CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1501 CVE-2019-1003048 311 2019-03-28 2020-09-29
2.1
None Local Low Not required Partial None None
A vulnerability in Jenkins PRQA Plugin 3.1.0 and earlier allows attackers with local file system access to the Jenkins home directory to obtain the unencrypted password from the plugin configuration.
1502 CVE-2019-1003044 352 CSRF 2019-03-28 2020-06-23
2.1
None Remote High ??? Partial None None
A cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
1503 CVE-2019-1003038 522 2019-03-08 2020-09-30
2.1
None Local Low Not required Partial None None
An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in src/main/java/org/jvnet/hudson/plugins/repositoryconnector/ArtifactDeployer.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/Repository.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/UserPwd.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the password stored in the plugin configuration.
1504 CVE-2019-1003017 352 2019-02-06 2019-10-09
2.6
None Remote High Not required None Partial None
A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentially installing additional plugins necessary to load the imported job's configuration.
1505 CVE-2019-25030 522 2021-05-26 2021-06-07
2.1
None Local Low Not required Partial None None
In Versa Director, Versa Analytics and VOS, Passwords are not hashed using an adaptive cryptographic hash function or key derivation function prior to storage. Popular hashing algorithms based on the Merkle-Damgardconstruction (such as MD5 and SHA-1) alone are insufficient in thwarting password cracking. Attackers can generate and use precomputed hashes for all possible password character combinations (commonly referred to as "rainbow tables") relatively quickly. The use of adaptive hashing algorithms such asscryptorbcryptor Key-Derivation Functions (i.e.PBKDF2) to hash passwords make generation of such rainbow tables computationally infeasible.
1506 CVE-2019-20872 918 2020-06-19 2020-06-23
2.1
None Local Low Not required Partial None None
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. SSRF can attack local services.
1507 CVE-2019-20811 2020-06-03 2020-09-23
2.1
None Local Low Not required None Partial None
An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.
1508 CVE-2019-20808 125 DoS 2020-12-31 2021-03-31
2.1
None Local Low Not required None None Partial
In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation. It occurs in the ati_cursor_define() routine while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service.
1509 CVE-2019-20806 476 DoS 2020-05-27 2020-06-19
2.1
None Local Low Not required None None Partial
An issue was discovered in the Linux kernel before 5.2. There is a NULL pointer dereference in tw5864_handle_frame() in drivers/media/pci/tw5864/tw5864-video.c, which may cause denial of service, aka CID-2e7682ebfc75.
1510 CVE-2019-20795 416 2020-05-09 2020-09-10
2.1
None Local Low Not required None None Partial
iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors (such as C library configuration) may block exploitability.
1511 CVE-2019-20784 2020-04-17 2020-04-24
2.1
None Local Low Not required None Partial None
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 (MTK chipsets) software. Interaction of GPS with 911 emergency calls is mishandled. The LG ID is LVE-SMP-180012 (January 2019).
1512 CVE-2019-20779 20 2020-04-17 2020-04-24
2.1
None Local Low Not required None None Partial
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. A TrustZone trusted application can crash via crafted input. The LG ID is LVE-SMP-190003 (May 2019).
1513 CVE-2019-20776 20 2020-04-17 2020-04-24
2.1
None Local Low Not required None None Partial
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. A TZ trusted application can crash via crafted input. The LG ID is LVE-SMP-190005 (July 2019).
1514 CVE-2019-20775 326 2020-04-17 2020-04-22
2.1
None Local Low Not required Partial None None
An issue was discovered on LG mobile devices with Android OS 9.0 (Qualcomm SDM450, SDM845, SM6150, and SM8150 chipsets) software. Weak encryption leads to local information disclosure. The LG ID is LVE-SMP-190010 (August 2019).
1515 CVE-2019-20774 200 +Info 2020-04-17 2020-04-24
2.1
None Local Low Not required Partial None None
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. A system service allows local retrieval of the user's password. The LG ID is LVE-SMP-190009 (August 2019).
1516 CVE-2019-20759 79 XSS 2020-04-16 2020-04-20
2.9
None Local Network Medium Not required None Partial None
NETGEAR R9000 devices before 1.0.4.26 are affected by stored XSS.
1517 CVE-2019-20744 200 +Info 2020-04-16 2020-04-21
2.7
None Local Network Low ??? Partial None None
NETGEAR WAC510 devices before 5.0.10.2 are affected by disclosure of sensitive information.
