CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2351 CVE-2019-11686 522 2020-03-10 2020-03-13
2.1
None Local Low Not required Partial None None
Western Digital SanDisk X300, X300s, X400, and X600 devices: A vulnerability in the wear-leveling algorithm of the drive may cause cryptographically sensitive parameters (such as data encryption keys) to remain on the drive media after their intended erasure.
2352 CVE-2019-11551 269 2019-08-21 2020-08-24
2.1
None Local Low Not required None Partial None
In Code42 Enterprise and Crashplan for Small Business through Client version 6.9.1, an attacker can craft a restore request to restore a file through the Code42 app to a location they do not have privileges to write.
2353 CVE-2019-11485 2020-02-08 2020-07-30
2.1
None Local Low Not required None None Partial
Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling.
2354 CVE-2019-11483 2020-02-08 2020-08-24
2.1
None Local Low Not required Partial None None
Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user.
2355 CVE-2019-11341 327 2019-10-09 2019-11-05
2.1
None Local Low Not required Partial None None
On certain Samsung P(9.0) phones, an attacker with physical access can start a TCP Dump capture without the user's knowledge. This feature of the Service Mode application is available after entering the *#9900# check code, but is protected by an OTP password. However, this password is created locally and (due to mishandling of cryptography) can be obtained easily by reversing the password creation logic.
2356 CVE-2019-11271 522 2019-06-19 2020-10-16
2.1
None Local Low Not required Partial None None
Cloud Foundry BOSH 270.x versions prior to v270.1.1, contain a BOSH Director that does not properly redact credentials when configured to use a MySQL database. A local authenticated malicious user may read any credentials that are contained in a BOSH manifest.
2357 CVE-2019-11184 362 2019-09-16 2019-09-18
2.9
None Local Network Medium Not required Partial None None
A race condition in specific microprocessors using Intel (R) DDIO cache allocation and RDMA may allow an authenticated user to potentially enable partial information disclosure via adjacent access.
2358 CVE-2019-11165 754 DoS 2019-12-16 2019-12-27
2.1
None Local Low Not required None None Partial
Improper conditions check in the Linux kernel driver for the Intel(R) FPGA SDK for OpenCL(TM) Pro Edition before version 19.4 may allow an authenticated user to potentially enable denial of service via local access.
2359 CVE-2019-11139 754 DoS 2019-11-14 2019-11-21
2.1
None Local Low Not required None None Partial
Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.
2360 CVE-2019-11135 2019-11-14 2021-01-20
2.1
None Local Low Not required Partial None None
TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
2361 CVE-2019-11114 20 DoS 2019-05-17 2019-05-21
2.1
None Local Low Not required None None Partial
Insufficient input validation in Intel(R) Driver & Support Assistant version 19.3.12.3 and before may allow a privileged user to potentially enable denial of service via local access.
2362 CVE-2019-11113 119 Overflow 2019-11-14 2020-03-20
2.1
None Local Low Not required Partial None None
Buffer overflow in Kernel Mode module for Intel(R) Graphics Driver before version 25.20.100.6618 (DCH) or 21.20.x.5077 (aka15.45.5077) may allow a privileged user to potentially enable information disclosure via local access.
2363 CVE-2019-11102 20 2019-12-18 2020-01-02
2.1
None Local Low Not required Partial None None
Insufficient input validation in Intel(R) DAL software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access.
2364 CVE-2019-11101 20 2019-12-18 2020-01-02
2.1
None Local Low Not required Partial None None
Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access.
2365 CVE-2019-11100 20 2019-12-18 2020-01-02
2.1
None Local Low Not required Partial None None
Insufficient input validation in the subsystem for Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable information disclosure via physical access.
2366 CVE-2019-11096 2019-12-16 2020-08-24
2.1
None Local Low Not required Partial None None
Insufficient memory protection for Intel(R) Ethernet I218 Adapter driver for Windows* 10 before version 24.1 may allow an authenticated user to potentially enable information disclosure via local access.
2367 CVE-2019-11095 2019-05-17 2020-08-24
2.1
None Local Low Not required Partial None None
Insufficient access control in Intel(R) Driver & Support Assistant version 19.3.12.3 and before may allow a privileged user to potentially enable information disclosure via local access.
