CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2451 CVE-2019-9268 416 2019-09-27 2021-07-21
2.1
None Local Low Not required None None Partial
In libstagefright, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-77474014
2452 CVE-2019-9249 125 2019-09-27 2019-10-02
2.1
None Local Low Not required Partial None None
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120255805
2453 CVE-2019-9245 125 2019-09-06 2019-09-09
2.1
None Local Low Not required Partial None None
In the Android kernel in the f2fs driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
2454 CVE-2019-9243 125 2019-09-27 2019-10-03
2.1
None Local Low Not required Partial None None
In wpa_supplicant_8, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120905706
2455 CVE-2019-9221 20 2019-05-29 2019-05-29
2.1
None Local Low Not required Partial None None
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 3 of 5).
2456 CVE-2019-9158 294 2019-06-05 2020-08-24
2.7
None Local Network Low ??? Partial None None
Gemalto DS3 Authentication Server 2.6.1-SP01 has Broken Access Control.
2457 CVE-2019-9157 200 +Info 2019-06-05 2021-07-21
2.7
None Local Network Low ??? Partial None None
Gemalto DS3 Authentication Server 2.6.1-SP01 allows Local File Disclosure.
2458 CVE-2019-8934 19 2019-03-21 2021-07-21
2.1
None Local Low Not required Partial None None
hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest.
2459 CVE-2019-8857 862 2020-10-27 2021-07-21
2.1
None Local Low Not required Partial None None
The issue was addressed with improved validation when an iCloud Link is created. This issue is fixed in iOS 13.3 and iPadOS 13.3. Live Photo audio and video data may be shared via iCloud links even if Live Photo is disabled in the Share Sheet carousel.
2460 CVE-2019-8842 120 Overflow 2020-10-27 2021-03-15
2.6
None Remote High Not required None Partial None
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. In certain configurations, a remote attacker may be able to submit arbitrary print jobs.
2461 CVE-2019-8809 2020-10-27 2020-10-30
2.1
None Local Low Not required Partial None None
A validation issue was addressed with improved logic. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, watchOS 6, iOS 13. A local app may be able to read a persistent account identifier.
2462 CVE-2019-8804 287 2019-12-18 2019-12-26
2.9
None Local Network Medium Not required None Partial None
An inconsistency in Wi-Fi network configuration settings was addressed. This issue is fixed in iOS 13.2 and iPadOS 13.2. An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup.
2463 CVE-2019-8799 922 2020-10-27 2021-07-21
2.1
None Local Low Not required Partial None None
This issue was resolved by replacing device names with a random identifier. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15, watchOS 6, tvOS 13. An attacker in physical proximity may be able to passively observe device names in AWDL communications.
2464 CVE-2019-8798 119 Exec Code Overflow Mem. Corr. 2019-12-18 2021-07-21
2.1
None Local Low Not required Partial None None
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. An application may be able to execute arbitrary code with system privileges.
2465 CVE-2019-8793 20 2019-12-18 2021-07-21
2.1
None Local Low Not required Partial None None
A consistency issue existed in deciding when to show the screen recording indicator. The issue was resolved with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2. A local user may be able to record the screen without a visible screen recording indicator.
2466 CVE-2019-8790 922 2020-10-27 2020-11-03
2.1
None Local Low Not required Partial None None
This issue was addresses by updating incorrect URLSession file descriptors management logic to match Swift 5.0. This issue is fixed in Swift 5.1.1 for Ubuntu. Incorrect management of file descriptors in URLSession could lead to inadvertent data disclosure.
2467 CVE-2019-8777 276 2020-10-27 2020-10-30
2.1
None Local Low Not required Partial None None
A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. A local attacker may be able to view contacts from the lock screen.
2468 CVE-2019-8775 200 +Info 2019-12-18 2021-07-21
2.1
None Local Low Not required None None Partial
The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 13.1 and iPadOS 13.1. A person with physical access to an iOS device may be able to access contacts from the lock screen.
2469 CVE-2019-8742 200 +Info 2019-12-18 2021-07-21
2.1
None Local Low Not required Partial None None
The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 13. A person with physical access to an iOS device may be able to access contacts from the lock screen.
2470 CVE-2019-8732 200 +Info 2020-10-27 2021-07-21
2.1
None Local Low Not required Partial None None
The issue was addressed with improved data deletion. This issue is fixed in iOS 13. Deleted calls remained visible on the device.
2471 CVE-2019-8730 200 +Info 2019-12-18 2021-07-21
2.1
None Local Low Not required Partial None None
The contents of locked notes sometimes appeared in search results. This issue was addressed with improved data cleanup. This issue is fixed in macOS Catalina 10.15. A local user may be able to view a user’s locked notes.
2472 CVE-2019-8708 2020-10-27 2020-10-30
2.1
None Local Low Not required Partial None None
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15, iOS 13. A local user may be able to check for the existence of arbitrary files.
2473 CVE-2019-8704 287 +Info 2019-12-18 2019-12-20
2.1
None Local Low Not required Partial None None
An authentication issue was addressed with improved state management. This issue is fixed in tvOS 13. A local user may be able to leak sensitive user information.
2474 CVE-2019-8692 125 2019-12-18 2019-12-19
2.1
None Local Low Not required Partial None None
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.6. An application may be able to read restricted memory.
2475 CVE-2019-8691 125 2019-12-18 2020-08-24
2.1
None Local Low Not required Partial None None
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.6. An application may be able to read restricted memory.
2476 CVE-2019-8682 306 2019-12-18 2019-12-20
2.1
None Local Low Not required None Partial None
The issue was addressed with improved UI handling. This issue is fixed in iOS 12.4, watchOS 5.3. A user may inadvertently complete an in-app purchase while on the lock screen.
