Export limit exceeded: 15153 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (15153 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-2191 | 1 Google | 1 Android | 2024-11-21 | 4.3 Medium |
| In LG's LAF component, there is a possible leak of information in a protected disk partition due to a missing bounds check. This could lead to local information disclosure via USB with User execution privileges needed. User interaction is not required for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-68770980 | ||||
| CVE-2019-2190 | 1 Google | 1 Android | 2024-11-21 | 4.3 Medium |
| In LG's LAF component, there is a possible leak of information in a protected disk partition due to a missing bounds check. This could lead to local information disclosure via USB with User execution privileges needed. User interaction is not required for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-68771598 | ||||
| CVE-2019-2131 | 1 Google | 1 Android | 2024-11-21 | N/A |
| An application with overlay permission can display overlays on top of settings UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-119115683. | ||||
| CVE-2019-2120 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In OatFileAssistant::GenerateOatFile of oat_file_assistant.cc, there is a possible file corruption issue due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-130821293. | ||||
| CVE-2019-2043 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In SmsDefaultDialog.onStart of SmsDefaultDialog.java, there is a possible escalation of privilege due to an overlay attack. This could lead to local escalation of privilege, granting privileges to a local app without the user's informed consent, with no additional privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android ID: A-120484087 | ||||
| CVE-2019-2041 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In the configuration of NFC modules on certain devices, there is a possible failure to distinguish individual devices due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-8.1 Android-9. Android ID: A-122034690. | ||||
| CVE-2019-2025 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In binder_thread_read of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-116855682References: Upstream kernel | ||||
| CVE-2019-2024 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In em28xx_unregister_dvb of em28xx-dvb.c, there is a possible use after free issue. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111761954References: Upstream kernel | ||||
| CVE-2019-25101 | 1 Turbogears Project | 1 Turbogears | 2024-11-21 | 6.3 Medium |
| A vulnerability classified as critical has been found in OnShift TurboGears 1.0.11.10. This affects an unknown part of the file turbogears/controllers.py of the component HTTP Header Handler. The manipulation leads to http response splitting. It is possible to initiate the attack remotely. Upgrading to version 1.0.11.11 is able to address this issue. The patch is named f68bbaba47f4474e1da553aa51564a73e1d92a84. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220059. | ||||
| CVE-2019-25078 | 1 Pacparser Project | 1 Pacparser | 2024-11-21 | 5.3 Medium |
| A vulnerability classified as problematic was found in pacparser up to 1.3.x. Affected by this vulnerability is the function pacparser_find_proxy of the file src/pacparser.c. The manipulation of the argument url leads to buffer overflow. Attacking locally is a requirement. Upgrading to version 1.4.0 is able to address this issue. The name of the patch is 853e8f45607cb07b877ffd270c63dbcdd5201ad9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215443. | ||||
| CVE-2019-25059 | 2 Artifex, Debian | 2 Ghostscript, Debian Linux | 2024-11-21 | 7.8 High |
| Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an incomplete fix for CVE-2019-3839. | ||||
| CVE-2019-25051 | 4 Debian, Fedoraproject, Gnu and 1 more | 4 Debian Linux, Fedora, Aspell and 1 more | 2024-11-21 | 7.8 High |
| objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list). | ||||
| CVE-2019-20840 | 5 Canonical, Debian, Libvnc Project and 2 more | 16 Ubuntu Linux, Debian Linux, Libvncserver and 13 more | 2024-11-21 | 7.5 High |
| An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode. | ||||
| CVE-2019-20470 | 1 Tk-star | 2 Q90 Junior Gps Horloge, Q90 Junior Gps Horloge Firmware | 2024-11-21 | 7.5 High |
| An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It performs actions based on certain SMS commands. This can be used to set up a voice communication channel from the watch to any telephone number, initiated by sending a specific SMS and using the default password, e.g., pw,<password>,call,<mobile_number> triggers an outbound call from the watch. The password is sometimes available because of CVE-2019-20471. | ||||
| CVE-2019-20396 | 2 Cesnet, Redhat | 2 Libyang, Enterprise Linux | 2024-11-21 | 6.5 Medium |
| A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lys_parse_path parsing. | ||||
| CVE-2019-20392 | 2 Cesnet, Redhat | 2 Libyang, Enterprise Linux | 2024-11-21 | 6.5 Medium |
| An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash. | ||||
| CVE-2019-20391 | 2 Cesnet, Redhat | 2 Libyang, Enterprise Linux | 2024-11-21 | 6.5 Medium |
| An invalid memory access flaw is present in libyang before v1.0-r3 in the function resolve_feature_value() when an if-feature statement is used inside a bit. Applications that use libyang to parse untrusted input yang files may crash. | ||||
| CVE-2019-20172 | 1 Serenityos | 1 Serenityos | 2024-11-21 | 7.8 High |
| Kernel/VM/MemoryManager.cpp in SerenityOS before 2019-12-30 does not reject syscalls with pointers into the kernel-only virtual address space, which allows local users to gain privileges by overwriting a return address that was found on the kernel stack. | ||||
| CVE-2019-20054 | 3 Linux, Netapp, Redhat | 19 Linux Kernel, 8300, 8300 Firmware and 16 more | 2024-11-21 | 5.5 Medium |
| In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e. | ||||
| CVE-2019-1994 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In refresh of DevelopmentTiles.java, there is the possibility of leaving development settings accessible due to an insecure default value. This could lead to unwanted access to development settings, with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-117770924. | ||||