2368 CVE-2019-11089 20 DoS 2019-11-14 2020-03-20
2.1
None Local Low Not required None None Partial
Insufficient input validation in Kernel Mode module for Intel(R) Graphics Driver before version 25.20.100.6519 may allow an authenticated user to potentially enable denial of service via local access.
2369 CVE-2019-11015 287 Bypass 2019-04-18 2020-08-24
2.1
None Local Low Not required Partial None None
A vulnerability was found in the MIUI OS version 10.1.3.0 that allows a physically proximate attacker to bypass Lockscreen based authentication via the Wallpaper Carousel application to obtain sensitive Clipboard data and the user's stored credentials (partially). This occurs because of paste access to a social media login page.
2370 CVE-2019-10981 522 2019-05-31 2020-10-02
2.1
None Local Low Not required Partial None None
In Vijeo Citect 7.30 and 7.40, and CitectSCADA 7.30 and 7.40, a vulnerability has been identified that may allow an authenticated local user access to Citect user credentials.
2371 CVE-2019-10968 2019-07-24 2020-10-01
2.1
None Local Low Not required None Partial None
Philips Holter 2010 Plus, all versions. A vulnerability has been identified that may allow system options that were not purchased to be enabled.
2372 CVE-2019-10926 319 2019-06-12 2021-03-15
2.6
None Remote High Not required Partial None None
A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). Communication with the device is not encrypted. Data transmitted between the device and the user can be obtained by an attacker in a privileged network position. The security vulnerability can be exploited by an attacker in a privileged network position which allows eavesdropping the communication between the affected device and the user. The user must invoke a session. Successful exploitation of the vulnerability compromises confidentiality of the data transmitted.
2373 CVE-2019-10917 755 2019-05-14 2021-11-02
2.1
None Local Low Not required None None Partial
A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An attacker with local access to the project file could cause a Denial-of-Service condition on the affected product while the project file is loaded. Successful exploitation requires access to the project file. An attacker could use the vulnerability to compromise availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known.
2374 CVE-2019-10637 Bypass 2019-06-05 2020-08-24
2.1
None Local Low Not required None Partial None
Marvell SSD Controller (88SS1074, 88SS1079, 88SS1080, 88SS1093, 88SS1092, 88SS1095, 88SS9174, 88SS9175, 88SS9187, 88SS9188, 88SS9189, 88SS9190, 88SS1085, 88SS1087, 88SS1090, 88SS1100, 88SS1084, 88SS1088, & 88SS1098) devices are vulnerable in manipulating a combination of IO pins to bypass the secure boot protection mechanism.
2375 CVE-2019-10626 200 +Info 2020-06-22 2021-07-21
2.1
None Local Low Not required Partial None None
Payload size is not validated before reading memory that may cause issue of accessing invalid pointer or some garbage data in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Rennell, Saipan, SC8180X, SDA660, SDA845, SDM429W, SDM439, SDM670, SDM710, SDX20, SDX24, SDX55, SM8150, SM8250, SXR1130, SXR2130
2376 CVE-2019-10618 119 Overflow 2019-12-12 2020-08-24
2.1
None Local Low Not required Partial None None
Driver may access an invalid address while processing IO control due to lack of check of address validation in Snapdragon Connectivity in QCA6390
2377 CVE-2019-10608 2020-04-16 2020-08-24
2.1
None Local Low Not required Partial None None
Information disclosure issue occurs as there is no binding between the secure keypad session and the secure display session that allows user to take control of the REE to stop the secure keypad session and read the keypad input. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, MSM8905, MSM8909
2378 CVE-2019-10545 476 2019-12-12 2019-12-13
2.1
None Local Low Not required None None Partial
Null pointer dereference issue in kernel due to missing check related to LLC support in GPU in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS605, SDM670, SDM710, SM6150, SM7150, SM8150
2379 CVE-2019-10535 119 Overflow 2019-11-21 2021-07-21
2.1
None Local Low Not required None None Partial
Improper validation for loop variable received from firmware can lead to out of bound access in WLAN function while iterating through loop in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8053, APQ8096AU, APQ8098, MDM9640, MSM8996AU, MSM8998, QCA6574AU, QCN7605, QCS405, QCS605, SDA845, SDM845, SDX20
2380 CVE-2019-10523 200 +Info 2020-04-16 2020-04-27
2.1
None Local Low Not required Partial None None
