| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
601 |
CVE-2019-1552 |
295 |
|
|
2019-07-30 |
2021-07-31 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / --openssldir configuration options. For OpenSSL versions 1.1.0 and 1.1.1, the mingw configuration targets assume that resulting programs and libraries are installed in a Unix-like environment and the default prefix for program installation as well as for OPENSSLDIR should be '/usr/local'. However, mingw programs are Windows programs, and as such, find themselves looking at sub-directories of 'C:/usr/local', which may be world writable, which enables untrusted users to modify OpenSSL's default configuration, insert CA certificates, modify (or even replace) existing engine modules, etc. For OpenSSL 1.0.2, '/usr/local/ssl' is used as default for OPENSSLDIR on all Unix and Windows targets, including Visual C builds. However, some build instructions for the diverse Windows targets on 1.0.2 encourage you to specify your own --prefix. OpenSSL versions 1.1.1, 1.1.0 and 1.0.2 are affected by this issue. Due to the limited scope of affected deployments this has been assessed as low severity and therefore we are not creating new releases at this time. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s). |
|
602 |
CVE-2019-1573 |
311 |
|
|
2019-04-09 |
2021-09-14 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS may allow a local authenticated attacker who has compromised the end-user account and gained the ability to inspect memory, to access authentication and/or session tokens and replay them to spoof the VPN session and gain access as the user. |
|
603 |
CVE-2019-1677 |
79 |
|
Exec Code XSS |
2019-02-07 |
2019-10-09 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
A vulnerability in Cisco Webex Meetings for Android could allow an unauthenticated, local attacker to perform a cross-site scripting attack against the application. The vulnerability is due to insufficient validation of the application input parameters. An attacker could exploit this vulnerability by sending a malicious request to the Webex Meetings application through an intent. A successful exploit could allow the attacker to execute script code in the context of the Webex Meetings application. Versions prior to 11.7.0.236 are affected. |
|
604 |
CVE-2019-2088 |
125 |
|
|
2020-03-15 |
2020-03-17 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
In StatsService, there is a possible out of bounds read. This could lead to local information disclosure if UBSAN were not enabled, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-143895055 |
|
605 |
CVE-2019-2389 |
20 |
|
|
2019-08-30 |
2020-09-29 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.11; v3.6 versions prior to 3.6.14; v3.4 versions prior to 3.4.22. |
|
606 |
CVE-2019-2525 |
|
|
|
2019-01-16 |
2020-08-24 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 5.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N). |
|
607 |
CVE-2019-2535 |
|
|
|
2019-01-16 |
2020-08-24 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 8.0.13 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). |
|
608 |
CVE-2019-2634 |
|
|
|
2019-04-23 |
2020-08-24 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). |
|
609 |
CVE-2019-2745 |
|
|
Exec Code |
2019-07-23 |
2022-05-13 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u221, 8u212 and 11.0.3. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). |
|
610 |
CVE-2019-2850 |
|
|
DoS |
2019-07-23 |
2021-02-16 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 2.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L). |
|
611 |
CVE-2019-3016 |
362 |
|
|
2020-01-31 |
2020-06-10 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out. |
|
612 |
CVE-2019-3422 |
200 |
|
+Info |
2019-11-07 |
2020-08-28 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The Sec Consult Security Lab reported an information disclosure vulnerability in MF910S product to ZTE PSIRT in October 2019. Through the analysis of related product team, the information disclosure vulnerability is confirmed. The MF910S product's one-click upgrade tool can obtain the Telnet remote login password in the reverse way. If Telnet is opened, the attacker can remotely log in to the device through the cracked password, resulting in information leakage. The MF910S was end of service on October 23, 2019, ZTE recommends users to choose new products for the purpose of better security. |
|
613 |
CVE-2019-3606 |
312 |
|
+Info |
2019-03-26 |
