CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2551 CVE-2019-5220 863 Bypass 2019-07-10 2020-08-24
2.1
None Local Low Not required None Partial None
There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker could do a certain operation on certain step of setup wizard. Successful exploit could allow the attacker bypass the FRP protection. Affected products: Mate 20 X, versions earlier than Ever-AL00B 9.0.0.200(C00E200R2P1); Mate 20, versions earlier than Hima-AL00B/Hima-TL00B 9.0.0.200(C00E200R2P1); Honor Magic 2, versions earlier than Tony-AL00B/Tony-TL00B 9.0.0.182(C00E180R2P2).
2552 CVE-2019-5217 307 2019-06-04 2020-08-24
2.1
None Local Low Not required Partial None None
There is an information disclosure vulnerability on Mate 9 Pro Huawei smartphones versions earlier than LON-AL00B9.0.1.150 (C00E61R1P8T8). An attacker could view the photos after a series of operations without unlocking the screen lock. Successful exploit could cause an information disclosure condition.
2553 CVE-2019-5182 787 Overflow 2020-03-11 2020-03-17
2.1
None Local Low Not required None None Partial
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file.The destination buffer sp+0x440 is overflowed with the call to sprintf() for any type values that are greater than 1024-len(‘/etc/config-tools/config_interfaces interface=X1 state=enabled config-type=‘) in length. A type value of length 0x3d9 will cause the service to crash.
2554 CVE-2019-5177 787 Overflow 2020-03-12 2020-03-12
2.1
None Local Low Not required None None Partial
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). The destination buffer sp+0x440 is overflowed with the call to sprintf() for any domainname values that are greater than 1024-len(‘/etc/config-tools/edit_dns_server domain-name=‘) in length. A domainname value of length 0x3fa will cause the service to crash.
2555 CVE-2019-5176 787 Overflow 2020-03-12 2020-03-17
2.1
None Local Low Not required None None Partial
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file.The destination buffer sp+0x40 is overflowed with the call to sprintf() for any gateway values that are greater than 512-len(‘/etc/config-tools/config_default_gateway number=0 state=enabled value=‘) in length. A gateway value of length 0x7e2 will cause the service to crash.
2556 CVE-2019-5106 327 2020-03-11 2021-07-21
2.1
None Local Low Not required Partial None None
A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can trivially recover the password of any user attempting to log in, in plain text.
2557 CVE-2019-4735 200 +Info 2020-04-23 2021-07-21
2.1
None Local Low Not required Partial None None
IBM MaaS360 3.96.62 for iOS could allow an attacker with physical access to the device to obtain sensitive information from the agent outside of the container. IBM X-Force ID: 172705.
2558 CVE-2019-4731 200 +Info 2020-07-28 2020-07-28
2.1
None Local Low Not required Partial None None
IBM MQ Appliance 9.1.4.CD could allow a local attacker to obtain highly sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 172616.
2559 CVE-2019-4719 +Info 2020-03-16 2020-08-24
2.1
None Local Low Not required Partial None None
IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data.
2560 CVE-2019-4703 +Info 2020-02-24 2020-08-24
2.9
None Local Network Medium Not required Partial None None
IBM Spectrum Protect Plus 10.1.0 and 10.5.0, when protecting Microsoft SQL or Microsoft Exchange, could allow an attacker with intimate knowledge of the system to obtain highly sensitive information.
2561 CVE-2019-4695 922 2020-08-26 2020-08-28
2.1
None Local Low Not required Partial None None
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 171926.
2562 CVE-2019-4693 522 2020-08-26 2020-08-27
2.1
None Local Low Not required Partial None None
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 171831.
2563 CVE-2019-4676 312 2020-07-01 2020-07-02
2.1
None Local Low Not required Partial None None
IBM Security Identity Manager Virtual Appliance 7.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 171512.
2564 CVE-2019-4668 522 2020-04-23 2020-04-27
2.1
None Local Low Not required Partial None None
IBM UrbanCode Deploy (UCD) 7.0.4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 171250.
2565 CVE-2019-4666 +Info 2020-02-13 2020-08-24
2.1
None Local Low Not required Partial None None
IBM UrbanCode Deploy (UCD) 7.0.3 and IBM UrbanCode Build 6.1.5 could allow a local user to obtain sensitive information by unmasking certain secure values in documents. IBM X-Force ID: 171248.
