Total
33519 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-2396 | 1 Oracle | 1 E-business Suite | 2024-11-21 | 4.3 MEDIUM | 4.7 MEDIUM |
| Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Messages). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N). | |||||
| CVE-2019-2395 | 1 Oracle | 1 Weblogic Server | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). The supported version that is affected is 10.3.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS 3.0 Base Score 5.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L). | |||||
| CVE-2019-2390 | 2 Microsoft, Mongodb | 2 Windows, Mongodb | 2024-11-21 | 6.8 MEDIUM | 8.2 HIGH |
| An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server to run attacker defined code as the user running the utility. This issue MongoDB Server v4.0 versions prior to 4.0.11; MongoDB Server v3.6 versions prior to 3.6.14 and MongoDB Server v3.4 prior to 3.4.22. | |||||
| CVE-2019-2338 | 1 Qualcomm | 38 Mdm9205, Mdm9205 Firmware, Msm8998 and 35 more | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| Crafted image that has a valid signature from a non-QC entity can be loaded which can read/write memory that belongs to the secure world in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, MSM8998, QCS404, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SM6150, SM7150, SM8150, SXR1130, SXR2130 | |||||
| CVE-2019-2315 | 1 Qualcomm | 86 Apq8009, Apq8009 Firmware, Apq8017 and 83 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| While invoking the API to copy from fd or local buffer to the secure buffer, Parameters being populated are from non secure environment. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCS404, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, Snapdragon_High_Med_2016, SXR1130, SXR2130 | |||||
| CVE-2019-2308 | 1 Qualcomm | 70 Mdm9150, Mdm9150 Firmware, Mdm9607 and 67 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| User application could potentially make RPC call to the fastrpc driver and the driver will allow the message to go through to the remote subsystem in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 | |||||
| CVE-2019-2281 | 1 Qualcomm | 40 Qcs405, Qcs405 Firmware, Qcs605 and 37 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An unauthenticated bitmap image can be loaded in to memory and subsequently cause execution of unverified code. in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS405, QCS605, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SDX24, SXR1130 | |||||
| CVE-2019-2274 | 1 Qualcomm | 74 Apq8017, Apq8017 Firmware, Apq8053 and 71 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Improper Access Control for RPU write access from secure processor in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8017, APQ8053, APQ8098, IPQ8074, MDM9150, MDM9650, MDM9655, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, Nicobar, QCA8081, QCN7605, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX55, SM6150, SM7150, SM8150, SXR1130 | |||||
| CVE-2019-2261 | 1 Qualcomm | 84 Ipq8074, Ipq8074 Firmware, Mdm9150 and 81 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| Unauthorized access from GPU subsystem to HLOS or other non secure subsystem memory can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MSM8996AU, QCA8081, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 | |||||
| CVE-2019-2256 | 1 Qualcomm | 70 Mdm9650, Mdm9650 Firmware, Msm8909w and 67 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An unprivileged user can craft a bitstream such that the payload encoded in the bitstream gains code execution in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 | |||||
| CVE-2019-2255 | 1 Qualcomm | 70 Msm8909w, Msm8909w Firmware, Msm8996au and 67 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An unprivileged user can craft a bitstream such that the payload encoded in the bitstream gains code execution in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 | |||||
| CVE-2019-2233 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| In getUserCount and getCount of UserSwitcherController.java, there is possible new user creation due to a logic error. This could lead to local escalation of privilege for an attacker who has physical access to the device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140486529 | |||||
| CVE-2019-2221 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| In hasActivityInVisibleTask of WindowProcessController.java there’s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-138583650 | |||||
| CVE-2019-2220 | 1 Google | 1 Android | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-138636979 | |||||
| CVE-2019-2199 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| In createSessionInternal of PackageInstallerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-138650665 | |||||
| CVE-2019-2182 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| In the Android kernel in the kernel MMU code there is a possible execution path leaving some kernel text and rodata pages writable. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2019-2132 | 1 Google | 1 Android | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| It is possible to overlay the VPN dialog by a malicious application. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-130568701. | |||||
| CVE-2019-2124 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| In ComposeActivityEmailExternal of ComposeActivityEmailExternal.java in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible way to silently attach files to an email due to a confused deputy. This could lead to local information disclosure. | |||||
| CVE-2019-2113 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| In setup wizard there is a bypass of some checks when wifi connection is skipped. This could lead to factory reset protection bypass with no additional privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-122597079. | |||||
| CVE-2019-2056 | 1 Google | 1 Android | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| There is a possible disclosure of RAM using a shared crypto key due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140879284 | |||||