2020-08-24 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management (NSM) 9.1 < 9.1.7.75 (Update 4) and 9.2 < 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GUI terminal commands. |
|
614 |
CVE-2019-3687 |
276 |
|
|
2020-01-24 |
2020-03-05 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The permission package in SUSE Linux Enterprise Server allowed all local users to run dumpcap in the "easy" permission profile and sniff network traffic. This issue affects: SUSE Linux Enterprise Server permissions versions starting from 85c83fef7e017f8ab7f8602d3163786d57344439 to 081d081dcfaf61710bda34bc21c80c66276119aa. |
|
615 |
CVE-2019-3767 |
312 |
|
|
2019-10-14 |
2020-10-16 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Dell ImageAssist versions prior to 8.7.15 contain an information disclosure vulnerability. Dell ImageAssist stores some sensitive encrypted information in the images it creates. A privileged user of a system running an operating system that was deployed with Dell ImageAssist could potentially retrieve this sensitive information to then compromise the system and related systems. |
|
616 |
CVE-2019-3832 |
125 |
|
|
2019-03-21 |
2020-10-29 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash. |
|
617 |
CVE-2019-3901 |
667 |
|
Bypass |
2019-04-22 |
2020-12-04 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged execve() calls. This issue affects kernel versions before 4.8. |
|
618 |
CVE-2019-3998 |
287 |
|
Bypass |
2020-02-13 |
2020-02-25 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
Authentication bypass using an alternate path or channel in SimpliSafe SS3 firmware 1.4 allows a local, unauthenticated attacker to modify the Wi-Fi network the base station connects to. |
|
619 |
CVE-2019-4299 |
532 |
|
+Info |
2019-07-01 |
2019-10-09 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
IBM Robotic Process Automation with Automation Anywhere 11 could allow a local user to obtain highly sensitive information from log files when debugging is enabled. IBM X-Force ID: 160765. |
|
620 |
CVE-2019-5213 |
287 |
|
|
2019-11-12 |
2019-11-15 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8) have an insufficient authentication vulnerability. The system has a logic judge error under certain scenario. Successful exploit could allow the attacker to modify the alarm clock settings after a serious of uncommon operations without unlock the screen lock. |
|
621 |
CVE-2019-6648 |
532 |
|
|
2019-09-04 |
2019-10-09 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration. |
|
622 |
CVE-2019-8757 |
362 |
|
|
2019-12-18 |
2019-12-26 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
A race condition existed when reading and writing user preferences. This was addressed with improved state handling. This issue is fixed in macOS Catalina 10.15. The "Share Mac Analytics" setting may not be disabled when a user deselects the switch to share analytics. |
|
623 |
CVE-2019-9235 |
125 |
|
|
2019-09-27 |
2019-10-03 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122323053 |
|
624 |
CVE-2019-9236 |
125 |
|
|
2019-09-27 |
2019-10-04 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122322613 |
|
625 |
CVE-2019-9239 |
125 |
|
|
2019-09-27 |
2019-10-02 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-121263487 |
|
626 |
CVE-2019-9240 |
125 |
|
|
2019-09-27 |
2019-10-02 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-121150966 |
|
627 |
CVE-2019-9242 |
125 |
|
|
2019-09-27 |
2019-10-04 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-121035878 |
|
628 |
CVE-2019-9244 |
125 |
|
|
2019-09-27 |
2019-10-02 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120865977 |
|
629 |
CVE-2019-9246 |
125 |
|
|
2019-09-27 |
2019-10-07 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120428637 |
|
630 |
CVE-2019-9251 |
125 |
|
|
2019-09-27 |
2019-10-04 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120274615 |
|
631 |
CVE-2019-9296 |
125 |
|
|
2019-09-27 |
2019-10-02 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112162089 |
|
632 |
CVE-2019-9344 |
125 |
|
|
2019-09-27 |
2019-10-02 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
In NFC server, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120845341 |
|
633 |
CVE-2019-9356 |
125 |
|
|
2019-09-27 |
2019-10-07 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
In NFC server, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111699773 |
|
634 |
CVE-2019-9383 |
125 |
|
|
2019-09-27 |
2019-10-02 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
In NFC server, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120843827 |
