CVE List - 2019 / September
Showing 1401 - 1500 of 1531 CVEs for September 2019 (Page 15 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2019-9395 | 2019-09-27 | In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is... |
| CVE-2019-9396 | 2019-09-27 | In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is... |
| CVE-2019-9397 | 2019-09-27 | In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is... |
| CVE-2019-9398 | 2019-09-27 | In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is... |
| CVE-2019-9399 | 2019-09-27 | The Print Service is susceptible to man in the middle attacks due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User... |
| CVE-2019-9400 | 2019-09-27 | In Bluetooth, there is a possible null pointer dereference due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User... |
| CVE-2019-9401 | 2019-09-27 | In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is... |
| CVE-2019-9402 | 2019-09-27 | In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is... |
| CVE-2019-9403 | 2019-09-27 | In cn-cbor, there is a possible out of bounds read due to improper casting. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is... |
| CVE-2019-9404 | 2019-09-27 | In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is... |
| CVE-2019-9405 | 2019-09-27 | In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction... |
| CVE-2019-9406 | 2019-09-27 | In libhevc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for... |
| CVE-2019-9407 | 2019-09-27 | In notification management of the service manager, there is a possible permissions bypass. This could lead to local escalation of privilege by preventing user notification, with no additional execution privileges... |
| CVE-2019-9408 | 2019-09-27 | In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for... |
| CVE-2019-9409 | 2019-09-27 | In libhevc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for... |
| CVE-2019-9410 | 2019-09-27 | In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for... |
| CVE-2019-9411 | 2019-09-27 | In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for... |
| CVE-2019-9412 | 2019-09-27 | In libSBRdec there is a possible out of bounds read due to incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction... |
| CVE-2019-9413 | 2019-09-27 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User... |
| CVE-2019-9414 | 2019-09-27 | In wpa_supplicant, there is a possible man in the middle vulnerability due to improper input validation of the basicConstraints field of intermediary certificates. This could lead to remote information disclosure... |
| CVE-2019-9415 | 2019-09-27 | In libstagefright there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for... |
| CVE-2019-9416 | 2019-09-27 | In libstagefright there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for... |
| CVE-2019-9417 | 2019-09-27 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2019-9418 | 2019-09-27 | In libstagefright, there is a possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction... |
| CVE-2019-9419 | 2019-09-27 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User... |
| CVE-2019-9420 | 2019-09-27 | In libhevc, there is a possible out of bounds read due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User... |
| CVE-2019-9421 | 2019-09-27 | In libandroidfw, there is a possible OOB read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed... |
| CVE-2019-9422 | 2019-09-27 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User... |
| CVE-2019-9423 | 2019-09-27 | In opencv calls that use libpng, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no... |
| CVE-2019-9424 | 2019-09-27 | In the Screen Lock, there is a possible information disclosure due to an unusual root cause. In certain circumstances, the setting to hide the unlock pattern can be ignored. Product:... |
| CVE-2019-9425 | 2019-09-27 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed.... |
| CVE-2019-9427 | 2019-09-27 | In Bluetooth, there is a possible information disclosure due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is... |
| CVE-2019-9428 | 2019-09-27 | In the Framework, it is possible to set up BROWSEABLE intents to take over certain URLs. This could lead to remote information disclosure of sensitive URLs with no additional execution... |
| CVE-2019-9429 | 2019-09-27 | In profman, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction... |
| CVE-2019-9430 | 2019-09-27 | In Bluetooth, there is a possible null pointer dereference due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User... |
| CVE-2019-9431 | 2019-09-27 | In Bluetooth, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with heap information written to the log... |
| CVE-2019-9432 | 2019-09-27 | In Bluetooth, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure in the Bluetooth server with no additional execution... |
| CVE-2019-9433 | 2019-09-27 | In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed... |
| CVE-2019-9434 | 2019-09-27 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with heap information written to the log... |
