CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1851 CVE-2019-8793 20 2019-12-18 2019-12-23
2.1
None Local Low Not required Partial None None
A consistency issue existed in deciding when to show the screen recording indicator. The issue was resolved with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2. A local user may be able to record the screen without a visible screen recording indicator.
1852 CVE-2019-8790 922 2020-10-27 2020-11-03
2.1
None Local Low Not required Partial None None
This issue was addresses by updating incorrect URLSession file descriptors management logic to match Swift 5.0. This issue is fixed in Swift 5.1.1 for Ubuntu. Incorrect management of file descriptors in URLSession could lead to inadvertent data disclosure.
1853 CVE-2019-8777 276 2020-10-27 2020-10-30
2.1
None Local Low Not required Partial None None
A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. A local attacker may be able to view contacts from the lock screen.
1854 CVE-2019-8775 200 +Info 2019-12-18 2019-12-23
2.1
None Local Low Not required None None Partial
The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 13.1 and iPadOS 13.1. A person with physical access to an iOS device may be able to access contacts from the lock screen.
1855 CVE-2019-8742 200 +Info 2019-12-18 2019-12-20
2.1
None Local Low Not required Partial None None
The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 13. A person with physical access to an iOS device may be able to access contacts from the lock screen.
1856 CVE-2019-8732 200 +Info 2020-10-27 2020-10-29
2.1
None Local Low Not required Partial None None
The issue was addressed with improved data deletion. This issue is fixed in iOS 13. Deleted calls remained visible on the device.
1857 CVE-2019-8730 200 +Info 2019-12-18 2020-02-10
2.1
None Local Low Not required Partial None None
The contents of locked notes sometimes appeared in search results. This issue was addressed with improved data cleanup. This issue is fixed in macOS Catalina 10.15. A local user may be able to view a user’s locked notes.
1858 CVE-2019-8708 2020-10-27 2020-10-30
2.1
None Local Low Not required Partial None None
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15, iOS 13. A local user may be able to check for the existence of arbitrary files.
1859 CVE-2019-8704 287 +Info 2019-12-18 2019-12-20
2.1
None Local Low Not required Partial None None
An authentication issue was addressed with improved state management. This issue is fixed in tvOS 13. A local user may be able to leak sensitive user information.
1860 CVE-2019-8692 125 2019-12-18 2019-12-19
2.1
None Local Low Not required Partial None None
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.6. An application may be able to read restricted memory.
1861 CVE-2019-8691 125 2019-12-18 2020-08-24
2.1
None Local Low Not required Partial None None
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.6. An application may be able to read restricted memory.
1862 CVE-2019-8682 306 2019-12-18 2019-12-20
2.1
None Local Low Not required None Partial None
The issue was addressed with improved UI handling. This issue is fixed in iOS 12.4, watchOS 5.3. A user may inadvertently complete an in-app purchase while on the lock screen.
1863 CVE-2019-8630 2019-12-18 2019-12-26
2.1
None Local Low Not required None Partial None
The issue was addressed with improved UI handling. This issue is fixed in iOS 12.3. The lock screen may show a locked icon after unlocking.
1864 CVE-2019-8599 200 +Info 2019-12-18 2019-12-20
2.1
None Local Low Not required Partial None None
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 12.3. A person with physical access to an iOS device may be able to see the email address used for iTunes.
1865 CVE-2019-8568 59 2019-12-18 2019-12-20
2.1
None Local Low Not required None Partial None
A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A local user may be able to modify protected parts of the file system.
1866 CVE-2019-8548 200 +Info 2019-12-18 2019-12-30
2.1
None Local Low Not required Partial None None
An issue existed where partially entered passcodes may not clear when the device went to sleep. This issue was addressed by clearing the passcode when a locked device sleeps. This issue is fixed in watchOS 5.2. A partially entered passcode may not clear when the device goes to sleep.
1867 CVE-2019-8546 200 +Info 2019-12-18 2019-12-30
2.1
None Local Low Not required Partial None None
An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A local user may be able to view sensitive user information.
1868 CVE-2019-8541 2019-12-18 2019-12-30
2.1
None Local Low Not required Partial None None
A privacy issue existed in motion sensor calibration. This issue was addressed with improved motion sensor processing. This issue is fixed in iOS 12.2, watchOS 5.2. A malicious app may be able to track users between installs.
1869 CVE-2019-8537 200 +Info 2019-12-18 2020-02-10
2.1
None Local Low Not required Partial None None
An access issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. A local user may be able to view a user’s locked notes.