1518 CVE-2019-20743 79 XSS 2020-04-16 2020-04-20
2.9
None Local Network Medium Not required None Partial None
NETGEAR WAC510 devices before 8.0.1.3 are affected by stored XSS.
1519 CVE-2019-20742 79 XSS 2020-04-16 2020-04-20
2.9
None Local Network Medium Not required None Partial None
NETGEAR WAC510 devices before 8.0.1.3 are affected by stored XSS.
1520 CVE-2019-20729 20 2020-04-16 2020-04-21
2.1
None Local Low Not required None Partial None
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects JNDR3000 before 1.0.0.22, R6250 before 1.0.4.26, R6300v2 before 1.0.4.22, R6400 before 1.0.1.36, R6400v2 before 1.0.2.52, R6700 before 1.0.1.44, R6900 before 1.0.1.44, R7000 before 1.0.9.28, R6900P before 1.3.1.26, R7000P before 1.3.1.26, R7300DST before 1.0.0.62, R7900 before 1.0.2.16, R8000 before 1.0.4.18, R7900P before 1.4.1.42, R8000P before 1.4.1.42, R8300 before 1.0.2.116, R8500 before 1.0.2.116, WNDR3400v3 before 1.0.1.18, WNDR4500v2 before 1.0.0.68, and WNR3500Lv2 before 1.2.0.48.
1521 CVE-2019-20663 79 XSS 2020-04-15 2020-04-20
2.3
None Local Network Medium ??? None Partial None
Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.
1522 CVE-2019-20662 79 XSS 2020-04-15 2020-04-20
2.3
None Local Network Medium ??? None Partial None
Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.
1523 CVE-2019-20661 79 XSS 2020-04-15 2020-04-20
2.3
None Local Network Medium ??? None Partial None
Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.
1524 CVE-2019-20652 200 +Info 2020-04-15 2020-04-20
2.1
None Local Low Not required Partial None None
NETGEAR WAC505 devices before 8.2.1.16 are affected by disclosure of sensitive information.
1525 CVE-2019-20648 20 2020-04-15 2020-04-22
2.7
None Local Network Low ??? None Partial None
NETGEAR RN42400 devices before 6.10.2 are affected by incorrect configuration of security settings.
1526 CVE-2019-20647 DoS 2020-04-15 2020-04-17
2.7
None Local Network Low ??? None None Partial
NETGEAR RAX40 devices before 1.0.3.64 are affected by denial of service.
1527 CVE-2019-20625 200 +Info 2020-03-24 2020-03-26
2.1
None Local Low Not required Partial None None
An issue was discovered on Samsung mobile devices with N(7.1) and O(8.x) (Exynos chipsets) software. The ion debugfs driver allows information disclosure. The Samsung ID is SVE-2018-13427 (February 2019).
1528 CVE-2019-20615 20 Bypass 2020-03-24 2020-03-27
2.1
None Local Low Not required None Partial None
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. Attackers can bypass Factory Reset Protection (FRP) via SVoice T&C. The Samsung ID is SVE-2018-13547 (March 2019).
1529 CVE-2019-20598 200 +Info 2020-03-24 2020-03-26
2.1
None Local Low Not required Partial None None
An issue was discovered on Samsung mobile devices with O(8.x) software. Bixby leaks the keyboard's learned words, and the clipboard contents, via the lock screen. The Samsung IDs are SVE-2018-12896, SVE-2018-12897 (May 2019).
1530 CVE-2019-20595 306 2020-03-24 2020-08-24
2.1
None Local Low Not required None Partial None
An issue was discovered on Samsung mobile devices with P(9.0) software. Quick Panel allows enabling or disabling the Bluetooth stack without authentication. The Samsung ID is SVE-2019-14545 (July 2019).
1531 CVE-2019-20579 200 +Info 2020-03-24 2020-03-30
2.1
None Local Low Not required Partial None None
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Gallery allows attackers to enable Location information sharing from the lock screen. The Samsung ID is SVE-2019-14462 (August 2019).
1532 CVE-2019-20569 20 Bypass 2020-03-24 2020-03-27
2.1
None Local Low Not required None Partial None
An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via the status bar. The Samsung ID is SVE-2019-15089 (September 2019).
