CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2019-2005 In onPermissionGrantResult of GrantPermissionsActivity.java, there is a possible incorrectly granted permission due to a missing permission check. This could lead to local escalation of privilege on a... | N/A | NONE | β | 0 |
| CVE-2019-2007 In getReadIndex and getWriteIndex of FifoControllerBase.cpp, there is a possible out-of-bounds write due to an integer overflow. This could lead to local escalation of privilege in the audio server wi... | N/A | NONE | β | 0 |
| CVE-2019-2008 In createEffect of AudioFlinger.cpp, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. Use... | N/A | NONE | β | 0 |
| CVE-2019-2009 In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privilege... | N/A | NONE | β | 0 |
| CVE-2019-2010 In phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional executio... | N/A | NONE | β | 0 |
| CVE-2019-2011 In readNullableNativeHandleNoDup of Parcel.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution pri... | N/A | NONE | β | 0 |
| CVE-2017-14395 Auth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not correctly validate redirect_uri for some invalid requests, which all... | N/A | NONE | β | 0 |
| CVE-2019-2012 In rw_t3t_act_handle_fmt_rsp of rw_t3t.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privilege... | N/A | NONE | β | 0 |
| CVE-2019-2013 In rw_t3t_act_handle_sro_rsp of rw_t3t.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privilege... | N/A | NONE | β | 0 |
| CVE-2019-2014 In rw_t3t_handle_get_sc_poll_rsp of rw_t3t.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privi... | N/A | NONE | β | 0 |
| CVE-2019-2015 In rw_t3t_act_handle_check_rsp of rw_t3t.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privile... | N/A | NONE | β | 0 |
| CVE-2019-12893 Alternate Pic View 2.600 has a User Mode Write AV starting at PicViewer!PerfgrapFinalize+0x00000000000a8868. | N/A | NONE | β | 0 |
| CVE-2019-12894 Alternate Pic View 2.600 has a Read Access Violation at the Instruction Pointer after a call from PicViewer!PerfgrapFinalize+0x00000000000a9a1b. | N/A | NONE | β | 0 |
| CVE-2019-2016 In NFA_SendRawFrame of nfa_dm_api.cc, there is a possible out-of-bound write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges ... | N/A | NONE | β | 0 |
| CVE-2018-9561 In llcp_util_parse_connect of llcp_util.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges... | N/A | NONE | β | 0 |
| CVE-2018-9563 In llcp_util_parse_cc of llcp_util.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges need... | N/A | NONE | β | 0 |
| CVE-2018-9564 In llcp_util_parse_link_params of llcp_util.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privil... | N/A | NONE | β | 0 |
| CVE-2019-12895 In Alternate Pic View 2.600, the Exception Handler Chain is Corrupted starting at PicViewer!PerfgrapFinalize+0x00000000000b916d. | N/A | NONE | β | 0 |
| CVE-2019-12896 Edraw Max 7.9.3 has Heap Corruption starting at ntdll!RtlpNtMakeTemporaryKey+0x0000000000001a77. | N/A | NONE | β | 0 |
| CVE-2019-2003 In addLinks of Linkify.java, there is a possible phishing vector due to an unusual root cause. This could lead to remote code execution or misdirection of clicks with no additional execution privilege... | N/A | NONE | β | 0 |
| CVE-2019-2017 In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution p... | N/A | NONE | β | 0 |
| CVE-2019-2018 In resetPasswordInternal of DevicePolicyManagerService.java, there is a possible bypass of password reset protection due to an unusual root cause. Remote user interaction is needed for exploitation.Pr... | N/A | NONE | β | 0 |
| CVE-2019-2019 In ce_t4t_data_cback of ce_t4t.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. ... | N/A | NONE | β | 0 |
| CVE-2019-2020 In llcp_dlc_proc_rr_rnr_pdu of llcp_dlc.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges... | N/A | NONE | β | 0 |
| CVE-2019-12897 Edraw Max 7.9.3 has a Read Access Violation at the Instruction Pointer after a call from ObjectModule!Paint::Clear+0x0000000000000074. | N/A | NONE | β | 0 |
| CVE-2019-2021 In rw_t3t_act_handle_ndef_detect_rsp of rw_t3t.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution pri... | N/A | NONE | β | 0 |
| CVE-2019-2022 In rw_t3t_act_handle_fmt_rsp and rw_t3t_act_handle_sro_rsp of rw_t3t.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no ad... | N/A | NONE | β | 0 |