2566 CVE-2019-4619 209 +Info 2020-03-16 2020-08-24
2.1
None Local Low Not required Partial None None
IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 168862.
2567 CVE-2019-4616 311 2020-02-05 2020-08-24
2.9
None Local Network Medium Not required Partial None None
IBM Cloud Automation Manager 3.2.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 168644.
2568 CVE-2019-4572 532 2019-10-14 2019-10-16
2.1
None Local Low Not required Partial None None
IBM FileNet Content Manager 5.5.2 and 5.5.3 in specific configurations, could log the web service user credentials into a log file that could be accessed by an administrator on the local machine. IBM X-Force ID: 166798.
2569 CVE-2019-4566 312 2019-09-24 2019-10-09
2.1
None Local Low Not required Partial None None
IBM Security Key Lifecycle Manager 3.0 and 3.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 166627.
2570 CVE-2019-4508 522 2020-01-10 2020-01-13
2.1
None Local Low Not required Partial None None
IBM QRadar SIEM 7.3.0 through 7.3.3 uses weak credential storage in some instances which could be decrypted by a local attacker. IBM X-Force ID: 164429.
2571 CVE-2019-4465 269 2019-12-03 2020-08-24
2.1
None Local Low Not required Partial None None
IBM Cloud Pak System 2.3 and 2.3.0.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 163774.
2572 CVE-2019-4444 200 +Info 2019-12-16 2020-08-24
2.1
None Local Low Not required Partial None None
IBM API Connect 2018.1 through 2018.4.1.7 Developer Portal's user registration page does not disable password autocomplete. An attacker with access to the browser instance and local system credentials can steal the credentials used for registration. IBM X-Force ID: 163453.
2573 CVE-2019-4420 209 2019-08-20 2020-08-24
2.1
None Local Low Not required Partial None None
IBM Intelligent Operations Center V5.1.0 through V5.2.0 could disclose detailed error messages, revealing sensitive information that could aid in further attacks against the system. IBM X-Force ID: 162738.
2574 CVE-2019-4406 20 DoS 2019-11-25 2021-07-21
2.1
None Local Low Not required None None Partial
IBM Spectrum Protect Backup-Archive Client 7.1 and 8.1 may be vulnerable to a denial of service attack due to a timing issue between client and server TCP/IP communications. IBM X-Force ID: 162477.
2575 CVE-2019-4398 311 +Info 2019-10-24 2021-07-21
2.1
None Local Low Not required Partial None None
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 could allow a local user to obtain sensitive information from SessionManagement cookies. IBM X-Force ID: 162259.
2576 CVE-2019-4395 +Info 2019-10-25 2020-08-24
2.1
None Local Low Not required Partial None None
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a local user to obtain sensitive information from temporary script files. IBM X-Force ID: 162333.
2577 CVE-2019-4394 20 2019-10-25 2021-07-21
2.1
None Local Low Not required None Partial None
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 contain APIs that could be used by a local user to send email. IBM X-Force ID: 162232.
2578 CVE-2019-4385 522 2019-06-19 2020-08-24
2.1
None Local Low Not required Partial None None
IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password in the IBM Spectrum Protect Plus Joblog. This can result in an attacker gaining access to sensitive information as well as vSnap. IBM X-Force ID: 162173.
2579 CVE-2019-4381 255 +Info 2019-06-14 2019-06-18
2.1
None Local Low Not required Partial None None
IBM i 7.27.3 Clustering could allow a local attacker to obtain sensitive information, caused by the use of advanced node failure detection using the REST API to interface with the HMC. An attacker could exploit this vulnerability to obtain HMC credentials. IBM X-Force ID: 162159.
2580 CVE-2019-4335 522 2019-12-30 2020-08-24
2.1
None Local Low Not required Partial None None
IBM Watson Studio Local 1.2.3 stores key files in the user's home directory which could be obtained by another local user. IBM X-Force ID: 161413.
2581 CVE-2019-4309 798 +Info 2019-10-29 2019-10-29
2.1
None Local Low Not required Partial None None
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses hard coded credentials which could allow a local user to obtain highly sensitive information. IBM X-Force ID: 161035.
2582 CVE-2019-4307 522 2019-10-29 2019-10-29
2.1
None Local Low Not required Partial None None
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 160987.