| CVE-2019-9435 | 2019-09-27 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2018-9425 | 2019-09-27 | In Platform, there is a possible bypass of user interaction requirements due to missing permission checks. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2018-9581 | 2019-09-27 | In WiFi, the RSSI value and SSID information is broadcast as part of android.net.wifi.RSSI_CHANGE and android.net.wifi.STATE_CHANGE intents. This could lead to local information disclosure with no additional execution privileges needed.... |
| CVE-2019-9438 | 2019-09-27 | In the Package Manager service, there is a possible information disclosure due to a confused deputy. This could lead to local disclosure of information about installed packages for other users... |
| CVE-2019-9440 | 2019-09-27 | In AOSP Email, there is a possible information disclosure due to a confused deputy. This could lead to local disclosure of the Email app's protected files with User execution privileges... |
| CVE-2019-9459 | 2019-09-27 | In libttspico, there is a possible OOB write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction... |
| CVE-2019-9462 | 2019-09-27 | In Bluetooth, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed.... |
| CVE-2019-9463 | 2019-09-27 | In Platform, there is a possible bypass of user interaction requirements due to background app interception. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2019-2188 | 2019-09-27 | In the Easel driver, there is possible memory corruption due to race conditions. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not... |
| CVE-2019-2189 | 2019-09-27 | In the Easel driver, there is possible memory corruption due to race conditions. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not... |
| CVE-2019-2190 | 2019-09-27 | In LG's LAF component, there is a possible leak of information in a protected disk partition due to a missing bounds check. This could lead to local information disclosure via... |
| CVE-2019-2191 | 2019-09-27 | In LG's LAF component, there is a possible leak of information in a protected disk partition due to a missing bounds check. This could lead to local information disclosure via... |
| CVE-2019-16685 | 2019-09-27 | Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can... |
| CVE-2019-16686 | 2019-09-27 | Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin. |
| CVE-2019-16687 | 2019-09-27 | Dolibarr 9.0.5 has stored XSS in a User Profile in a Signature section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and... |
| CVE-2019-16688 | 2019-09-27 | Dolibarr 9.0.5 has stored XSS in an Email Template section to mails_templates.php. A user with no privileges can inject script to attack the admin. (This stored XSS can affect all... |
| CVE-2019-16927 | 2019-09-27 | Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc, a different vulnerability than CVE-2019-9877. |
| CVE-2019-16928 | 2019-09-27 | Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command. |
| CVE-2019-11927 | 2019-09-27 | An integer overflow in WhatsApp media parsing libraries allows a remote attacker to perform an out-of-bounds write on the heap via specially-crafted EXIF tags in WEBP images. This issue affects... |
| CVE-2019-3736 | 2019-09-27 | Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a password storage vulnerability in the ACM component. A remote authenticated malicious user with root privileges may potentially use... |
| CVE-2019-3746 | 2019-09-27 | Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do not limit the number of authentication attempts to the ACM API. An authenticated remote user may exploit this vulnerability... |
| CVE-2019-3747 | 2019-09-27 | Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a stored cross-site scripting vulnerability. A remote malicious ACM admin user may potentially exploit this vulnerability to store malicious... |
| CVE-2019-3766 | 2019-09-27 | Dell EMC ECS versions prior to 3.4.0.0 contain an improper restriction of excessive authentication attempts vulnerability. An unauthenticated remote attacker may potentially perform a password brute-force attack to gain access... |
| CVE-2019-16926 | 2019-09-27 | Flower 0.9.3 has XSS via a crafted worker name. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user... |
| CVE-2019-16925 | 2019-09-27 | Flower 0.9.3 has XSS via the name parameter in an @app.task call. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task... |
| CVE-2019-16935 | 2019-09-28 | The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in... |
| CVE-2019-16941 | 2019-09-28 | NSA Ghidra through 9.0.4, when experimental mode is enabled, allows arbitrary code execution if the Read XML Files feature of Bit Patterns Explorer is used with a modified XML document.... |
| CVE-2019-16930 | 2019-09-28 | Zcashd in Zcash before 2.0.7-3 allows discovery of the IP address of a full node that owns a shielded address, related to mishandling of exceptions during deserialization of note plaintexts.... |
