| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
251 |
CVE-2019-16295 |
79 |
|
XSS |
2019-10-31 |
2019-11-05 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
Stored XSS in filemanager2.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.885 exists via the cmd_arg parameter. This can be exploited by a local attacker who supplies a crafted filename within a directory visited by the victim. |
|
252 |
CVE-2019-15809 |
203 |
|
|
2019-10-03 |
2021-04-13 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
Smart cards from the Athena SCS manufacturer, based on the Atmel Toolbox 00.03.11.05 and the AT90SC chip, contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because the Atmel Toolbox 00.03.11.05 contains two versions of ECDSA signature functions, described as fast and secure, but the affected cards chose to use the fast version, which leaks the bit length of the random nonce via timing. This affects Athena IDProtect 010b.0352.0005, Athena IDProtect 010e.1245.0002, Athena IDProtect 0106.0130.0401, Athena IDProtect 010e.1245.0002, Valid S/A IDflex V 010b.0352.0005, SafeNet eToken 4300 010e.1245.0002, TecSec Armored Card 010e.0264.0001, and TecSec Armored Card 108.0264.0001. |
|
253 |
CVE-2019-14761 |
74 |
|
|
2020-09-14 |
2021-07-21 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in KaiOS 2.5. The pre-installed Note application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Note application. At a bare minimum, this allows an attacker to take control over the Note application's UI (e.g., display a malicious prompt to the user asking them to re-enter credentials such as their KaiOS credentials to continue using the application) and also allows an attacker to abuse any of the privileges available to the mobile application. |
|
254 |
CVE-2019-14760 |
74 |
|
|
2020-09-14 |
2021-07-21 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in KaiOS 2.5. The pre-installed Recorder application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Recorder application. At a bare minimum, this allows an attacker to take control over the Recorder application's UI (e.g., display a malicious prompt to the user asking them to re-enter credentials such as their KaiOS credentials to continue using the application) and also allows an attacker to abuse any of the privileges available to the mobile application. |
|
255 |
CVE-2019-14759 |
74 |
|
|
2020-09-14 |
2021-07-21 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in KaiOS 1.0, 2.5, and 2.5.1. The pre-installed Radio application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Radio application. At a bare minimum, this allows an attacker to take control over the Radio application's UI (e.g., display a malicious prompt to the user asking them to re-enter credentials such as their KaiOS credentials to continue using the application) and also allows an attacker to abuse any of the privileges available to the mobile application. |
|
256 |
CVE-2019-14615 |
200 |
|
+Info |
2020-01-17 |
2021-07-21 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access. |
|
257 |
CVE-2019-14360 |
200 |
|
+Info |
2019-11-02 |
2021-07-21 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
On Hyundai Pay Kasse HK-1000 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. |
|
258 |
CVE-2019-14358 |
200 |
|
+Info |
2019-11-02 |
2021-07-21 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
On Archos Safe-T devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. |
|
259 |
CVE-2019-14357 |
200 |
|
+Info |
2019-08-10 |
2021-07-21 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
** DISPUTED ** On Mooltipass Mini devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. NOTE: the vendor's position is that an attack is not "realistically implementable." |
|
260 |
CVE-2019-14355 |
200 |
|
+Info |
2019-08-10 |
2021-07-21 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
** DISPUTED ** On ShapeShift KeepKey devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover secret data shown on the display. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. NOTE: the vendor's position is that there is "insignificant risk." |
|
261 |
CVE-2019-14354 |
200 |
|
+Info |
2019-08-10 |
2021-07-21 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
On Ledger Nano S and Nano X devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. |
|
262 |
CVE-2019-14353 |
200 |
|
+Info |
2019-08-08 |
2021-07-21 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
On Trezor One devices before 1.8.2, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. NOTE: this CVE applies exclusively to the Trezor One, and does not refer to any issues with OLED displays on other devices. |
|
263 |
CVE-2019-13628 |
203 |
|
+Info |
2019-10-03 |
2019-10-10 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
