Search
Total
21119 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-5297 | 1 Huawei | 2 Emily-l29c, Emily-l29c Firmware | 2020-08-24 | 2.1 LOW | 4.6 MEDIUM |
| Emily-L29C Huawei phones versions earlier than 9.0.0.159 (C185E2R1P12T8) have a Factory Reset Protection (FRP) bypass security vulnerability. Before the FRP account is verified and activated during the reset process, the attacker can perform some special operations to bypass the FRP function and obtain the right to use the mobile phone. | |||||
| CVE-2019-5264 | 1 Huawei | 20 Changxiang 7s, Changxiang 7s Firmware, Changxiang 8 Plus and 17 more | 2020-08-24 | 2.1 LOW | 4.6 MEDIUM |
| There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition. Successful exploit could cause information disclosure. | |||||
| CVE-2019-5265 | 1 Huawei | 2 P30, P30 Firmware | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Huawei Share function in P30 9.1.0.193(C00E190R2P1) smartphone has an improper access control vulnerability. The function incorrectly controls certain access messages, attackers can simulate a sender to steal P2P network information. Successful exploit may cause information leakage. | |||||
| CVE-2019-5267 | 1 Huawei | 2 Oceanstor Sns3096, Oceanstor Sns3096 Firmware | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| Huawei OceanStor SNS3096 V100R002C01 have an information disclosure vulnerability. Attackers with low privilege can exploit this vulnerability by performing some specific operations. Successful exploit of this vulnerability can cause some information disclosure. | |||||
| CVE-2019-5269 | 1 Huawei | 44 Cd10-10, Cd10-10 Firmware, Cd16-10 and 41 more | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| Some Huawei home routers have an improper authorization vulnerability. Due to improper authorization of certain programs, an attacker can exploit this vulnerability to execute uploaded malicious files and escalate privilege. | |||||
| CVE-2019-5271 | 1 Huawei | 2 Myna, Myna Firmware | 2020-08-24 | 4.8 MEDIUM | 5.4 MEDIUM |
| There is an information leak vulnerability in Huawei smart speaker Myna. When the smart speaker is paired with the cloud through Wi-Fi, the speaker incorrectly processes some data. Attackers can exploit this vulnerability to read and modify specific configurations of speakers through a series of operations. | |||||
| CVE-2019-5295 | 1 Huawei | 2 Honor View 10, Honor View 10 Firmware | 2020-08-24 | 4.4 MEDIUM | 6.4 MEDIUM |
| Huawei Honor V10 smartphones versions earlier than Berkeley-AL20 9.0.0.125(C00E125R2P14T8) have an authorization bypass vulnerability. Due to improper authorization implementation logic, attackers can bypass certain authorization scopes of smart phones by performing specific operations. This vulnerability can be exploited to perform operations beyond the scope of authorization. | |||||
| CVE-2019-5277 | 1 Huawei | 2 Cloudusm-eua, Cloudusm-eua Firmware | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information leak by successful exploitation. | |||||
| CVE-2019-5279 | 1 Huawei | 2 Emily-l29c, Emily-l29c Firmware | 2020-08-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| Huawei smart phones Emily-L29C with Versions earlier than 9.1.0.311(C10E2R1P13T8), Versions earlier than 9.1.0.311(C461E2R1P11T8), Versions earlier than 9.1.0.316(C635E2R1P11T8), Versions earlier than 9.1.0.311(C185E2R1P12T8), Versions earlier than 9.1.0.311(C605E2R1P12T8), Versions earlier than 9.1.0.311(C636E7R1P13T8) have an information leakage vulnerability. An attacker tricks the user into installing a malicious application, which can copy specific files to the sdcard, resulting in information leakage. | |||||
| CVE-2019-5281 | 1 Huawei | 2 Y9 2019, Y9 2019 Firmware | 2020-08-24 | 2.1 LOW | 4.6 MEDIUM |
| There is an information leak vulnerability in some Huawei phones, versions earlier than Jackman-L21 8.2.0.155(C185R1P2). When a local attacker uses the camera of a smartphone, the attacker can exploit this vulnerability to obtain sensitive information by performing a series of operations. | |||||
| CVE-2019-5283 | 1 Huawei | 2 P20, P20 Firmware | 2020-08-24 | 2.1 LOW | 4.6 MEDIUM |
| There is Factory Reset Protection (FRP) bypass security vulnerability in P20 Huawei smart phones versions earlier than Emily-AL00A 9.0.0.167 (C00E81R1P21T8). When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the Talkback mode and can perform some operations to access the setting page. As a result, the FRP function is bypassed. | |||||
| CVE-2019-5292 | 1 Huawei | 6 Honor 10 Lite, Honor 10 Lite Firmware, Honor 8a and 3 more | 2020-08-24 | 2.1 LOW | 3.3 LOW |
| Honor 10 Lite, Honor 8A, Huawei Y6 mobile phones with the versions before 9.1.0.217(C00E215R3P1), the versions before 9.1.0.205(C00E97R1P9), the versions before 9.1.0.205(C00E97R2P2) have an information leak vulnerability. Due to improper function error records of some module, an attacker with the access permission may exploit the vulnerability to obtain some information. | |||||
| CVE-2019-5301 | 1 Huawei | 2 Honor V20, Honor V20 Firmware | 2020-08-24 | 4.3 MEDIUM | 3.3 LOW |
