CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2051 CVE-2019-1010208 119 Exec Code Overflow 2019-07-23 2019-08-05
2.1
None Local Low Not required Partial None None
IDRIX, Truecrypt Veracrypt, Truecrypt Prior to 1.23-Hotfix-1 (Veracrypt), all versions (Truecrypt) is affected by: Buffer Overflow. The impact is: Minor information disclosure of kernel stack. The component is: Veracrypt NT Driver (veracrypt.sys). The attack vector is: Locally executed code, IOCTL request to driver. The fixed version is: 1.23-Hotfix-1.
2052 CVE-2019-1003048 311 2019-03-28 2020-09-29
2.1
None Local Low Not required Partial None None
A vulnerability in Jenkins PRQA Plugin 3.1.0 and earlier allows attackers with local file system access to the Jenkins home directory to obtain the unencrypted password from the plugin configuration.
2053 CVE-2019-1003044 352 CSRF 2019-03-28 2020-06-23
2.1
None Remote High ??? Partial None None
A cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
2054 CVE-2019-1003038 522 2019-03-08 2020-09-30
2.1
None Local Low Not required Partial None None
An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in src/main/java/org/jvnet/hudson/plugins/repositoryconnector/ArtifactDeployer.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/Repository.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/UserPwd.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the password stored in the plugin configuration.
2055 CVE-2019-1003017 352 2019-02-06 2019-10-09
2.6
None Remote High Not required None Partial None
A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentially installing additional plugins necessary to load the imported job's configuration.
2056 CVE-2019-25030 522 2021-05-26 2021-06-07
2.1
None Local Low Not required Partial None None
In Versa Director, Versa Analytics and VOS, Passwords are not hashed using an adaptive cryptographic hash function or key derivation function prior to storage. Popular hashing algorithms based on the Merkle-Damgardconstruction (such as MD5 and SHA-1) alone are insufficient in thwarting password cracking. Attackers can generate and use precomputed hashes for all possible password character combinations (commonly referred to as "rainbow tables") relatively quickly. The use of adaptive hashing algorithms such asscryptorbcryptor Key-Derivation Functions (i.e.PBKDF2) to hash passwords make generation of such rainbow tables computationally infeasible.
2057 CVE-2019-20872 918 2020-06-19 2020-06-23
2.1
None Local Low Not required Partial None None
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. SSRF can attack local services.
2058 CVE-2019-20811 2020-06-03 2020-09-23
2.1
None Local Low Not required None Partial None
An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.
2059 CVE-2019-20808 125 DoS 2020-12-31 2021-03-31
2.1
None Local Low Not required None None Partial
In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation. It occurs in the ati_cursor_define() routine while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service.
2060 CVE-2019-20806 476 DoS 2020-05-27 2020-06-19
2.1
None Local Low Not required None None Partial
An issue was discovered in the Linux kernel before 5.2. There is a NULL pointer dereference in tw5864_handle_frame() in drivers/media/pci/tw5864/tw5864-video.c, which may cause denial of service, aka CID-2e7682ebfc75.
2061 CVE-2019-20795 416 2020-05-09 2020-09-10
2.1
None Local Low Not required None None Partial
iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors (such as C library configuration) may block exploitability.
2062 CVE-2019-20784 2020-04-17 2020-04-24
2.1
None Local Low Not required None Partial None
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 (MTK chipsets) software. Interaction of GPS with 911 emergency calls is mishandled. The LG ID is LVE-SMP-180012 (January 2019).
2063 CVE-2019-20779 20 2020-04-17 2021-07-21
2.1
None Local Low Not required None None Partial
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. A TrustZone trusted application can crash via crafted input. The LG ID is LVE-SMP-190003 (May 2019).
2064 CVE-2019-20776 20 2020-04-17 2021-07-21
2.1
None Local Low Not required None None Partial
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. A TZ trusted application can crash via crafted input. The LG ID is LVE-SMP-190005 (July 2019).
2065 CVE-2019-20775 326 2020-04-17 2021-07-21
2.1
None Local Low Not required Partial None None
An issue was discovered on LG mobile devices with Android OS 9.0 (Qualcomm SDM450, SDM845, SM6150, and SM8150 chipsets) software. Weak encryption leads to local information disclosure. The LG ID is LVE-SMP-190010 (August 2019).