wolfSSL and wolfCrypt 4.0.0 and earlier (when configured without --enable-fpecc, --enable-sp, or --enable-sp-math) contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to precisely measure the duration of signature operations, to infer information about the nonces used and potentially mount a lattice attack to recover the private key used. The issue occurs because ecc.c scalar multiplication might leak the bit length. |
|
264 |
CVE-2019-12762 |
|
|
|
2019-06-06 |
2021-03-27 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch. |
|
265 |
CVE-2019-12400 |
20 |
|
|
2019-08-23 |
2022-04-13 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this implementation might be cached and re-used by Apache Santuario - XML Security for Java, leading to potential security flaws when validating signed documents, etc. The vulnerability affects Apache Santuario - XML Security for Java 2.0.x releases from 2.0.3 and all 2.1.x releases before 2.1.4. |
|
266 |
CVE-2019-11482 |
367 |
|
|
2020-02-08 |
2020-02-12 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories. |
|
267 |
CVE-2019-11288 |
|
|
|
2020-01-27 |
2021-11-02 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
In Pivotal tc Server, 3.x versions prior to 3.2.19 and 4.x versions prior to 4.0.10, and Pivotal tc Runtimes, 7.x versions prior to 7.0.99.B, 8.x versions prior to 8.5.47.A, and 9.x versions prior to 9.0.27.A, when a tc Runtime instance is configured with the JMX Socket Listener, a local attacker without access to the tc Runtime process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the tc Runtime instance. |
|
268 |
CVE-2019-11244 |
732 |
|
|
2019-04-22 |
2020-10-02 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). If --cache-dir is specified and pointed at a different location accessible to other users/groups, the written files may be modified by other users/groups and disrupt the kubectl invocation. |
|
269 |
CVE-2019-11191 |
362 |
|
Bypass |
2019-04-12 |
2019-06-17 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
** DISPUTED ** The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aout.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. NOTE: the software maintainer disputes that this is a vulnerability because ASLR for a.out format executables has never been supported. |
|
270 |
CVE-2019-10210 |
522 |
|
|
2019-10-29 |
2021-10-28 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file. |
|
271 |
CVE-2019-9700 |
200 |
|
+Info |
2019-07-16 |
2021-07-21 |
1.7 |
None |
Local |
Low |
??? |
None |
Partial |
None |
|
Norton Password Manager, prior to 6.3.0.2082, may be susceptible to an address spoofing issue. This type of issue may allow an attacker to disguise their origin IP address in order to obfuscate the source of network traffic. |
|
272 |
CVE-2019-9421 |
125 |
|
Overflow |
2019-09-27 |
2020-08-24 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
In libandroidfw, there is a possible OOB read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111215250 |
|
273 |
CVE-2019-9383 |
125 |
|
|
2019-09-27 |
2019-10-02 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
In NFC server, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120843827 |
|
274 |
CVE-2019-9356 |
125 |
|
|
2019-09-27 |
2019-10-07 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
In NFC server, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111699773 |
|
275 |
CVE-2019-9344 |
125 |
|
|
2019-09-27 |
2019-10-02 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
In NFC server, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120845341 |
|
276 |
CVE-2019-9296 |
125 |
|
|
2019-09-27 |
2019-10-02 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112162089 |
|
277 |
CVE-2019-9251 |
125 |
|
|
2019-09-27 |
2019-10-04 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120274615 |
|
278 |
CVE-2019-9246 |
125 |
|
|
2019-09-27 |
2019-10-07 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120428637 |
|
279 |
CVE-2019-9244 |
125 |
|
|
2019-09-27 |
2019-10-02 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120865977 |
|
280 |
CVE-2019-9242 |
125 |
|
|
2019-09-27 |
2019-10-04 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-121035878 |
|
281 |
CVE-2019-9240 |
125 |
|
|
2019-09-27 |
2019-10-02 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-121150966 |
|
282 |
CVE-2019-9239 |
125 |
|
|
2019-09-27 |
2019-10-02 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-121263487 |
|
283 |
CVE-2019-9236 |
125 |
|
|
2019-09-27 |
2019-10-04 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122322613 |
|
284 |
CVE-2019-9235 |
125 |
|
|
2019-09-27 |
2019-10-03 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122323053 |
|
285 |
CVE-2019-8757 |
362 |
|
|
2019-12-18 |
2019-12-26 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