1870 CVE-2019-8522 522 2019-12-18 2019-12-26
2.1
None Local Low Not required None Partial None
A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4. An encrypted volume may be unmounted and remounted by a different user without prompting for the password.
1871 CVE-2019-8520 125 2019-12-18 2019-12-20
2.1
None Local Low Not required Partial None None
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Mojave 10.14.4. A malicious application may be able to read restricted memory.
1872 CVE-2019-8519 125 2019-12-18 2019-12-26
2.1
None Local Low Not required Partial None None
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Mojave 10.14.4. An application may be able to read restricted memory.
1873 CVE-2019-8510 125 2019-12-18 2019-12-22
2.1
None Local Low Not required Partial None None
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout.
1874 CVE-2019-8507 20 Mem. Corr. 2019-12-18 2019-12-20
2.1
None Local Low Not required None None Partial
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.4. Processing malicious data may lead to unexpected application termination.
1875 CVE-2019-8504 665 2019-12-18 2020-08-24
2.1
None Local Low Not required Partial None None
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A local user may be able to read kernel memory.
1876 CVE-2019-8453 426 DoS 2019-04-17 2019-04-23
2.1
None Local Low Not required None None Partial
Some of the DLLs loaded by Check Point ZoneAlarm up to 15.4.062 are taken from directories where all users have write permissions. This can allow a local attacker to replace a DLL file with a malicious one and cause Denial of Service to the client.
1877 CVE-2019-8350 522 +Info 2019-05-13 2020-08-24
2.1
None Local Low Not required Partial None None
The Simple - Better Banking application 2.45.0 through 2.45.3 (fixed in 2.46.0) for Android was affected by an information disclosure vulnerability that leaked the user's password to the keyboard autocomplete functionality. Third-party Android keyboards that capture the password may store this password in cleartext, or transmit the password to third-party services for keyboard customization purposes. A compromise of any datastore that contains keyboard autocompletion caches would result in the disclosure of the user's Simple Bank password.
1878 CVE-2019-8339 416 Bypass 2019-05-17 2019-05-28
2.1
None Local Low Not required None None Partial
An issue was discovered in Falco through 0.14.0. A missing indicator for insufficient resources allows local users to bypass the detection engine.
1879 CVE-2019-8282 346 2019-06-07 2020-10-22
2.6
None Remote High Not required None Partial None
Gemalto Admin Control Center, all versions prior to 7.92, uses cleartext HTTP to communicate with www3.safenet-inc.com to obtain language packs. This allows attacker to do man-in-the-middle (MITM) attack and replace original language pack by malicious one.
1880 CVE-2019-7729 732 2019-02-22 2020-08-24
2.1
None Local Low Not required Partial None None
An issue was discovered in the Bosch Smart Camera App before 1.3.1 for Android. Due to setting of insecure permissions, a malicious app could potentially succeed in retrieving video clips or still images that have been cached for clip sharing. (The Bosch Smart Home App is not affected. iOS Apps are not affected.)
1881 CVE-2019-7317 416 2019-02-04 2019-08-01
2.6
None Remote High Not required None None Partial
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
1882 CVE-2019-7309 2019-02-03 2020-08-24
2.1
None Local Low Not required None None Partial
In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.
1883 CVE-2019-7293 787 Mem. Corr. 2019-12-18 2020-08-24
2.1
None Local Low Not required Partial None None
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A local user may be able to read kernel memory.
1884 CVE-2019-7289 22 Dir. Trav. 2019-12-18 2020-08-24
2.1
None Local Low Not required Partial None None
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Shortcuts 2.1.3 for iOS. A local user may be able to view senstive user information.
1885 CVE-2019-7231 119 Overflow 2019-06-24 2019-10-09
2.7
None Local Network Low ??? None None Partial
The ABB IDAL FTP server is vulnerable to a buffer overflow when a long string is sent by an authenticated attacker. This overflow is handled, but terminates the process. An authenticated attacker can send a FTP command string of 472 bytes or more to overflow a buffer, causing an exception that terminates the server.
1886 CVE-2019-7222 +Info 2019-03-21 2020-08-24
2.1
None Local Low Not required Partial None None
The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.
1887 CVE-2019-7006 310 2019-02-27 2019-10-09
2.1
None Local Low Not required Partial None None
Avaya one-X Communicator uses weak cryptographic algorithms in the client authentication component that could allow a local attacker to decrypt sensitive information. Affected versions include all 6.2.x versions prior to 6.2 SP13.