2066 CVE-2019-20774 200 +Info 2020-04-17 2021-07-21
2.1
None Local Low Not required Partial None None
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. A system service allows local retrieval of the user's password. The LG ID is LVE-SMP-190009 (August 2019).
2067 CVE-2019-20759 79 XSS 2020-04-16 2020-04-20
2.9
None Local Network Medium Not required None Partial None
NETGEAR R9000 devices before 1.0.4.26 are affected by stored XSS.
2068 CVE-2019-20744 200 +Info 2020-04-16 2021-07-21
2.7
None Local Network Low ??? Partial None None
NETGEAR WAC510 devices before 5.0.10.2 are affected by disclosure of sensitive information.
2069 CVE-2019-20743 79 XSS 2020-04-16 2020-04-20
2.9
None Local Network Medium Not required None Partial None
NETGEAR WAC510 devices before 8.0.1.3 are affected by stored XSS.
2070 CVE-2019-20742 79 XSS 2020-04-16 2020-04-20
2.9
None Local Network Medium Not required None Partial None
NETGEAR WAC510 devices before 8.0.1.3 are affected by stored XSS.
2071 CVE-2019-20729 20 2020-04-16 2021-07-21
2.1
None Local Low Not required None Partial None
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects JNDR3000 before 1.0.0.22, R6250 before 1.0.4.26, R6300v2 before 1.0.4.22, R6400 before 1.0.1.36, R6400v2 before 1.0.2.52, R6700 before 1.0.1.44, R6900 before 1.0.1.44, R7000 before 1.0.9.28, R6900P before 1.3.1.26, R7000P before 1.3.1.26, R7300DST before 1.0.0.62, R7900 before 1.0.2.16, R8000 before 1.0.4.18, R7900P before 1.4.1.42, R8000P before 1.4.1.42, R8300 before 1.0.2.116, R8500 before 1.0.2.116, WNDR3400v3 before 1.0.1.18, WNDR4500v2 before 1.0.0.68, and WNR3500Lv2 before 1.2.0.48.
2072 CVE-2019-20663 79 XSS 2020-04-15 2020-04-20
2.3
None Local Network Medium ??? None Partial None
Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.
2073 CVE-2019-20662 79 XSS 2020-04-15 2020-04-20
2.3
None Local Network Medium ??? None Partial None
Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.
2074 CVE-2019-20661 79 XSS 2020-04-15 2020-04-20
2.3
None Local Network Medium ??? None Partial None
Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.
2075 CVE-2019-20652 200 +Info 2020-04-15 2021-07-21
2.1
None Local Low Not required Partial None None
NETGEAR WAC505 devices before 8.2.1.16 are affected by disclosure of sensitive information.
2076 CVE-2019-20648 20 2020-04-15 2021-07-21
2.7
None Local Network Low ??? None Partial None
NETGEAR RN42400 devices before 6.10.2 are affected by incorrect configuration of security settings.
2077 CVE-2019-20647 DoS 2020-04-15 2020-04-17
2.7
None Local Network Low ??? None None Partial
NETGEAR RAX40 devices before 1.0.3.64 are affected by denial of service.
2078 CVE-2019-20625 200 +Info 2020-03-24 2021-07-21
2.1
None Local Low Not required Partial None None
An issue was discovered on Samsung mobile devices with N(7.1) and O(8.x) (Exynos chipsets) software. The ion debugfs driver allows information disclosure. The Samsung ID is SVE-2018-13427 (February 2019).
2079 CVE-2019-20615 20 Bypass 2020-03-24 2021-07-21
2.1
None Local Low Not required None Partial None
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. Attackers can bypass Factory Reset Protection (FRP) via SVoice T&C. The Samsung ID is SVE-2018-13547 (March 2019).
2080 CVE-2019-20598 200 +Info 2020-03-24 2021-07-21
2.1
None Local Low Not required Partial None None
An issue was discovered on Samsung mobile devices with O(8.x) software. Bixby leaks the keyboard's learned words, and the clipboard contents, via the lock screen. The Samsung IDs are SVE-2018-12896, SVE-2018-12897 (May 2019).
2081 CVE-2019-20595 306 2020-03-24 2020-08-24
2.1
None Local Low Not required None Partial None
An issue was discovered on Samsung mobile devices with P(9.0) software. Quick Panel allows enabling or disabling the Bluetooth stack without authentication. The Samsung ID is SVE-2019-14545 (July 2019).
