CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2151 CVE-2019-18256 522 2020-06-29 2021-10-29
2.1
None Local Low Not required Partial None None
BIOTRONIK CardioMessenger II, The affected products use individual per-device credentials that are stored in a recoverable format. An attacker with physical access to the CardioMessenger can use these credentials for network authentication and decryption of local data in transit.
2152 CVE-2019-18255 732 2021-02-18 2021-02-24
2.1
None Local Low Not required None Partial None
HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through section objects. This may allow privilege escalation.
2153 CVE-2019-18254 312 2020-06-29 2021-10-29
2.1
None Local Low Not required Partial None None
BIOTRONIK CardioMessenger II, The affected products do not encrypt sensitive information while at rest. An attacker with physical access to the CardioMessenger can disclose medical measurement data and the serial number from the implanted cardiac device the CardioMessenger is paired with.
2154 CVE-2019-18243 732 2021-02-18 2021-02-24
2.1
None Local Low Not required None Partial None
HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through the registry. This may allow privilege escalation.
2155 CVE-2019-17445 59 2019-11-22 2019-12-04
2.1
None Local Low Not required Partial None None
An issue was discovered in Eracent EDA, EPA, EPM, EUA, FLW, and SUM Agent through 10.2.26. The agent executable, when installed for non-root operations (scanning), can be forced to copy files from the filesystem to other locations via Symbolic Link Following.
2156 CVE-2019-17435 2019-10-16 2020-08-24
2.1
None Local Low Not required None Partial None
A Local Privilege Escalation vulnerability exists in the GlobalProtect Agent for Windows 5.0.3 and earlier, and GlobalProtect Agent for Windows 4.1.12 and earlier, in which the auto-update feature can allow for modification of a GlobalProtect Agent MSI installer package on disk before installation.
2157 CVE-2019-17401 125 2019-10-09 2019-10-11
2.1
None Local Low Not required None None Partial
** DISPUTED ** libyal liblnk 20191006 has a heap-based buffer over-read in the network_share_name_offset>20 code block of liblnk_location_information_read_data in liblnk_location_information.c, a different issue than CVE-2019-17264. NOTE: the vendor has disputed this as described in the GitHub issue.
2158 CVE-2019-17391 755 2019-11-14 2020-08-24
2.1
None Local Low Not required Partial None None
An issue was discovered in the Espressif ESP32 mask ROM code 2016-06-08 0 through 2. Lack of anti-glitch mitigations in the first stage bootloader of the ESP32 chip allows an attacker (with physical access to the device) to read the contents of read-protected eFuses, such as flash encryption and secure boot keys, by injecting a glitch into the power supply of the chip shortly after reset.
2159 CVE-2019-17264 125 2019-10-06 2021-07-21
2.1
None Local Low Not required None None Partial
** DISPUTED ** In libyal liblnk before 20191006, liblnk_location_information_read_data in liblnk_location_information.c has a heap-based buffer over-read because an incorrect variable name is used for a certain offset. NOTE: the vendor has disputed this as described in the GitHub issue.
2160 CVE-2019-17263 125 2019-10-06 2019-10-14
2.1
None Local Low Not required None None Partial
** DISPUTED ** In libyal libfwsi before 20191006, libfwsi_extension_block_copy_from_byte_stream in libfwsi_extension_block.c has a heap-based buffer over-read because rejection of an unsupported size only considers values less than 6, even though values of 6 and 7 are also unsupported. NOTE: the vendor has disputed this as described in the GitHub issue.
2161 CVE-2019-17103 276 2020-01-27 2020-02-03
2.1
None Local Low Not required Partial None None
An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for Mac allows an attacker to elevate permissions to read protected directories. This issue affects: Bitdefender AV for Mac versions prior to 8.0.0.
2162 CVE-2019-17056 276 2019-10-01 2019-10-25
2.1
None Local Low Not required None Partial None
llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176.
2163 CVE-2019-17055 20 2019-10-01 2021-07-21
2.1
None Local Low Not required None Partial None
base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21.
2164 CVE-2019-17054 276 2019-10-01 2019-10-25
2.1
None Local Low Not required None Partial None
atalk_create in net/appletalk/ddp.c in the AF_APPLETALK network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-6cc03e8aa36c.
2165 CVE-2019-17053 276 2019-10-01 2019-10-25
2.1
None Local Low Not required None Partial None
ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7.
2166 CVE-2019-17052 276 2019-10-01 2021-01-04
2.1
None Local Low Not required None Partial None
ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel 3.16 through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768.
2167 CVE-2019-17021 200 +Info 2020-01-08 2021-07-21
2.6
None Remote High Not required Partial None None
During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addresses from the parent process. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
2168 CVE-2019-16910 200 +Info 2019-09-26 2021-07-21
2.6
None Remote High Not required Partial None None
Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.)
2169 CVE-2019-16896 59 2019-12-27 2020-01-09
2.1
None Local Low Not required None Partial None
In K7 Ultimate Security 16.0.0117, the module K7BKCExt.dll (aka the backup module) improperly validates the administrative privileges of the user, allowing an arbitrary file write via a symbolic link attack with file restoration functionality.