A race condition existed when reading and writing user preferences. This was addressed with improved state handling. This issue is fixed in macOS Catalina 10.15. The "Share Mac Analytics" setting may not be disabled when a user deselects the switch to share analytics. |
|
286 |
CVE-2019-6648 |
532 |
|
|
2019-09-04 |
2019-10-09 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration. |
|
287 |
CVE-2019-5296 |
125 |
|
|
2019-06-04 |
2019-06-05 |
1.7 |
None |
Local |
Low |
??? |
None |
None |
Partial |
|
Mate20 Huawei smartphones versions earlier than HMA-AL00C00B175 have an out-of-bounds read vulnerability. An attacker with a high permission runs some specific commands on the smartphone. Due to insufficient input verification, successful exploit may cause out-of-bounds read of the memory and the system abnormal. |
|
288 |
CVE-2019-5213 |
287 |
|
|
2019-11-12 |
2019-11-15 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8) have an insufficient authentication vulnerability. The system has a logic judge error under certain scenario. Successful exploit could allow the attacker to modify the alarm clock settings after a serious of uncommon operations without unlock the screen lock. |
|
289 |
CVE-2019-4299 |
532 |
|
+Info |
2019-07-01 |
2019-10-09 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
IBM Robotic Process Automation with Automation Anywhere 11 could allow a local user to obtain highly sensitive information from log files when debugging is enabled. IBM X-Force ID: 160765. |
|
290 |
CVE-2019-3998 |
287 |
|
Bypass |
2020-02-13 |
2020-02-25 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
Authentication bypass using an alternate path or channel in SimpliSafe SS3 firmware 1.4 allows a local, unauthenticated attacker to modify the Wi-Fi network the base station connects to. |
|
291 |
CVE-2019-3901 |
667 |
|
Bypass |
2019-04-22 |
2020-12-04 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged execve() calls. This issue affects kernel versions before 4.8. |
|
292 |
CVE-2019-3832 |
125 |
|
|
2019-03-21 |
2020-10-29 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash. |
|
293 |
CVE-2019-3767 |
312 |
|
|
2019-10-14 |
2020-10-16 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Dell ImageAssist versions prior to 8.7.15 contain an information disclosure vulnerability. Dell ImageAssist stores some sensitive encrypted information in the images it creates. A privileged user of a system running an operating system that was deployed with Dell ImageAssist could potentially retrieve this sensitive information to then compromise the system and related systems. |
|
294 |
CVE-2019-3687 |
276 |
|
|
2020-01-24 |
2020-03-05 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The permission package in SUSE Linux Enterprise Server allowed all local users to run dumpcap in the "easy" permission profile and sniff network traffic. This issue affects: SUSE Linux Enterprise Server permissions versions starting from 85c83fef7e017f8ab7f8602d3163786d57344439 to 081d081dcfaf61710bda34bc21c80c66276119aa. |
|
295 |
CVE-2019-3606 |
312 |
|
+Info |
2019-03-26 |
2020-08-24 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management (NSM) 9.1 < 9.1.7.75 (Update 4) and 9.2 < 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GUI terminal commands. |
|
296 |
CVE-2019-3422 |
200 |
|
+Info |
2019-11-07 |
2020-08-28 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The Sec Consult Security Lab reported an information disclosure vulnerability in MF910S product to ZTE PSIRT in October 2019. Through the analysis of related product team, the information disclosure vulnerability is confirmed. The MF910S product's one-click upgrade tool can obtain the Telnet remote login password in the reverse way. If Telnet is opened, the attacker can remotely log in to the device through the cracked password, resulting in information leakage. The MF910S was end of service on October 23, 2019, ZTE recommends users to choose new products for the purpose of better security. |
|
297 |
CVE-2019-3016 |
362 |
|
|
2020-01-31 |
2020-06-10 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out. |
|
298 |
CVE-2019-3008 |
|
|
DoS |
2019-10-16 |
2019-10-21 |
1.2 |
None |
Local |
High |
Not required |
None |
None |
Partial |
|
Vulnerability in the Oracle Solaris product of Oracle Systems (component: LDAP Library). The supported version that is affected is 11. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.0 Base Score 1.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L). |
|
299 |
CVE-2019-2850 |
|
|
DoS |
2019-07-23 |
2021-02-16 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 2.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L). |
|
300 |
CVE-2019-2745 |
|
|
Exec Code |
2019-07-23 |
2022-05-13 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u221, 8u212 and 11.0.3. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). |
