exchange Project | 1 Sound Exchange | 2020-08-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically declared array, aka a stack-based buffer overflow. | |||||
| CVE-2019-5842 | 1 Google | 1 Chrome | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| Use after free in Blink in Google Chrome prior to 75.0.3770.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2019-5847 | 1 Google | 1 Chrome | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in JavaScript in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2019-5848 | 1 Google | 1 Chrome | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect font handling in autofill in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2019-5855 | 1 Google | 1 Chrome | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| Integer overflow in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |||||
| CVE-2019-5857 | 1 Google | 1 Chrome | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. | |||||
| CVE-2019-5860 | 1 Google | 1 Chrome | 2020-08-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| Use after free in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |||||
| CVE-2019-5868 | 1 Google | 1 Chrome | 2020-08-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| Use after free in PDFium in Google Chrome prior to 76.0.3809.100 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |||||
| CVE-2019-5869 | 1 Google | 1 Chrome | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| Use after free in Blink in Google Chrome prior to 76.0.3809.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2019-5872 | 1 Google | 1 Chrome | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| Use after free in Mojo in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2019-5892 | 1 Frrouting | 1 Frrouting | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| bgpd in FRRouting FRR (aka Free Range Routing) 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x before 5.0.2, and 6.x before 6.0.2 (not affecting Cumulus Linux or VyOS), when ENABLE_BGP_VNC is used for Virtual Network Control, allows remote attackers to cause a denial of service (peering session flap) via attribute 255 in a BGP UPDATE packet. This occurred during Disco in January 2019 because FRR does not implement RFC 7606, and therefore the packets with 255 were considered invalid VNC data and the BGP session was closed. | |||||