| Huawei smart phones Honor V20 with the versions before 9.0.1.161(C00E161R2P2) have an information leak vulnerability. An attacker may trick a user into installing a malicious application. Due to coding error during layer information processing, attackers can exploit this vulnerability to obtain some layer information. | |||||
| CVE-2019-5306 | 1 Huawei | 2 P20, P20 Firmware | 2020-08-24 | 2.1 LOW | 4.6 MEDIUM |
| There is a Factory Reset Protection (FRP) bypass security vulnerability in P20 Huawei smart phones versions before Emily-AL00A 9.0.0.167(C00E81R1P21T8). When re-configuring the mobile phone using the FRP function, an attacker can delete the activation lock after a series of operations. As a result, the FRP function is bypassed and the attacker gains access to the smartphone. | |||||
| CVE-2019-5308 | 1 Huawei | 2 Mate 20 Rs, Mate 20 Rs Firmware | 2020-08-24 | 2.1 LOW | 2.4 LOW |
| Mate 20 RS smartphones with versions earlier than 9.1.0.135(C786E133R3P1) have an improper authorization vulnerability. The software does not properly restrict certain operation in ADB mode, successful exploit could allow the attacker to switch to third desktop after a series of operation. | |||||
| CVE-2019-5322 | 1 Arubanetworks | 14 2530 10\/100 Port, 2530 10\/100 Port Firmware, 2530 With Gigt Port and 11 more | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| A remotely exploitable information disclosure vulnerability is present in Aruba Intelligent Edge Switch models 5400, 3810, 2920, 2930, 2530 with GigT port, 2530 10/100 port, or 2540. The vulnerability impacts firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007 and 16.10.* before 16.10.0003. The vulnerability allows an attacker to retrieve sensitive system information. This attack can be carried out without user authentication under very specific conditions. | |||||
| CVE-2019-5338 | 1 Hp | 1 Intelligent Management Center | 2020-08-24 | 9.0 HIGH | 8.8 HIGH |
| A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
| CVE-2019-5339 | 1 Hp | 1 Intelligent Management Center | 2020-08-24 | 9.0 HIGH | 8.8 HIGH |
| A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
| CVE-2019-5340 | 1 Hp | 1 Intelligent Management Center | 2020-08-24 | 9.0 HIGH | 8.8 HIGH |
| A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
| CVE-2019-5341 | 1 Hp | 1 Intelligent Management Center | 2020-08-24 | 9.0 HIGH | 8.8 HIGH |
| A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
| CVE-2019-5347 | 1 Hp | 1 Intelligent Management Center | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| A remote authentication bypass vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
| CVE-2019-5368 | 1 Hp | 1 Intelligent Management Center | 2020-08-24 | 9.0 HIGH | 8.8 HIGH |
| A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
| CVE-2019-5369 | 1 Hp | 1 Intelligent Management Center | 2020-08-24 | 9.0 HIGH | 8.8 HIGH |
| A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
| CVE-2019-5374 | 1 Hp | 1 Intelligent Management Center | 2020-08-24 | 9.0 HIGH | 8.8 HIGH |
| A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
| CVE-2019-5375 | 1 Hp | 1 Intelligent Management Center | 2020-08-24 | 9.0 HIGH | 8.8 HIGH |
| A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
| CVE-2019-5376 | 1 Hp | 1 Intelligent Management Center | 2020-08-24 | 9.0 HIGH | 8.8 HIGH |
| A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
| CVE-2019-5392 | 1 Hp | 1 Intelligent Management Center | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| A disclosure of information vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
| CVE-2019-5393 | 1 Hp | 1 Intelligent Management Center | 2020-08-24 | 6.8 MEDIUM | 4.3 MEDIUM |
| A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
| CVE-2019-5394 | 1 Hp | 3 Blade Maintenance Entity, Integrated Maintenance Entity, Maintenance Entity | 2020-08-24 | 4.9 MEDIUM | 5.1 MEDIUM |
| The HPE Nonstop Maintenance Entity family of products are vulnerable to local disclosure of information, such as system layout and configuration. | |||||
| CVE-2019-5396 | 1 Hp | 2 3par Service Processor, 3par Service Processor Firmware | 2020-08-24 | 9.7 HIGH | 9.4 CRITICAL |
| A remote authentication bypass vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. | |||||
| CVE-2019-5399 | 1 Hp | 2 3par Service Processor, 3par Service Processor Firmware | 2020-08-24 | 9.7 HIGH | 9.4 CRITICAL |
| A remote gain authorized access vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. | |||||
| CVE-2019-5402 | 1 Hp | 1 3par Storeserv Management Console | 2020-08-24 | 10.0 HIGH | 9.4 CRITICAL |
| A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. | |||||
| CVE-2019-5405 | 1 Hp | 1 3par Storeserv Management Console | 2020-08-24 | 5.0 MEDIUM | 7.3 HIGH |
| A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. | |||||
| CVE-2019-5407 | 1 Hp | 1 3par Storeserv Management Console | 2020-08-24 | 6.5 MEDIUM | 6.3 MEDIUM |
| A remote information disclosure vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. | |||||
| CVE-2019-5408 | 1 Hp | 3 Xp7 Device Manager, Xp7 Replication Manager, Xp7 Tiered Storage Manager | 2020-08-24 | 6.4 MEDIUM | 6.5 MEDIUM |
| Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due to a vulnerability in Device Manager GUI. The following products are affected. DevMgr version 7.0.0-00 to earlier than 8.6.1-02 RepMgr if it is installed on the same machine as DevMgr TSMgr if it is installed on the same machine as DevMgr. The resolution is to upgrade to the fixed version as described below or later version of DevMgr 8.6.2-02 or later. RepMgr and TSMgr will be corrected by upgrading DevMgr. | |||||
| CVE-2019-5511 | 2 Microsoft, Vmware | 2 Windows, Workstation | 2020-08-24 | 7.2 HIGH | 8.8 HIGH |
| VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) running on Windows does not handle paths appropriately. Successful exploitation of this issue may allow the path to the VMX executable, on a Windows host, to be hijacked by a non-administrator leading to elevation of privilege. | |||||
| CVE-2019-5512 | 2 Microsoft, Vmware | 2 Windows, Workstation | 2020-08-24 | 7.2 HIGH | 8.8 HIGH |
| VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) running on Windows does not handle COM classes appropriately. Successful exploitation of this issue may allow hijacking of COM classes used by the VMX process, on a Windows host, leading to elevation of privilege. | |||||
| CVE-2019-5513 | 2 Microsoft, Vmware | 2 Windows, Horizon | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| VMware Horizon Connection Server (7.x before 7.8, 7.5.x before 7.5.2, 6.x before 6.2.8) contains an information disclosure vulnerability. Successful exploitation of this issue may allow disclosure of internal domain names, the Connection Server’s internal name, or the gateway’s internal IP address. | |||||
| CVE-2019-5491 | 1 Netapp | 1 Clustered Data Ontap | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Clustered Data ONTAP versions prior to 9.1P15 and 9.3 prior to 9.3P7 are susceptible to a vulnerability which discloses sensitive information to an unauthenticated user. | |||||
| CVE-2019-5492 | 1 Netapp | 2 Element Plug-in For Vcenter Server, Hyper Converged Infrastructure Compute Node | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Element Plug-in for vCenter Server versions prior to 4.2.3 may disclose sensitive account information to an unauthenticated attacker. NetApp HCI Compute Node versions prior to 1.4P2 bundle affected versions of Element Plug-in for vCenter Server. | |||||
| CVE-2019-5493 | 1 Netapp | 1 Data Ontap | 2020-08-24 | 4.3 MEDIUM | 7.5 HIGH |
| Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 are susceptible to a vulnerability which discloses information to an unauthenticated attacker. A successful attack requires that multiple non-default options be enabled. | |||||
| CVE-2019-5498 | 1 Netapp | 1 Oncommand Insight | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| OnCommand Insight versions through 7.3.6 may disclose sensitive account information to an authenticated user. | |||||
| CVE-2019-5501 | 1 Netapp | 1 Data Ontap | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 may disclose sensitive LDAP account information to unauthenticated remote attackers. | |||||
| CVE-2019-5507 | 1 Netapp | 1 Snapmanager | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| SnapManager for Oracle prior to version 3.4.2P1 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information. | |||||
| CVE-2019-5585 | 1 Forticlient | 1 Forticlient | 2020-08-24 | 3.6 LOW | 6.1 MEDIUM |
| An improper access control vulnerability in FortiClientMac before 6.0.5 may allow an attacker to affect the application's performance via modifying the contents of a file used by several FortiClientMac processes. | |||||
| CVE-2019-5596 | 1 Freebsd | 1 Freebsd | 2020-08-24 | 7.2 HIGH | 8.8 HIGH |
| In FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE before r343781, and 12.0-RELEASE before 12.0-RELEASE-p3, a bug in the reference count implementation for UNIX domain sockets can cause a file structure to be incorrectly released potentially allowing a malicious local user to gain root privileges or escape from a jail. | |||||
| CVE-2019-5616 | 1 Broadcastboxes | 2 Scion-8, Scion-8 Firmware | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| CircuitWerkes Sicon-8, a hardware device used for managing electrical devices, ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user's web browser. | |||||
| CVE-2019-5689 | 1 Nvidia | 1 Geforce Experience | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability in the Downloader component in which a user with local system access can craft input that may allow malicious files to be downloaded and saved. This behavior may lead to code execution, denial of service, or information disclosure. | |||||
| CVE-2019-5697 | 1 Nvidia | 1 Virtual Gpu Manager | 2020-08-24 | 3.6 LOW | 7.1 HIGH |
| NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in which it may grant a guest access to memory that it does not own, which may lead to information disclosure or denial of service. | |||||
| CVE-2019-5766 | 4 Debian, Fedoraproject, Google and 1 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||