2170 CVE-2019-16764 DoS 2019-11-25 2021-10-28
2.1
None Local Low Not required None None Partial
The use of `String.to_atom/1` in PowAssent is susceptible to denial of service attacks. In `PowAssent.Phoenix.AuthorizationController` a value is fetched from the user provided params, and `String.to_atom/1` is used to convert the binary value to an atom so it can be used to fetch the provider configuration value. This is unsafe as it is user provided data, and can be used to fill up the whole atom table of ~1M which will cause the app to crash.
2171 CVE-2019-16681 79 XSS 2019-09-21 2019-09-24
2.6
None Remote High Not required None Partial None
The Traveloka application 3.14.0 for Android exports com.traveloka.android.activity.common.WebViewActivity, leading to the opening of arbitrary URLs, which can inject deceptive content into the UI. (When in physical possession of the device, opening local files is also possible.) NOTE: As of 2019-09-23, the vendor has not agreed that this issue has serious impact. The vendor states that the issue is not critical because it does not allow Elevation of Privilege, Sensitive Data Leakage, or any critical unauthorized activity from a malicious user. The vendor also states that a victim must first install a malicious APK to their application.
2172 CVE-2019-16680 22 Dir. Trav. 2019-09-21 2019-12-20
2.6
None Remote High Not required None Partial None
An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.
2173 CVE-2019-16572 522 2019-12-17 2019-12-18
2.1
None Local Low Not required Partial None None
Jenkins Weibo Plugin 1.0.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
2174 CVE-2019-16543 522 2019-11-21 2019-12-03
2.1
None Local Low Not required Partial None None
Jenkins Spira Importer Plugin 3.2.2 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
2175 CVE-2019-16355 276 2019-09-16 2019-09-17
2.1
None Local Low Not required Partial None None
The File Session Manager in Beego 1.10.0 allows local users to read session files because of weak permissions for individual files.
2176 CVE-2019-16285 200 +Info 2019-11-22 2020-08-24
2.1
None Local Low Not required Partial None None
If a local user has been configured and logged in, an unauthenticated attacker with physical access may be able to extract sensitive information onto a local drive.
2177 CVE-2019-16248 2019-09-11 2021-10-18
2.1
None Local Low Not required Partial None None
The "delete for" feature in Telegram before 5.11 on Android does not delete shared media files from the Telegram Images directory. In other words, there is a potentially misleading UI indication that a sender can remove a recipient's copy of a previously sent image (analogous to supported functionality in which a sender can remove a recipient's copy of a previously sent message).
2178 CVE-2019-16210 532 2019-11-08 2021-07-21
2.1
None Local Low Not required Partial None None
Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save.
2179 CVE-2019-16206 532 2019-11-08 2021-07-21
2.1
None Local Low Not required Partial None None
The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credentials at the ‘trace’ and the 'debug' logging level; which could allow a local authenticated attacker to access sensitive information.
2180 CVE-2019-16000 345 Bypass 2020-09-23 2020-09-28
2.1
None Local Low Not required None Partial None
A vulnerability in the automatic update process of Cisco Umbrella Roaming Client for Windows could allow an authenticated, local attacker to install arbitrary, unapproved applications on a targeted device. The vulnerability is due to insufficient verification of the Windows Installer. An attacker could exploit this vulnerability by placing a file in a specific location in the Windows file system. A successful exploit could allow the attacker to bypass configured policy and install unapproved applications.
2181 CVE-2019-15967 2019-11-26 2020-10-16
2.1
None Local Low Not required Partial None None
A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an authenticated, local attacker to enable audio recording without notifying users. The vulnerability is due to the presence of unnecessary debug commands. An attacker could exploit this vulnerability by gaining unrestricted access to the restricted shell and using the specific debug commands. A successful exploit could allow the attacker to enable the microphone of an affected device to record audio without notifying users.
2182 CVE-2019-15919 416 2019-09-04 2019-12-11
2.1
None Local Low Not required Partial None None
An issue was discovered in the Linux kernel before 5.0.10. SMB2_write in fs/cifs/smb2pdu.c has a use-after-free.
2183 CVE-2019-15877 20 2020-04-28 2021-07-21
2.1
None Local Low Not required None Partial None
In FreeBSD 12.1-STABLE before r356606 and 12.1-RELEASE before 12.1-RELEASE-p3, driver specific ioctl command handlers in the ixl network driver failed to check whether the caller has sufficient privileges allowing unprivileged users to trigger updates to the device's non-volatile memory.
2184 CVE-2019-15876 269 2020-04-28 2021-07-21
2.1
None Local Low Not required None Partial None
In FreeBSD 12.1-STABLE before r356089, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r356090, and 11.3-RELEASE before 11.3-RELEASE-p7, driver specific ioctl command handlers in the oce network driver failed to check whether the caller has sufficient privileges allowing unprivileged users to send passthrough commands to the device firmware.