Target specific data is being sent to remote server and leads to information exposure in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, QCA6574AU, QCS605, Rennell, SDA660, SDM429W, SDM439, SDM450, SDM710, SDM845, SM7150, SM8150, SM8250, SXR2130
2381 CVE-2019-10490 416 2019-11-21 2019-11-26
2.1
None Local Low Not required None None Partial
Use after free issue in Xtra daemon shutdown due to static object instance getting freed from a multiple places in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS605, SDA660, SDA845, SDM450, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150, SM8250, SXR2130
2382 CVE-2019-10484 416 2019-12-12 2019-12-12
2.1
None Local Low Not required None None Partial
Use after free issue occurs when command destructors access dynamically allocated response buffer which is already deallocated during previous command teardwon sequence in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8098, MSM8909W, Nicobar, QCS405, QCS605, SDA845, SDM660, SDM670, SDM710, SDM845, SDX24, SM6150, SM7150, SM8150, SM8250, SXR2130
2383 CVE-2019-10483 200 +Info 2020-04-16 2021-07-21
2.1
None Local Low Not required Partial None None
Side channel issue in QTEE due to usage of non-time-constant comparison function such as memcmp or strcmp in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8016, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, IPQ8074, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA8081, QCS404, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX55, SM6150, SM7150, SM8150, SXR1130, SXR2130
2384 CVE-2019-10476 522 2019-10-23 2019-10-24
2.1
None Local Low Not required Partial None None
Jenkins Zulip Plugin 1.1.0 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.
2385 CVE-2019-10461 522 2019-10-23 2019-10-24
2.1
None Local Low Not required Partial None None
Jenkins Dynatrace Application Monitoring Plugin 2.1.3 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.
2386 CVE-2019-10460 522 2019-10-23 2019-10-24
2.1
None Local Low Not required Partial None None
Jenkins Bitbucket OAuth Plugin 0.9 and earlier stored credentials unencrypted in the global config.xml configuration file on the Jenkins master where they could be viewed by users with access to the master file system.
2387 CVE-2019-10453 312 2019-10-16 2019-10-18
2.1
None Local Low Not required Partial None None
Jenkins Delphix Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
2388 CVE-2019-10450 312 2019-10-16 2019-10-18
2.1
None Local Low Not required Partial None None
Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
2389 CVE-2019-10433 256 2019-10-01 2021-08-19
2.1
None Local Low Not required Partial None None
Jenkins Dingding[??] Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
2390 CVE-2019-10430 312 2019-09-25 2019-09-25
2.1
None Local Low Not required Partial None None
Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.
2391 CVE-2019-10429 312 2019-09-25 2019-09-25
2.1
None Local Low Not required Partial None None
Jenkins GitLab Logo Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
2392 CVE-2019-10426 312 2019-09-25 2019-10-09
2.1
None Local Low Not required Partial None None
Jenkins Gem Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
2393 CVE-2019-10424 312 2019-09-25 2019-10-09
2.1
None Local Low Not required Partial None None
Jenkins elOyente Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
2394 CVE-2019-10423 312 2019-09-25 2019-10-09
2.1
None Local Low Not required Partial None None
Jenkins CodeScan Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
2395 CVE-2019-10420 312 2019-09-25 2019-10-09
2.1
None Local Low Not required Partial None None
Jenkins Assembla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
2396 CVE-2019-10419 312 2019-09-25 2019-10-09
2.1
None Local Low Not required Partial None None
Jenkins vFabric Application Director Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
2397 CVE-2019-10398 522 2019-09-12 2019-10-09
2.1
None Local Low Not required Partial None None
Jenkins Beaker Builder Plugin 1.9 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.
2398 CVE-2019-10397 319 2019-09-12 2021-10-28
2.6
None Remote High Not required Partial None None
Jenkins Aqua Security Serverless Scanner Plugin 1.0.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure.
2399 CVE-2019-10378 522 2019-08-07 2020-10-01
2.1
None Local Low Not required Partial None None
Jenkins TestLink Plugin 3.16 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
2400 CVE-2019-10367 532 2019-08-07 2019-10-09
2.1
None Local Low Not required Partial None None
Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as Code Plugin 1.26 and earlier did not properly apply masking to some values expected to be hidden when logging the configuration being applied.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.