|
635 |
CVE-2019-9421 |
125 |
|
Overflow |
2019-09-27 |
2020-08-24 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
In libandroidfw, there is a possible OOB read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111215250 |
|
636 |
CVE-2019-10210 |
522 |
|
|
2019-10-29 |
2021-10-28 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file. |
|
637 |
CVE-2019-11191 |
362 |
|
Bypass |
2019-04-12 |
2019-06-17 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
** DISPUTED ** The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aout.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. NOTE: the software maintainer disputes that this is a vulnerability because ASLR for a.out format executables has never been supported. |
|
638 |
CVE-2019-11244 |
732 |
|
|
2019-04-22 |
2020-10-02 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). If --cache-dir is specified and pointed at a different location accessible to other users/groups, the written files may be modified by other users/groups and disrupt the kubectl invocation. |
|
639 |
CVE-2019-11288 |
|
|
|
2020-01-27 |
2021-11-02 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
In Pivotal tc Server, 3.x versions prior to 3.2.19 and 4.x versions prior to 4.0.10, and Pivotal tc Runtimes, 7.x versions prior to 7.0.99.B, 8.x versions prior to 8.5.47.A, and 9.x versions prior to 9.0.27.A, when a tc Runtime instance is configured with the JMX Socket Listener, a local attacker without access to the tc Runtime process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the tc Runtime instance. |
|
640 |
CVE-2019-11482 |
367 |
|
|
2020-02-08 |
2020-02-12 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories. |
|
641 |
CVE-2019-12400 |
20 |
|
|
2019-08-23 |
2022-04-13 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this implementation might be cached and re-used by Apache Santuario - XML Security for Java, leading to potential security flaws when validating signed documents, etc. The vulnerability affects Apache Santuario - XML Security for Java 2.0.x releases from 2.0.3 and all 2.1.x releases before 2.1.4. |
|
642 |
CVE-2019-12762 |
|
|
|
2019-06-06 |
2021-03-27 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch. |
|
643 |
CVE-2019-14353 |
200 |
|
+Info |
2019-08-08 |
2021-07-21 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
On Trezor One devices before 1.8.2, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. NOTE: this CVE applies exclusively to the Trezor One, and does not refer to any issues with OLED displays on other devices. |
|
644 |
CVE-2019-14354 |
200 |
|
+Info |
2019-08-10 |
2021-07-21 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
On Ledger Nano S and Nano X devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. |
|
645 |
CVE-2019-14355 |
200 |
|
+Info |
2019-08-10 |
2021-07-21 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
** DISPUTED ** On ShapeShift KeepKey devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover secret data shown on the display. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. NOTE: the vendor's position is that there is "insignificant risk." |
|
646 |
CVE-2019-14357 |
200 |
|
+Info |
2019-08-10 |
2021-07-21 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
** DISPUTED ** On Mooltipass Mini devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. NOTE: the vendor's position is that an attack is not "realistically implementable." |
|
647 |
CVE-2019-14358 |
200 |
|
+Info |
2019-11-02 |
2021-07-21 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
On Archos Safe-T devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. |
|
648 |
CVE-2019-14360 |
200 |
|
+Info |
2019-11-02 |
2021-07-21 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
On Hyundai Pay Kasse HK-1000 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. |
|
649 |
CVE-2019-14615 |
200 |
|
+Info |
2020-01-17 |
2021-07-21 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access. |
|
650 |
CVE-2019-14759 |
74 |
|
|
2020-09-14 |
2021-07-21 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in KaiOS 1.0, 2.5, and 2.5.1. The pre-installed Radio application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Radio application. At a bare minimum, this allows an attacker to take control over the Radio application's UI (e.g., display a malicious prompt to the user asking them to re-enter credentials such as their KaiOS credentials to continue using the application) and also allows an attacker to abuse any of the privileges available to the mobile application. |