1888 CVE-2019-6744 287 +Info 2020-02-10 2020-10-19
2.1
None Local Low Not required Partial None None
This vulnerability allows local attackers to disclose sensitive information on affected installations of Samsung Knox 1.2.02.39 on Samsung Galaxy S9 build G9600ZHS3ARL1 Secure Folder. An attacker must first obtain physical access to the device in order to exploit this vulnerability. The specific flaws exists within the the handling of the lock screen for Secure Folder. The issue results from the lack of proper validation that a user has correctly authenticated. An attacker can leverage this vulnerability to disclose the contents of the secure container. Was ZDI-CAN-7381.
1889 CVE-2019-6670 312 2019-11-27 2019-12-12
2.1
None Local Low Not required Partial None None
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5, vCMP hypervisors are incorrectly exposing the plaintext unit key for their vCMP guests on the filesystem.
1890 CVE-2019-6632 310 2019-07-03 2019-07-11
2.1
None Local Low Not required Partial None None
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, under certain circumstances, attackers can decrypt configuration items that are encrypted because the vCMP configuration unit key is generated with insufficient randomness. The attack prerequisite is direct access to encrypted configuration and/or UCS files.
1891 CVE-2019-6601 269 2019-03-13 2020-08-24
2.1
None Local Low Not required Partial None None
In BIG-IP 13.0.0, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, the Application Acceleration Manager (AAM) wamd process used in processing of images and PDFs fails to drop group permissions when executing helper scripts.
1892 CVE-2019-6588 79 XSS 2019-06-03 2019-06-12
2.6
None Remote High Not required None Partial None
In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input into the "url" parameter of the JSP taglib call <liferay-ui:captcha url="<%= url %>" /> or <liferay-captcha:captcha url="<%= url %>" />. Liferay Portal out-of-the-box behavior with no customizations is not vulnerable.
1893 CVE-2019-6567 522 2019-06-12 2021-02-09
2.1
None Local Low Not required Partial None None
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All Versions < V5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X-414-3E (All versions). The affected devices store passwords in a recoverable format. An attacker may extract and recover device passwords from the device configuration. Successful exploitation requires access to a device configuration backup and impacts confidentiality of the stored passwords.
1894 CVE-2019-6501 125 2019-03-21 2019-08-06
2.1
None Local Low Not required None None Partial
In QEMU 3.1, scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations.
1895 CVE-2019-6493 401 2019-04-11 2020-08-24
2.1
None Local Low Not required Partial None None
SmartDefragDriver.sys (2.0) in IObit Smart Defrag 6 never frees an executable kernel pool that is allocated with user defined bytes and size when IOCTL 0x9C401CC0 is called. This kernel pointer can be leaked if the kernel pool becomes a "big" pool.
1896 CVE-2019-6492 401 2019-03-21 2020-08-24
2.1
None Local Low Not required Partial None None
SmartDefragDriver.sys (2.0) in IObit Smart Defrag 6 never frees an executable kernel pool that is allocated with user defined bytes and size when IOCTL 0x9C401CC4 is called. This kernel pointer can be leaked if the kernel pool becomes a "big" pool.
1897 CVE-2019-6331 200 +Info 2020-01-09 2020-01-15
2.1
None Local Low Not required Partial None None
An issue was found in Samsung Mobile Print (Android) versions prior to 4.08.007. A potential security vulnerability caused by incomplete obfuscation of application configuration information.
1898 CVE-2019-6207 125 2019-12-18 2019-12-22
2.1
None Local Low Not required Partial None None
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout.
1899 CVE-2019-6195 269 Bypass 2020-02-14 2020-03-04
2.1
None Remote High ??? Partial None None
An authorization bypass exists in Lenovo XClarity Controller (XCC) versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid authenticated user with lesser privileges may be granted read-only access to higher-privileged information if 1) “LDAP Authentication Only with Local Authorization” mode is configured and used by XCC, and 2) a lesser privileged user logs into XCC within 1 minute of a higher privileged user logging out. The authorization bypass does not exist when “Local Authentication and Authorization” or “LDAP Authentication and Authorization” modes are configured and used by XCC.
1900 CVE-2019-6192 120 DoS Overflow 2019-12-10 2019-12-18
2.1
None Local Low Not required None None Partial
A potential vulnerability has been reported in Lenovo Power Management Driver versions prior to 1.67.17.48 leading to a buffer overflow which could cause a denial of service.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.