| CVE-2019-2023 In ServiceManager::add function in the hardware service manager, there is an insecure permissions check based on the PID of the caller. This could allow an app to add or replace a HAL service with its... | N/A | NONE | β | 0 |
| CVE-2019-2024 In em28xx_unregister_dvb of em28xx-dvb.c, there is a possible use after free issue. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is... | N/A | NONE | β | 0 |
| CVE-2019-2025 In binder_thread_read of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges ne... | N/A | NONE | β | 0 |
| CVE-2017-14394 OAuth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not correctly validate redirect_uri for some invalid requests, which al... | N/A | NONE | β | 0 |
| CVE-2019-2729 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily e... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-3737 Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected by an LFI vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially c... | 7.5 | HIGH | β | 0 |
| CVE-2019-3787 Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending βunknown.orgβ to a user's email address when one is not provided and the user name does not contain an @ character. This domain is ... | N/A | NONE | β | 0 |
| CVE-2019-12901 Pydio Cells before 1.5.0 fails to neutralize '../' elements, allowing an attacker with minimum privilege to Upload files to, and Delete files/folders from, an unprivileged directory, leading to Privil... | N/A | NONE | β | 0 |
| CVE-2019-12902 Pydio Cells before 1.5.0 does incomplete cleanup of a user's data upon deletion. This allows a new user, holding the same User ID as a deleted user, to restore the deleted user's data. | N/A | NONE | β | 0 |
| CVE-2019-12903 Pydio Cells before 1.5.0, when supplied with a Name field in an unexpected Unicode format, fails to handle this and includes the database column/table name as pert of the error message, exposing sensi... | N/A | NONE | β | 0 |
| CVE-2019-4101 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 is vulnerable to a denial of service. Users that have both EXECUTE on PD_GET_DIAG_HIST and access to the diagnost... | 5.5 | MEDIUM | β | 0 |
| CVE-2019-12904 In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on pl... | 5.9 | MEDIUM | β | 0 |
| CVE-2019-1623 A vulnerability in the CLI configuration shell of Cisco Meeting Server could allow an authenticated, local attacker to inject arbitrary commands as the root user. The vulnerability is due to insuffici... | 6.7 | MEDIUM | β | 0 |
| CVE-2019-1624 A vulnerability in the vManage web-based UI (Web UI) in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The... | N/A | NONE | β | 0 |
| CVE-2019-1625 A vulnerability in the CLI of Cisco SD-WAN Solution could allow an authenticated, local attacker to elevate lower-level privileges to the root user on an affected device. The vulnerability is due to i... | 7.8 | HIGH | β | 0 |
| CVE-2019-1630 A vulnerability in the firmware signature checking program of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to cause a buffer overflow, resulting in a denia... | N/A | NONE | β | 0 |
| CVE-2019-1626 A vulnerability in the vManage web-based UI (Web UI) of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected vManage device. The vulnerabi... | 8.8 | HIGH | β | 0 |
| CVE-2019-1627 A vulnerability in the Server Utilities of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to gain unauthorized access to sensitive user information from the... | 6.5 | MEDIUM | β | 0 |
| CVE-2019-1628 A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to cause a buffer overflow, resulting in a denial of service (DoS) condit... | 5.5 | MEDIUM | β | 0 |
| CVE-2019-1629 A vulnerability in the configuration import utility of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to have write access and upload arbitrary data to th... | N/A | NONE | β | 0 |
| CVE-2018-16251 A "search for user discovery" injection issue exists in Creatiwity wityCMS 0.6.2 via the "Utilisateur" menu. No input parameters are filtered, e.g., the /admin/user/users Nickname, email, firstname, l... | N/A | NONE | β | 0 |
| CVE-2019-1631 A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to access potentially sensitive system usage infor... | N/A | NONE | β | 0 |
| CVE-2019-1632 A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attac... | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.