2477 CVE-2019-8630 2019-12-18 2019-12-26
2.1
None Local Low Not required None Partial None
The issue was addressed with improved UI handling. This issue is fixed in iOS 12.3. The lock screen may show a locked icon after unlocking.
2478 CVE-2019-8599 200 +Info 2019-12-18 2021-07-21
2.1
None Local Low Not required Partial None None
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 12.3. A person with physical access to an iOS device may be able to see the email address used for iTunes.
2479 CVE-2019-8568 59 2019-12-18 2019-12-20
2.1
None Local Low Not required None Partial None
A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A local user may be able to modify protected parts of the file system.
2480 CVE-2019-8548 200 +Info 2019-12-18 2021-07-21
2.1
None Local Low Not required Partial None None
An issue existed where partially entered passcodes may not clear when the device went to sleep. This issue was addressed by clearing the passcode when a locked device sleeps. This issue is fixed in watchOS 5.2. A partially entered passcode may not clear when the device goes to sleep.
2481 CVE-2019-8546 200 +Info 2019-12-18 2021-07-21
2.1
None Local Low Not required Partial None None
An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A local user may be able to view sensitive user information.
2482 CVE-2019-8541 2019-12-18 2019-12-30
2.1
None Local Low Not required Partial None None
A privacy issue existed in motion sensor calibration. This issue was addressed with improved motion sensor processing. This issue is fixed in iOS 12.2, watchOS 5.2. A malicious app may be able to track users between installs.
2483 CVE-2019-8537 200 +Info 2019-12-18 2021-07-21
2.1
None Local Low Not required Partial None None
An access issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. A local user may be able to view a user’s locked notes.
2484 CVE-2019-8522 522 2019-12-18 2021-07-21
2.1
None Local Low Not required None Partial None
A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4. An encrypted volume may be unmounted and remounted by a different user without prompting for the password.
2485 CVE-2019-8520 125 2019-12-18 2019-12-20
2.1
None Local Low Not required Partial None None
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Mojave 10.14.4. A malicious application may be able to read restricted memory.
2486 CVE-2019-8519 125 2019-12-18 2019-12-26
2.1
None Local Low Not required Partial None None
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Mojave 10.14.4. An application may be able to read restricted memory.
2487 CVE-2019-8510 125 2019-12-18 2019-12-22
2.1
None Local Low Not required Partial None None
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout.
2488 CVE-2019-8507 20 Mem. Corr. 2019-12-18 2019-12-20
2.1
None Local Low Not required None None Partial
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.4. Processing malicious data may lead to unexpected application termination.
2489 CVE-2019-8504 665 2019-12-18 2020-08-24
2.1
None Local Low Not required Partial None None
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A local user may be able to read kernel memory.
2490 CVE-2019-8453 426 DoS 2019-04-17 2019-04-23
2.1
None Local Low Not required None None Partial
Some of the DLLs loaded by Check Point ZoneAlarm up to 15.4.062 are taken from directories where all users have write permissions. This can allow a local attacker to replace a DLL file with a malicious one and cause Denial of Service to the client.
2491 CVE-2019-8350 522 +Info 2019-05-13 2020-08-24
2.1
None Local Low Not required Partial None None
The Simple - Better Banking application 2.45.0 through 2.45.3 (fixed in 2.46.0) for Android was affected by an information disclosure vulnerability that leaked the user's password to the keyboard autocomplete functionality. Third-party Android keyboards that capture the password may store this password in cleartext, or transmit the password to third-party services for keyboard customization purposes. A compromise of any datastore that contains keyboard autocompletion caches would result in the disclosure of the user's Simple Bank password.
2492 CVE-2019-8339 416 Bypass 2019-05-17 2019-05-28
2.1
None Local Low Not required None None Partial
An issue was discovered in Falco through 0.14.0. A missing indicator for insufficient resources allows local users to bypass the detection engine.
2493 CVE-2019-8282 346 2019-06-07 2020-10-22
2.6
None Remote High Not required None Partial None
Gemalto Admin Control Center, all versions prior to 7.92, uses cleartext HTTP to communicate with www3.safenet-inc.com to obtain language packs. This allows attacker to do man-in-the-middle (MITM) attack and replace original language pack by malicious one.
2494 CVE-2019-7729 732 2019-02-22 2020-08-24
2.1
None Local Low Not required Partial None None
An issue was discovered in the Bosch Smart Camera App before 1.3.1 for Android. Due to setting of insecure permissions, a malicious app could potentially succeed in retrieving video clips or still images that have been cached for clip sharing. (The Bosch Smart Home App is not affected. iOS Apps are not affected.)
2495 CVE-2019-7317 416 2019-02-04 2021-10-20
2.6
None Remote High Not required None None Partial
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
2496 CVE-2019-7309 2019-02-03 2020-08-24
2.1
None Local Low Not required None None Partial
In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.
2497 CVE-2019-7293 787 Mem. Corr. 2019-12-18 2020-08-24
2.1
None Local Low Not required Partial None None
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A local user may be able to read kernel memory.
2498 CVE-2019-7289 22 Dir. Trav. 2019-12-18 2020-08-24
2.1
None Local Low Not required Partial None None
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Shortcuts 2.1.3 for iOS. A local user may be able to view senstive user information.
2499 CVE-2019-7231 119 Overflow 2019-06-24 2019-10-09
2.7
None Local Network Low ??? None None Partial
The ABB IDAL FTP server is vulnerable to a buffer overflow when a long string is sent by an authenticated attacker. This overflow is handled, but terminates the process. An authenticated attacker can send a FTP command string of 472 bytes or more to overflow a buffer, causing an exception that terminates the server.
2500 CVE-2019-7222 +Info 2019-03-21 2020-08-24
2.1
None Local Low Not required Partial None None
The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.