2082 CVE-2019-20579 200 +Info 2020-03-24 2021-07-21
2.1
None Local Low Not required Partial None None
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Gallery allows attackers to enable Location information sharing from the lock screen. The Samsung ID is SVE-2019-14462 (August 2019).
2083 CVE-2019-20569 20 Bypass 2020-03-24 2021-07-21
2.1
None Local Low Not required None Partial None
An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via the status bar. The Samsung ID is SVE-2019-15089 (September 2019).
2084 CVE-2019-20559 200 +Info 2020-03-24 2021-07-21
2.1
None Local Low Not required Partial None None
An issue was discovered on Samsung mobile devices with P(9.0) software. Gallery allows viewing of photos on the lock screen. The Samsung ID is SVE-2019-15055 (October 2019).
2085 CVE-2019-20557 20 Bypass 2020-03-24 2021-07-21
2.1
None Local Low Not required None Partial None
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via a SIM card by blocking the PUK code. The Samsung ID is SVE-2019-15262 (October 2019).
2086 CVE-2019-20554 20 Bypass 2020-03-24 2021-07-21
2.1
None Local Low Not required None Partial None
An issue was discovered on Samsung mobile devices with O(8.x) software. Attackers can bypass Factory Reset Protection (FRP) via an external keyboard. The Samsung ID is SVE-2019-15164 (October 2019).
2087 CVE-2019-20550 200 +Info 2020-03-24 2021-07-21
2.1
None Local Low Not required Partial None None
An issue was discovered on Samsung mobile devices with O(8.x) (released in China and India) software. The S Secure app can access the content of a locked app without a password. The Samsung ID is SVE-2019-13805 (October 2019).
2088 CVE-2019-20543 Bypass 2020-03-24 2020-03-26
2.1
None Local Low Not required None Partial None
An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via SamsungPay mini. The Samsung ID is SVE-2019-15090 (November 2019).
2089 CVE-2019-20540 125 +Info 2020-03-24 2020-03-26
2.1
None Local Low Not required Partial None None
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. There is a buffer over-read and possible information leak in the core touch screen driver. The Samsung ID is SVE-2019-14942 (November 2019).
2090 CVE-2019-20535 2020-03-24 2020-03-27
2.1
None Local Low Not required None Partial None
An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) software. A connection to a new Bluetooth devices can be established from the lock screen. The Samsung ID is SVE-2019-15533 (December 2019).
2091 CVE-2019-20534 200 +Info 2020-03-24 2021-07-21
2.1
None Local Low Not required Partial None None
An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can view home-screen wallpaper by adjusting the brightness of a locked screen. The Samsung ID is SVE-2019-15540 (December 2019).
2092 CVE-2019-20533 287 2020-03-24 2020-03-26
2.1
None Local Low Not required None Partial None
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (released in China or India) software. The S Secure app can launch masked apps without a password. The Samsung ID is SVE-2019-13996 (December 2019).
2093 CVE-2019-20494 20 2020-03-17 2021-07-21
2.1
None Local Low Not required Partial None None
In cPanel before 82.0.18, Cpanel::Rand::Get can produce a predictable series of numbers (SEC-525).
2094 CVE-2019-20485 20 DoS 2020-03-19 2020-06-16
2.7
None Local Network Low ??? None None Partial
qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).
2095 CVE-2019-20422 755 2020-01-27 2020-03-13
2.1
None Local Low Not required None None Partial
In the Linux kernel before 5.3.4, fib6_rule_lookup in net/ipv6/ip6_fib.c mishandles the RT6_LOOKUP_F_DST_NOREF flag in a reference-count decision, leading to (for example) a crash that was identified by syzkaller, aka CID-7b09c2d052db.
2096 CVE-2019-20386 772 2020-01-21 2021-07-21
2.1
None Local Low Not required None None Partial
An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.
2097 CVE-2019-20384 281 2020-01-21 2021-07-21
2.1
None Local Low Not required None Partial None
Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners.
2098 CVE-2019-20382 401 2020-03-05 2020-07-26
2.7
None Local Network Low ??? None None Partial
QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.
2099 CVE-2019-19966 416 DoS 2019-12-25 2020-03-13
2.1
None Local Low Not required None None Partial
In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655.
2100 CVE-2019-19947 908 +Info 2019-12-24 2020-09-15
2.1
None Local Low Not required Partial None None
In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.