Uncategorized CVEs — 2019 (Page 2/22)

2019-12-10

Medium

CVE-2019-13755

Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensions via a crafted HTML page.

CVSS: 4.3CWE: N/A

Medium

CVE-2019-13754

Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

CVSS: 4.3CWE: N/A

Medium

CVE-2019-13749

Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVSS: 6.5CWE: N/A

Medium

CVE-2019-13746

Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVSS: 6.5CWE: N/A

Medium

CVE-2019-13745

Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVSS: 6.5CWE: N/A

Medium

CVE-2019-13743

Incorrect security UI in external protocol handling in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof security UI via a crafted HTML page.

CVSS: 6.5CWE: N/A

Medium

CVE-2019-13742

Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

CVSS: 6.5CWE: N/A

Medium

CVE-2019-13739

Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

CVSS: 6.5CWE: N/A

Medium

CVE-2019-13672

Incorrect security UI in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page on iOS.

CVSS: 6.5CWE: N/A

High

CVE-2019-6183

A denial of service vulnerability has been reported in Lenovo Energy Management Driver for Windows 10 versions prior to 15.11.29.7 that could cause systems to experience a blue screen error. Lenovo E…

CVSS: 7.5CWE: N/A

2019-12-09

High

CVE-2019-19603

SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.

CVSS: 7.5CWE: N/A

Medium

CVE-2015-1853

chrony before 1.31.1 does not properly protect state variables in authenticated symmetric NTP associations, which allows remote attackers with knowledge of NTP peering to cause a denial of service (i…

CVSS: 6.5CWE: N/A

2019-12-06

High

CVE-2019-2221

In hasActivityInVisibleTask of WindowProcessController.java there’s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could le…

CVSS: 7.8CWE: N/A

Medium

CVE-2019-2220

In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additio…

CVSS: 5.5CWE: N/A

High

CVE-2019-12733

SiteVision 4 allows Remote Code Execution.

CVSS: 8.8CWE: N/A

Critical

CVE-2019-19617

phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php.

CVSS: 9.8CWE: N/A

2019-12-05

Medium

CVE-2019-19546

Norton Password Manager, prior to 6.6.2.5, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an ac…

CVSS: 6.5CWE: N/A

High

CVE-2019-17387

An authentication flaw in the AVPNC_RP service in Aviatrix VPN Client through 2.2.10 allows an attacker to gain elevated privileges through arbitrary code execution on Windows, Linux, and macOS.

CVSS: 7.8CWE: N/A

2019-12-03

High

CVE-2013-7325

An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball.

CVSS: 8.8CWE: N/A

Medium

CVE-2019-3666

API Abuse/Misuse vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to navigate to restricted websites via a c…

CVSS: 6.5CWE: N/A

2019-12-02

High

CVE-2019-12391

The Anviz Management System for access control has insufficient logging for device events such as door open requests.

CVSS: 7.5CWE: N/A

Critical

CVE-2019-15631

Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code.

CVSS: 9.8CWE: N/A

2019-11-29

Low

CVE-2019-5308

Mate 20 RS smartphones with versions earlier than 9.1.0.135(C786E133R3P1) have an improper authorization vulnerability. The software does not properly restrict certain operation in ADB mode, successf…

CVSS: 2.4CWE: N/A

Medium

CVE-2019-5271

There is an information leak vulnerability in Huawei smart speaker Myna. When the smart speaker is paired with the cloud through Wi-Fi, the speaker incorrectly processes some data. Attackers can expl…

CVSS: 5.4CWE: N/A

High

CVE-2019-5269

Some Huawei home routers have an improper authorization vulnerability. Due to improper authorization of certain programs, an attacker can exploit this vulnerability to execute uploaded malicious file…

CVSS: 7.8CWE: N/A

Medium

CVE-2019-5211

The Huawei Share function of P20 phones with versions earlier than Emily-L29C 9.1.0.311 has an improper file management vulnerability. The attacker tricks the victim to perform certain operations on…

CVSS: 5.7CWE: N/A

2019-11-28

Medium

CVE-2019-19379

In app/Controller/TagsController.php in MISP 2.4.118, users can bypass intended restrictions on tagging data.

