Vulnerabilities (CVE)

Filter

130145 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-2215 1 Google 1 Android 2019-10-16 4.6
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local...
CVE-2019-2183 1 Google 1 Android 2019-10-16 2.1
In generateServicesMap of RegisteredServicesCache.java, there is a possible account protection bypass due to a caching optimization. This could lead to local information disclosure with no additional execution privileges needed. User interaction...
CVE-2019-9533 1 Cobham 1 Explorer 710 Firmware 2019-10-16 10.0
The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08. This could allow an attacker to reverse-engineer the password from available versions to gain authenticated access to the device.
CVE-2019-2187 1 Google 1 Android 2019-10-16 2.1
In nfc_ncif_decode_rf_params of nfc_ncif.cc, there is a possible out of bounds read due to an integer underflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
CVE-2019-17420 2 Oisf, Suricata-ids 2 Libhtp, Suricata 2019-10-16 5.0
In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature to not alert on a response with a single \r\n ending.
CVE-2019-2184 1 Google 1 Android 2019-10-16 9.3
In PV_DecodePredictedIntraDC of dec_pred_intra_dc.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for...
CVE-2019-9535 1 Iterm2 1 Iterm2 2019-10-16 10.0
A vulnerability exists in the way that iTerm2 integrates with tmux's control mode, which may allow an attacker to execute arbitrary commands by providing malicious output to the terminal. This affects versions of iTerm2 up to and including 3.3.5....
CVE-2019-2173 1 Google 1 Android 2019-10-16 4.6
In startActivityMayWait of ActivityStarter.java, there is a possible incorrect Activity launch due to an incorrect permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction...
CVE-2019-16905 1 Openbsd 1 Openssh 2019-10-16 7.5
OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and remote code...
CVE-2019-2185 1 Google 1 Android 2019-10-16 9.3
In VlcDequantH263IntraBlock_SH of vlc_dequant.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for...
CVE-2019-15715 1 Mantisbt 1 Mantisbt 2019-10-16 6.5
MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution.
CVE-2019-2186 1 Google 1 Android 2019-10-16 9.3
In GetMBheader of combined_decode.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for...
CVE-2019-14225 1 Open-xchange 1 Open-xchange Appsuite 2019-10-16 5.5
OX App Suite 7.10.1 and 7.10.2 allows SSRF.
CVE-2019-17389 1 Riot-os 1 Riot 2019-10-16 7.8
In RIOT 2019.07, the MQTT-SN implementation (asymcute) mishandles errors occurring during a read operation on a UDP socket. The receive loop ends. This allows an attacker (via a large packet) to prevent a RIOT MQTT-SN client from working until...
CVE-2019-14227 1 Open-xchange 1 Open-xchange Appsuite 2019-10-16 4.3
OX App Suite 7.10.1 and 7.10.2 allows XSS.
CVE-2019-17660 2019-10-16 N/A
A cross-site scripting (XSS) vulnerability in admin/translate/translateheader_view.php in LimeSurvey 3.19.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the tolang parameter, as demonstrated by the...
CVE-2019-11281 2019-10-16 N/A
Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation...
CVE-2019-15017 1 Zingbox 1 Inspector 2019-10-16 7.2
The SSH service is enabled on the Zingbox Inspector versions 1.294 and earlier, exposing SSH to the local network. When combined with PAN-SA-2019-0027, this can allow an attacker to authenticate to the service using hardcoded credentials.
CVE-2019-15015 1 Zingbox 1 Inspector 2019-10-16 7.2
In the Zingbox Inspector, versions 1.294 and earlier, hardcoded credentials for root and inspector user accounts are present in the system software, which can result in unauthorized users gaining access to the system.
CVE-2019-17535 1 Gilacms 1 Gila Cms 2019-10-16 4.3
Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647.