| CVE-2019-16992 | 2019-09-29 | The Keybase app 2.13.2 for iOS provides potentially insufficient notice that it is employing a user's private key to sign a certain cryptocurrency attestation (that an address at keybase.io can... |
| CVE-2019-16993 | 2019-09-30 | In phpBB before 3.1.7-PL1, includes/acp/acp_bbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker... |
| CVE-2019-16676 | 2019-09-30 | Plataformatec Simple Form has Incorrect Access Control in file_method? in lib/simple_form/form_builder.rb, because a user-supplied string is invoked as a method call. |
| CVE-2019-16994 | 2019-09-30 | In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a. |
| CVE-2019-16995 | 2019-09-30 | In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d. |
| CVE-2019-16743 | 2019-09-30 | eBrigade before 5.0 has evenement_ical.php evenement SQL Injection. |
| CVE-2019-16414 | 2019-09-30 | A DOM based XSS in GFI Kerio Control v9.3.0 allows embedding of malicious code and manipulating the login page to send back a victim's cleartext credentials to an attacker via... |
| CVE-2019-14752 | 2019-09-30 | SuiteCRM 7.10.x and 7.11.x before 7.10.20 and 7.11.8 has XSS. |
| CVE-2019-16744 | 2019-09-30 | eBrigade before 5.0 has evenements.php cid SQL Injection. |
| CVE-2019-16745 | 2019-09-30 | eBrigade before 5.0 has evenement_choice.php chxCal SQL Injection. |
| CVE-2019-16999 | 2019-09-30 | CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status field in JSON data to the api/osinstall/v1/device/getNumByStatus URI. |
| CVE-2017-18636 | 2019-09-30 | CDG through 2017-01-01 allows downloadDocument.jsp?command=download&pathAndName= directory traversal. |
| CVE-2019-16996 | 2019-09-30 | In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/product_admin.class.php via the admin/?n=product&c=product_admin&a=dopara&app_type=shop id parameter. |
| CVE-2019-16997 | 2019-09-30 | In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/language/admin/language_general.class.php via the admin/?n=language&c=language_general&a=doExportPack appno parameter. |
| CVE-2019-17040 | 2019-09-30 | contrib/pmdb2diag/pmdb2diag.c in Rsyslog v8.1908.0 allows out-of-bounds access because the level length is mishandled. |
| CVE-2019-17045 | 2019-09-30 | Ilch 2.1.22 allows stored XSS via the title, text, or email id to the Jobs Tab. |
| CVE-2019-17046 | 2019-09-30 | Ilch 2.1.22 allows remote code execution because php is listed under "Allowed files" on the index.php/admin/media/settings/index page. |
| CVE-2019-16932 | 2019-09-30 | A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data. |
| CVE-2019-16683 | 2019-09-30 | An issue was discovered in the image-manager in Xoops 2.5.10. When the breadcrumb showing the category name is hovered over while editing any image, a JavaScript payload executes. |
| CVE-2019-4106 | 2019-09-30 | IBM WebSphere eXtreme Scale 8.6 Admin Console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2019-4109 | 2019-09-30 | IBM WebSphere eXtreme Scale 8.6 Admin Console could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site,... |
| CVE-2019-4112 | 2019-09-30 | IBM WebSphere eXtreme Scale 8.6 Admin Console allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158105. |
| CVE-2019-4115 | 2019-09-30 | IBM WebSphere eXtreme Scale 8.6 Admin API is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2019-4280 | 2019-09-30 | IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 displays sensitive information in HTTP requests which could be used in further attacks against the system. IBM X-Force ID: 160503. |
| CVE-2019-4304 | 2019-09-30 | IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security restrictions caused by improper session validation. IBM X-Force ID: 160950. |
| CVE-2019-4305 | 2019-09-30 | IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information caused by the improper setting of a cookie. IBM X-Force ID: 160951. |
| CVE-2019-4423 | 2019-09-30 | IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences... |
| CVE-2019-16684 | 2019-09-30 | An issue was discovered in the image-manager in Xoops 2.5.10. When any image with a JavaScript payload as its name is hovered over in the list or in the Edit... |
| CVE-2019-10489 | 2019-09-30 | Possible null-pointer dereference can occur while parsing avi clip during copy in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music,... |
| CVE-2019-10492 | 2019-09-30 | Boot image not getting verified by AVB in Snapdragon Auto, Snapdragon Mobile, Snapdragon Wearables in MDM9607, MSM8909W, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD... |
| CVE-2019-10497 | 2019-09-30 | Use after free issue occurs If another instance of open for voice_svc node has been called from application without closing the previous one. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon... |
| CVE-2019-10498 | 2019-09-30 | Buffer overflow scenario if the client sends more than 5 io_vec requests to the server in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile,... |
| CVE-2019-10499 | 2019-09-30 | Improper validation of read and write index of tx and rx fifo`s before using for data copy from fifo can lead to out-of-bound access. in Snapdragon Mobile, Snapdragon Voice &... |