CVSS: 5.3CWE: N/A

2019-11-27

High

CVE-2019-6673

On versions 15.0.0-15.0.1 and 14.0.0-14.1.2, when the BIG-IP is configured in HTTP/2 Full Proxy mode, specifically crafted requests may cause a disruption of service provided by the Traffic Managemen…

CVSS: 7.5CWE: N/A

High

CVE-2019-6672

On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, and 13.1.0-13.1.3.1, when bad-actor detection is configured on a wildcard virtual server on platforms with hardware-based sPVA, the performance of the BIG-…

CVSS: 7.5CWE: N/A

High

CVE-2019-6669

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5.1, undisclosed traffic flow may cause TMM to restart under some circumstances.

CVSS: 7.5CWE: N/A

High

CVE-2019-6666

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, and 13.1.0-13.1.1.4, the TMM process may produce a core file when an upstream server or cache sends the BIG-IP an invalid age header value.

CVSS: 7.5CWE: N/A

Critical

CVE-2019-6665

On BIG-IP ASM 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, BIG-IQ 6.0.0 and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, an attacker with access to the device comm…

CVSS: 9.4CWE: N/A

High

CVE-2019-6674

On F5 SSL Orchestrator 15.0.0-15.0.1 and 14.0.0-14.1.2, TMM may crash when processing SSLO data in a service-chaining configuration.

CVSS: 7.5CWE: N/A

High

CVE-2011-2177

OpenOffice.org v3.3 allows execution of arbitrary code with the privileges of the user running the OpenOffice.org suite tools.

CVSS: 7.8CWE: N/A

2019-11-26

Medium

CVE-2019-18448

An issue was discovered in GitLab Community and Enterprise Edition before 12.4. It has Incorrect Access Control.

CVSS: 6.5CWE: N/A

Medium

CVE-2019-15845

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions.

CVSS: 6.5CWE: N/A

Critical

CVE-2019-12523

An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go t…

CVSS: 9.1CWE: N/A

Medium

CVE-2019-15687

Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection compon…

CVSS: 6.5CWE: N/A

Medium

CVE-2019-15686

Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection compon…

CVSS: 4.3CWE: N/A

Medium

CVE-2019-15685

Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection compon…

CVSS: 4.3CWE: N/A

Medium

CVE-2019-15996

A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. The vulner…

CVSS: 6.7CWE: CWE-264

Medium

CVE-2019-15960

A vulnerability in the Webex Network Recording Admin page of Cisco Webex Meetings could allow an authenticated, remote attacker to elevate privileges in the context of the affected page. To exploit t…

CVSS: 5.4CWE: CWE-264

2019-11-25

High

CVE-2019-15629

Trend Micro Password Manager versions 3.x, 5.0, and 5.1 for Android is affected by a FLAG_MISUSE vulnerability that could be exploited to allow the application to share information to third-party app…

CVSS: 7.5CWE: N/A

High

CVE-2019-19244

sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.

CVSS: 7.5CWE: N/A

Medium

CVE-2019-4406

IBM Spectrum Protect Backup-Archive Client 7.1 and 8.1 may be vulnerable to a denial of service attack due to a timing issue between client and server TCP/IP communications. IBM X-Force ID: 162477.

CVSS: 4.4CWE: N/A

Medium

CVE-2019-15684

Kaspersky Protection extension for web browser Google Chrome prior to 30.112.62.0 was vulnerable to unauthorized access to its features remotely that could lead to removing other installed extensions.

CVSS: 4.3CWE: N/A

Medium

CVE-2019-5875

Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVSS: 4.3CWE: N/A

High

CVE-2019-5874

Insufficient filtering in URI schemes in Google Chrome on Windows prior to 77.0.3865.75 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

CVSS: 8.8CWE: N/A

Medium

CVE-2019-5873

Insufficient policy validation in navigation in Google Chrome on iOS prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVSS: 4.3CWE: N/A

High

CVE-2019-5859

Insufficient filtering in URI schemes in Google Chrome on Windows prior to 76.0.3809.87 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

CVSS: 8.8CWE: N/A

Medium

CVE-2019-13718

Insufficient data validation in Omnibox in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

CVSS: 4.3CWE: N/A

Medium

CVE-2019-13713

Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVSS: 6.5CWE: N/A

Medium

CVE-2019-13711

Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVSS: 5.3CWE: N/A

Medium

CVE-2019-13710

Insufficient validation of untrusted input in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page.