2583 CVE-2019-4296 532 +Info 2019-07-01 2020-08-24
2.1
None Local Low Not required Partial None None
IBM Robotic Process Automation with Automation Anywhere 11 information disclosure could allow a local user to obtain e-mail contents from the client debug log file. IBM X-Force ID: 160759.
2584 CVE-2019-4288 200 +Info 2020-04-29 2021-07-21
2.1
None Local Low Not required Partial None None
IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 could disclose highly senstiive user information to an authenticated user with physical access to the device. IBM X-Force ID: 160631.
2585 CVE-2019-4286 200 +Info 2020-04-29 2021-07-21
2.1
None Local Low Not required Partial None None
IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 could disclose highly senstiive user information to an authenticated user with physical access to the device. IBM X-Force ID: 160514.
2586 CVE-2019-4284 532 2019-08-05 2019-10-09
2.1
None Local Low Not required Partial None None
IBM Cloud Private 2.1.0 , 3.1.0, 3.1.1, and 3.1.2 could allow a local privileged user to obtain sensitive OIDC token that is printed to log files, which could be used to log in to the system as another user. IBM X-Force ID: 160512.
2587 CVE-2019-4275 DoS 2019-08-02 2020-08-24
2.1
None Local Low Not required None None Partial
IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow an unauthorized local user to create unique catalog names that could cause a denial of service. IBM X-Force ID: 160296.
2588 CVE-2019-4266 269 2020-05-06 2020-05-08
2.1
None Local Low Not required Partial None None
IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 does not have device jailbreak detection which could result in an attacker gaining sensitive information about the device. IBM X-Force ID: 160199.
2589 CVE-2019-4265 922 2019-10-10 2020-04-30
2.1
None Local Low Not required Partial None None
IBM Maximo Anywhere 7.6.0, 7.6.1, 7.6.2, and 7.6.3 does not have device root detection which could result in an attacker gaining sensitive information about the device. IBM X-Force ID: 160198.
2590 CVE-2019-4259 2019-05-13 2020-08-24
2.1
None Local Low Not required Partial None None
A security vulnerability has been identified in IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 with CES stack enabled that could allow sensitive data to be included with service snaps. IBM X-Force ID: 160011.
2591 CVE-2019-4239 522 2019-06-14 2020-08-24
2.1
None Local Low Not required Partial None None
IBM MQ Advanced Cloud Pak (IBM Cloud Private 1.0.0 through 3.0.1) stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 159465.
2592 CVE-2019-4236 19 2019-07-22 2019-10-09
2.1
None Local Low Not required Partial None None
A IBM Spectrum Protect 7.l client backup or archive operation running for an HP-UX VxFS object is silently skipping Access Control List (ACL) entries from backup or archive if there are more than twelve ACL entries associated with the object in total. As a result, it could allow a local attacker to restore or retrieve the object with incorrect ACL entries. IBM X-Force ID: 159418.
2593 CVE-2019-4225 532 2019-06-26 2019-10-09
2.1
None Local Low Not required Partial None None
IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 159242.
2594 CVE-2019-4220 798 2019-06-06 2019-10-09
2.1
None Local Low Not required Partial None None
IBM InfoSphere Information Server 11.7.1.0 stores a common hard coded encryption key that could be used to decrypt sensitive information. IBM X-Force ID: 159229.
2595 CVE-2019-4218 269 2019-06-06 2020-08-24
2.1
None Local Low Not required Partial None None
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 159227.
2596 CVE-2019-4207 2019-05-07 2020-08-24
2.1
None Local Low Not required Partial None None
IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 may disclose sensitive information only available to a local user that could be used in further attacks against the system. IBM X-Force ID: 159148.
2597 CVE-2019-4177 269 2019-06-17 2020-08-24
2.1
None Local Low Not required Partial None None
IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158882.
2598 CVE-2019-4174 269 2019-06-17 2020-08-24
2.1
None Local Low Not required Partial None None
IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158879.
2599 CVE-2019-4161 2019-06-06 2020-08-24
2.1
None Local Low Not required Partial None None
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 158660.
2600 CVE-2019-4143 532 2019-04-08 2019-04-10
2.1
None Local Low Not required Partial None None
The IBM Cloud Private Key Management Service (IBM Cloud Private 3.1.1 and 3.1.2) could allow a local user to obtain sensitive from the KMS plugin container log. IBM X-Force ID: 158348.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.