CVE |
Vendors |
Products |
Updated |
CVSS |
CVE-2019-2215 |
1 Google |
1 Android |
2019-10-16 |
4.6 |
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local... |
CVE-2019-2183 |
1 Google |
1 Android |
2019-10-16 |
2.1 |
In generateServicesMap of RegisteredServicesCache.java, there is a possible account protection bypass due to a caching optimization. This could lead to local information disclosure with no additional execution privileges needed. User interaction... |
CVE-2019-9533 |
1 Cobham |
1 Explorer 710 Firmware |
2019-10-16 |
10.0 |
The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08. This could allow an attacker to reverse-engineer the password from available versions to gain authenticated access to the device. |
CVE-2019-2187 |
1 Google |
1 Android |
2019-10-16 |
2.1 |
In nfc_ncif_decode_rf_params of nfc_ncif.cc, there is a possible out of bounds read due to an integer underflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for... |
CVE-2019-17420 |
2 Oisf, Suricata-ids |
2 Libhtp, Suricata |
2019-10-16 |
5.0 |
In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature to not alert on a response with a single \r\n ending. |
CVE-2019-2184 |
1 Google |
1 Android |
2019-10-16 |
9.3 |
In PV_DecodePredictedIntraDC of dec_pred_intra_dc.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for... |
CVE-2019-9535 |
1 Iterm2 |
1 Iterm2 |
2019-10-16 |
10.0 |
A vulnerability exists in the way that iTerm2 integrates with tmux's control mode, which may allow an attacker to execute arbitrary commands by providing malicious output to the terminal. This affects versions of iTerm2 up to and including 3.3.5.... |
CVE-2019-2173 |
1 Google |
1 Android |
2019-10-16 |
4.6 |
In startActivityMayWait of ActivityStarter.java, there is a possible incorrect Activity launch due to an incorrect permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction... |
CVE-2019-16905 |
1 Openbsd |
1 Openssh |
2019-10-16 |
7.5 |
OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and remote code... |
CVE-2019-2185 |
1 Google |
1 Android |
2019-10-16 |
9.3 |
In VlcDequantH263IntraBlock_SH of vlc_dequant.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for... |
CVE-2019-15715 |
1 Mantisbt |
1 Mantisbt |
2019-10-16 |
6.5 |
MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution. |
CVE-2019-2186 |
1 Google |
1 Android |
2019-10-16 |
9.3 |
In GetMBheader of combined_decode.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for... |
CVE-2019-14225 |
1 Open-xchange |
1 Open-xchange Appsuite |
2019-10-16 |
5.5 |
OX App Suite 7.10.1 and 7.10.2 allows SSRF. |
CVE-2019-17389 |
1 Riot-os |
1 Riot |
2019-10-16 |
7.8 |
In RIOT 2019.07, the MQTT-SN implementation (asymcute) mishandles errors occurring during a read operation on a UDP socket. The receive loop ends. This allows an attacker (via a large packet) to prevent a RIOT MQTT-SN client from working until... |
CVE-2019-14227 |
1 Open-xchange |
1 Open-xchange Appsuite |
2019-10-16 |
4.3 |
OX App Suite 7.10.1 and 7.10.2 allows XSS. |
CVE-2019-17660 |
|
|
2019-10-16 |
N/A |
A cross-site scripting (XSS) vulnerability in admin/translate/translateheader_view.php in LimeSurvey 3.19.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the tolang parameter, as demonstrated by the... |
CVE-2019-11281 |
|
|
2019-10-16 |
N/A |
Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation... |
CVE-2019-15017 |
1 Zingbox |
1 Inspector |
2019-10-16 |
7.2 |
The SSH service is enabled on the Zingbox Inspector versions 1.294 and earlier, exposing SSH to the local network. When combined with PAN-SA-2019-0027, this can allow an attacker to authenticate to the service using hardcoded credentials. |
CVE-2019-15015 |
1 Zingbox |
1 Inspector |
2019-10-16 |
7.2 |
In the Zingbox Inspector, versions 1.294 and earlier, hardcoded credentials for root and inspector user accounts are present in the system software, which can result in unauthorized users gaining access to the system. |
CVE-2019-17535 |
1 Gilacms |
1 Gila Cms |
2019-10-16 |
4.3 |
Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647. |