CVSS: 4.3CWE: N/A

Medium

CVE-2019-13691

Insufficient validation of untrusted input in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVSS: 4.3CWE: N/A

Medium

CVE-2019-13680

Inappropriate implementation in TLS in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof client IP address to websites via crafted TLS connections.

CVSS: 5.3CWE: N/A

Medium

CVE-2019-13678

Incorrect data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

CVSS: 6.5CWE: N/A

Medium

CVE-2019-13674

IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

CVSS: 4.3CWE: N/A

Medium

CVE-2019-13671

UI spoofing in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof security UI via a crafted HTML page.

CVSS: 4.3CWE: N/A

Medium

CVE-2019-13669

Incorrect data validation in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVSS: 4.3CWE: N/A

Medium

CVE-2019-13667

Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVSS: 4.3CWE: N/A

Medium

CVE-2019-13663

IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

CVSS: 4.3CWE: N/A

Medium

CVE-2019-13661

UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page.

CVSS: 4.3CWE: N/A

Medium

CVE-2019-13660

UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page.

CVSS: 5.3CWE: N/A

Medium

CVE-2019-13659

IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

CVSS: 4.3CWE: N/A

2019-11-22

Medium

CVE-2019-16287

In HP ThinPro Linux 6.2, 6.2.1, 7.0 and 7.1, an attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose…

CVSS: 6.8CWE: N/A

Medium

CVE-2019-4243

IBM SmartCloud Analytics 1.3.1 through 1.3.5 allows unauthorized disclosure of information like accessing solrconfig.xml and could allow an attacker to perform disruptive administrator tasks. IBM X-F…

CVSS: 4.4CWE: N/A

Medium

CVE-2019-3428

The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a configuration error vulnerability. An attacker could directly access the management portal in HTTP, resulting in users’ informatio…

CVSS: 6.5CWE: N/A

2019-11-21

Critical

CVE-2019-18933

In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication (e.g., GitHub or Google SSO) in an…

CVSS: 9.8CWE: N/A

Critical

CVE-2019-18349

HotkeyP through 4.9 r96 allows privilege escalation in the privilege function in Commands.cpp.

CVSS: 9.8CWE: N/A

High

CVE-2019-16405

Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location setting…

CVSS: 7.2CWE: N/A

High

CVE-2019-17272

All versions of ONTAP Select Deploy administration utility are susceptible to a vulnerability which when successfully exploited could allow an administrative user to escalate their privileges.

CVSS: 7.2CWE: N/A

High

CVE-2019-2315

While invoking the API to copy from fd or local buffer to the secure buffer, Parameters being populated are from non secure environment. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivit…

CVSS: 7.8CWE: N/A

High

CVE-2019-10617

Low privilege users can access service configuration which contains registry data that admins uses to create or delete entries in the registry in QCA6174_9377.WIN.1.0 in QCA6174_9377

CVSS: 7.8CWE: N/A

2019-11-20

Medium

CVE-2019-4530

IBM Maximo Asset Management 7.6, 7.6.1, and 7.6.1.1 could allow an authenticated user to delete a record that they should not normally be able to. IBM X-Force ID: 165586.

CVSS: 6.5CWE: N/A

High

CVE-2019-5542

VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain a denial-of-service vulnerability in the RPC handler. Successful exploitation of this issue may allow attackers with no…

CVSS: 7.7CWE: N/A

Critical

CVE-2016-9652

Multiple unspecified vulnerabilities in Google Chrome before 55.0.2883.75.

CVSS: 9.8CWE: N/A

Critical

CVE-2016-5194

Unspecified vulnerabilities in Google Chrome before 54.0.2840.59.

CVSS: 9.8CWE: N/A

High

CVE-2019-6191

A potential vulnerability in the discontinued LenovoPaper software version 1.0.0.22 may allow local privilege escalation.

CVSS: 7.8CWE: N/A

High

CVE-2019-6186

A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an authenticated user to execute code as another user.