2185 CVE-2019-15875 665 2020-02-18 2020-03-04
2.1
None Local Low Not required Partial None None
In FreeBSD 12.1-STABLE before r354734, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r354735, and 11.3-RELEASE before 11.3-RELEASE-p6, due to incorrect initialization of a stack data structure, core dump files may contain up to 20 bytes of kernel data previously stored on the stack.
2186 CVE-2019-15796 347 2020-03-26 2020-10-19
2.6
None Remote High Not required None Partial None
Python-apt doesn't check if hashes are signed in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py or in `_fetch_archives()` of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn't be allowed and has been fixed in verisions 1.9.5, 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5.
2187 CVE-2019-15795 327 2020-03-26 2020-04-08
2.6
None Remote High Not required None Partial None
python-apt only checks the MD5 sums of downloaded files in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py in version 1.9.0ubuntu1 and earlier. This allows a man-in-the-middle attack which could potentially be used to install altered packages and has been fixed in versions 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5.
2188 CVE-2019-15790 269 Mem. Corr. +Info 2020-04-28 2020-05-14
2.1
None Local Low Not required Partial None None
Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through get_pid_info() in data/apport. An unprivileged user could exploit this to read information about a privileged running process by exploiting PID recycling. This information could then be used to obtain ASLR offsets for a process with an existing memory corruption vulnerability. The initial fix introduced regressions in the Python Apport library due to a missing argument in Report.add_proc_environ in apport/report.py. It also caused an autopkgtest failure when reading /proc/pid and with Python 2 compatibility by reading /proc maps. The initial and subsequent regression fixes are in 2.20.11-0ubuntu16, 2.20.11-0ubuntu8.6, 2.20.9-0ubuntu7.12, 2.20.1-0ubuntu2.22 and 2.14.1-0ubuntu3.29+esm3.
2189 CVE-2019-15744 610 2019-11-14 2019-11-19
2.1
None Local Low Not required None Partial None
The Sony Xperia Xperia XZs Android device with a build fingerprint of Sony/keyaki_softbank/keyaki_softbank:7.1.1/TONE3-3.0.0-SOFTBANK-170517-0323/1:user/dev-keys contains a pre-installed app with a package name of jp.softbank.mb.tdrl app (versionCode=1413005, versionName=1.3.0) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.
2190 CVE-2019-15743 610 2019-11-14 2019-11-19
2.1
None Local Low Not required Partial None None
The Sony Xperia Touch Android device with a build fingerprint of Sony/blanc_windy/blanc_windy:7.0/LOIRE-SMART-BLANC-1.0.0-170530-0834/1:user/dev-keys contains a pre-installed app with a package name of com.sonymobile.android.maintenancetool.testmic app (versionCode=24, versionName=7.0) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record audio to external storage.
2191 CVE-2019-15718 2019-09-04 2020-08-24
2.1
None Local Low Not required None Partial None
In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.
2192 CVE-2019-15716 276 2019-08-28 2020-08-24
2.1
None Local Low Not required Partial None None
WTF before 0.19.0 does not set the permissions of config.yml, which might make it easier for local attackers to read passwords or API keys if the permissions were misconfigured or were based on unsafe OS defaults.
2193 CVE-2019-15704 311 2019-11-21 2020-08-24
2.1
None Local Low Not required Partial None None
A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information logged in the console window when the user connects to an SSL VPN Gateway.
2194 CVE-2019-15703 331 2019-10-24 2021-07-21
2.6
None Remote High Not required Partial None None
An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA handshake and mutual ECDSA authentication via the help of flush+reload side channel attacks in FortiGate VM models only.
2195 CVE-2019-15625 200 +Info 2020-01-18 2021-07-21
2.1
None Local Low Not required Partial None None
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
2196 CVE-2019-15622 89 Sql 2020-02-04 2020-02-12
2.1
None Local Low Not required Partial None None
Not strictly enough sanitization in the Nextcloud Android app 3.6.0 allowed an attacker to get content information from protected tables when using custom queries.
2197 CVE-2019-15475 610 2019-11-14 2019-11-19
2.1
None Local Low Not required Partial None None
The Xiaomi Mi A3 Android device with a build fingerprint of xiaomi/onc_eea/onc:9/PKQ1.181021.001/V10.2.8.0.PFLEUXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record telephone calls to external storage.
2198 CVE-2019-15474 610 2019-11-14 2019-11-19
2.1
None Local Low Not required Partial None None
The Xiaomi Cepheus Android device with a build fingerprint of Xiaomi/cepheus/cepheus:9/PKQ1.181121.001/V10.2.6.0.PFAMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record telephone calls to external storage.
2199 CVE-2019-15473 610 2019-11-14 2019-11-19
2.1
None Local Low Not required Partial None None
The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/jasmine/jasmine_sprout:9/PKQ1.180904.001/V10.0.2.0.PDIMIFJ:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record telephone calls to external storage.
2200 CVE-2019-15472 610 2019-11-14 2019-11-20
2.1
None Local Low Not required Partial None None
The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/daisy/daisy_sprout:9/PKQ1.180917.001/V10.0.3.0.PDLMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record telephone calls to external storage.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.