1533 CVE-2019-20559 200 +Info 2020-03-24 2020-03-27
2.1
None Local Low Not required Partial None None
An issue was discovered on Samsung mobile devices with P(9.0) software. Gallery allows viewing of photos on the lock screen. The Samsung ID is SVE-2019-15055 (October 2019).
1534 CVE-2019-20557 20 Bypass 2020-03-24 2020-03-27
2.1
None Local Low Not required None Partial None
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via a SIM card by blocking the PUK code. The Samsung ID is SVE-2019-15262 (October 2019).
1535 CVE-2019-20554 20 Bypass 2020-03-24 2020-03-25
2.1
None Local Low Not required None Partial None
An issue was discovered on Samsung mobile devices with O(8.x) software. Attackers can bypass Factory Reset Protection (FRP) via an external keyboard. The Samsung ID is SVE-2019-15164 (October 2019).
1536 CVE-2019-20550 200 +Info 2020-03-24 2020-03-26
2.1
None Local Low Not required Partial None None
An issue was discovered on Samsung mobile devices with O(8.x) (released in China and India) software. The S Secure app can access the content of a locked app without a password. The Samsung ID is SVE-2019-13805 (October 2019).
1537 CVE-2019-20543 Bypass 2020-03-24 2020-03-26
2.1
None Local Low Not required None Partial None
An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via SamsungPay mini. The Samsung ID is SVE-2019-15090 (November 2019).
1538 CVE-2019-20540 125 +Info 2020-03-24 2020-03-26
2.1
None Local Low Not required Partial None None
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. There is a buffer over-read and possible information leak in the core touch screen driver. The Samsung ID is SVE-2019-14942 (November 2019).
1539 CVE-2019-20535 2020-03-24 2020-03-27
2.1
None Local Low Not required None Partial None
An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) software. A connection to a new Bluetooth devices can be established from the lock screen. The Samsung ID is SVE-2019-15533 (December 2019).
1540 CVE-2019-20534 200 +Info 2020-03-24 2020-03-27
2.1
None Local Low Not required Partial None None
An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can view home-screen wallpaper by adjusting the brightness of a locked screen. The Samsung ID is SVE-2019-15540 (December 2019).
1541 CVE-2019-20533 287 2020-03-24 2020-03-26
2.1
None Local Low Not required None Partial None
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (released in China or India) software. The S Secure app can launch masked apps without a password. The Samsung ID is SVE-2019-13996 (December 2019).
1542 CVE-2019-20494 20 2020-03-17 2020-03-19
2.1
None Local Low Not required Partial None None
In cPanel before 82.0.18, Cpanel::Rand::Get can produce a predictable series of numbers (SEC-525).
1543 CVE-2019-20485 20 DoS 2020-03-19 2020-06-16
2.7
None Local Network Low ??? None None Partial
qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).
1544 CVE-2019-20422 755 2020-01-27 2020-03-13
2.1
None Local Low Not required None None Partial
In the Linux kernel before 5.3.4, fib6_rule_lookup in net/ipv6/ip6_fib.c mishandles the RT6_LOOKUP_F_DST_NOREF flag in a reference-count decision, leading to (for example) a crash that was identified by syzkaller, aka CID-7b09c2d052db.
1545 CVE-2019-20386 772 2020-01-21 2020-02-10
2.1
None Local Low Not required None None Partial
An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.
1546 CVE-2019-20384 281 2020-01-21 2020-01-29
2.1
None Local Low Not required None Partial None
Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners.
1547 CVE-2019-20382 401 2020-03-05 2020-07-26
2.7
None Local Network Low ??? None None Partial
QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.
1548 CVE-2019-19966 416 DoS 2019-12-25 2020-03-13
2.1
None Local Low Not required None None Partial
In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655.
1549 CVE-2019-19947 908 +Info 2019-12-24 2020-09-15
2.1
None Local Low Not required Partial None None
In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c.
1550 CVE-2019-19922 400 DoS 2019-12-22 2021-06-14
2.1
None Local Low Not required None None Partial
kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1. (In other words, although this slice expiration would typically be seen with benign workloads, it is possible that an attacker could calculate how many stray requests are required to force an entire Kubernetes cluster into a low-performance state caused by slice expiration, and ensure that a DDoS attack sent that number of stray requests. An attack does not affect the stability of the kernel; it only causes mismanagement of application execution.)
Total number of vulnerabilities : 4561   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 (This Page)32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.