CVSS: 8.8CWE: N/A

High

CVE-2019-6184

A potential vulnerability in the discontinued Customer Engagement Service (CCSDK) software version 2.0.21.1 may allow local privilege escalation.

CVSS: 7.8CWE: N/A

High

CVE-2019-6176

A potential vulnerability reported in ThinkPad USB-C Dock Firmware version 3.7.2 may allow a denial of service.

CVSS: 7.5CWE: N/A

2019-11-18

High

CVE-2019-12422

Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack.

CVSS: 7.5CWE: N/A

Medium

CVE-2019-18373

Norton App Lock, prior to 1.4.0.503, may be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking other apps o…

CVSS: 5.6CWE: N/A

High

CVE-2019-3424

authentication issues vulnerability, which exists in V2.1.14 and below versions of C520V21 smart camera devices. An attacker can automatically obtain access to web services from the authorized browse…

CVSS: 8.2CWE: N/A

Medium

CVE-2019-5688

NVIDIA NVFlash, NVUFlash Tool prior to v5.588.0 and GPUModeSwitch Tool prior to 2019-11, NVIDIA kernel mode driver (nvflash.sys, nvflsh32.sys, and nvflsh64.sys) contains a vulnerability in which auth…

CVSS: 6.7CWE: N/A

Critical

CVE-2011-5331

Distributed Ruby (aka DRuby) 1.8 mishandles instance_eval.

CVSS: 9.8CWE: N/A

Critical

CVE-2011-5330

Distributed Ruby (aka DRuby) 1.8 mishandles the sending of syscalls.

CVSS: 9.8CWE: N/A

2019-11-15

High

CVE-2019-6664

On BIG-IP 15.0.0 and 14.1.0-14.1.0.6, under certain conditions, network protections on the management port do not follow current best practices.

CVSS: 7.5CWE: N/A

High

CVE-2019-6659

On version 14.0.0-14.1.0.1, BIG-IP virtual servers with TLSv1.3 enabled may experience a denial of service due to undisclosed incoming messages.

CVSS: 7.5CWE: N/A

High

CVE-2019-18372

Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software applic…

CVSS: 7.8CWE: N/A

High

CVE-2019-12759

Symantec Endpoint Protection Manager (SEPM) and Symantec Mail Security for MS Exchange (SMSMSE), prior to versions 14.2 RU2 and 7.5.x respectively, may be susceptible to a privilege escalation vulner…

CVSS: 7.8CWE: N/A

High

CVE-2019-12757

Symantec Endpoint Protection (SEP), prior to 14.2 RU2 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to 12.1 RU6 MP10d (12.1.7510.7002), may be susceptible to…

CVSS: 7.8CWE: N/A

Low

CVE-2019-12756

Symantec Endpoint Protection (SEP), prior to 14.2 RU2 may be susceptible to a password protection bypass vulnerability whereby the secondary layer of password protection could by bypassed for individ…

CVSS: 2.3CWE: N/A

High

CVE-2014-0021

Chrony before 1.29.1 has traffic amplification in cmdmon protocol

CVSS: 7.5CWE: N/A

Critical

CVE-2019-14345

TemaTres 3.0 allows remote unprivileged users to create an administrator account

CVSS: 9.8CWE: N/A

Critical

CVE-2019-18928

Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived…

CVSS: 9.8CWE: N/A

2019-11-14

High

CVE-2019-15804

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. By sending a signal to the CLI process, undocumented functionality is triggered. Specifically, a menu can be trigg…

CVSS: 7.5CWE: N/A

Medium

CVE-2019-0184

Insufficient access control in protected memory subsystem for Intel(R) TXT for 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 Fami…

CVSS: 5.5CWE: N/A

High

CVE-2019-0124

Insufficient memory protection in Intel(R) 6th Generation Core Processors and greater, supporting TXT, may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS: 7.8CWE: N/A

High

CVE-2019-0123

Insufficient memory protection in Intel(R) 6th Generation Core Processors and greater, supporting SGX, may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS: 7.8CWE: N/A

Medium

CVE-2019-0117

Insufficient access control in protected memory subsystem for Intel(R) SGX for 6th, 7th, 8th, 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Xeon(R) Processor E3-1500 v5, v6 Families;…

CVSS: 4.4CWE: N/A

Critical

CVE-2013-4108

Multiple unspecified vulnerabilities in Cryptocat Project Cryptocat 2.0.18 have unknown impact and attack vectors.

CVSS: 9.8CWE: N/A

Medium

CVE-2019-11135

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.

CVSS: 6.5CWE: N/A

Medium

CVE-2019-0185

Insufficient access control in protected memory subsystem for SMM for 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor families; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 families; Int…

CVSS: 5.5CWE: N/A

High

CVE-2019-0155

Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Go…

CVSS: 7.8CWE: N/A

Medium

CVE-2019-0154

Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold…

CVSS: 5.5CWE: N/A

Medium

CVE-2019-0150

Insufficient access control in firmware Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow a privileged user to potentially enable a denial of service via local access.

CVSS: 5.1CWE: N/A

High

CVE-2019-0142

Insufficient access control in ilp60x64.sys driver for Intel(R) Ethernet 700 Series Controllers before version 1.33.0.0 may allow a privileged user to potentially enable escalation of privilege via l…

CVSS: 8.2CWE: N/A

Medium

CVE-2019-0139

Insufficient access control in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow a privileged user to potentially enable an escalation of privilege, denial of service…

CVSS: 6.7CWE: N/A

High

CVE-2019-16110

The network protocol of Blade Shadow though 2.13.3 allows remote attackers to take control of a Shadow instance and execute arbitrary code by only knowing the victim's IP address, because packet data…

CVSS: 8.1CWE: N/A

Medium

CVE-2019-15471

The Xiaomi Mi Mix 2S Android device with a build fingerprint of Xiaomi/polaris/polaris:8.0.0/OPR1.170623.032/V9.5.19.0.ODGMIFA:user/release-keys contains a pre-installed app with a package name of co…

CVSS: 5.5CWE: N/A

Medium

CVE-2019-15470

The Xiaomi Redmi Note 6 Pro Android device with a build fingerprint of xiaomi/tulip/tulip:8.1.0/OPM1.171019.011/V10.2.2.0.OEKMIXM:user/release-keys contains a pre-installed app with a package name of…

CVSS: 5.5CWE: N/A

Medium

CVE-2019-15469

The Xiaomi Mi Pad 4 Android device with a build fingerprint of Xiaomi/clover/clover:8.1.0/OPM1.171019.019/V9.6.26.0.ODJCNFD:user/release-keys contains a pre-installed app with a package name of com.q…

CVSS: 5.5CWE: N/A

High

CVE-2019-15465

The Samsung J7 Pro Android device with a build fingerprint of samsung/j7y17lteubm/j7y17lte:8.1.0/M1AJQ/J730GMUBS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung…

CVSS: 7.8CWE: N/A

High

CVE-2019-15464

The Samsung J7 Pro Android device with a build fingerprint of samsung/j7y17lteub/j7y17lte:8.1.0/M1AJQ/J730GUBS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.a…

CVSS: 7.8CWE: N/A

High

CVE-2019-15463

The Samsung j7popeltemtr Android device with a build fingerprint of samsung/j7popeltemtr/j7popeltemtr:8.1.0/M1AJQ/J727T1UVS5BSC2:user/release-keys contains a pre-installed app with a package name of…

CVSS: 7.8CWE: N/A

High

CVE-2019-15462

The Samsung J7 Duo Android device with a build fingerprint of samsung/j7duolteub/j7duolte:8.0.0/R16NW/J720MUBS3ASB2:user/release-keys contains a pre-installed app with a package name of com.samsung.a…

CVSS: 7.8CWE: N/A

High

CVE-2019-15461

The Samsung J7 Neo Android device with a build fingerprint of samsung/j7velteub/j7velte:8.1.0/M1AJQ/J701MUBS6BSB4:user/release-keys contains a pre-installed app with a package name of com.samsung.and…

CVSS: 7.8CWE: N/A

High

CVE-2019-15460

The Samsung J7 Neo Android device with a build fingerprint of samsung/j7veltedx/j7velte:8.1.0/M1AJQ/J701FXVS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.and…

CVSS: 7.8CWE: N/A