https://web.nvd.nist.gov/view/vuln/search This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database. 2019-10-05T20:00:33Z en-us This material is not copywritten and may be freely used, however, attribution is requested. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18636 CDG through 2017-01-01 allows downloadDocument.jsp?command=download&pathAndName= directory traversal. 2019-09-30T13:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14468 The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print(). 2019-10-03T16:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14879 The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file(). 2019-10-03T16:15:12Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14880 The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr(). 2019-10-03T16:15:12Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14881 The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART). 2019-10-03T16:15:12Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14882 The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c. 2019-10-03T16:15:12Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16227 The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield. 2019-10-03T16:15:12Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16228 The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix(). 2019-10-03T16:15:12Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16229 The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option(). 2019-10-03T16:15:12Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16230 The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI). 2019-10-03T16:15:12Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16451 The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN. 2019-10-03T16:15:12Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16452 The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion. 2019-10-03T16:15:12Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19592 The "CLink4Service" service is installed with Corsair Link 4.9.7.35 with insecure permissions by default. This allows unprivileged users to take control of the service and execute commands in the context of NT AUTHORITY\SYSTEM, leading to total system takeover, a similar issue to CVE-2018-12441. 2019-09-27T16:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9425 In Platform, there is a possible bypass of user interaction requirements due to missing permission checks. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-73884967 2019-09-27T19:15:12Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9581 In WiFi, the RSSI value and SSID information is broadcast as part of android.net.wifi.RSSI_CHANGE and android.net.wifi.STATE_CHANGE intents. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111698366 2019-09-27T19:15:12Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10409 A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates. 2019-09-25T16:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10432 Jenkins HTML Publisher Plugin 1.20 and earlier did not escape the project and build display names in the HTML report frame, resulting in a cross-site scripting vulnerability exploitable by users able to change those. 2019-10-01T14:15:23Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10433 Jenkins Dingding[??] Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. 2019-10-01T14:15:28Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10434 Jenkins LDAP Email Plugin transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. 2019-10-01T14:15:30Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10435 Jenkins SourceGear Vault Plugin transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. 2019-10-01T14:15:31Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10489 Possible null-pointer dereference can occur while parsing avi clip during copy in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20 2019-09-30T16:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10492 Boot image not getting verified by AVB in Snapdragon Auto, Snapdragon Mobile, Snapdragon Wearables in MDM9607, MSM8909W, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 820, SD 820A, SDM439 2019-09-30T16:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10497 Use after free issue occurs If another instance of open for voice_svc node has been called from application without closing the previous one. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 2019-09-30T16:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10498 Buffer overflow scenario if the client sends more than 5 io_vec requests to the server in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 2019-09-30T16:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10499 Improper validation of read and write index of tx and rx fifo`s before using for data copy from fifo can lead to out-of-bound access. in Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, QCS405, SD 665, SD 675, SD 730, SD 855 2019-09-30T16:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10501 Possible use after free issue due to improper input validation in volume listener library in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 2019-09-30T16:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10506 While processing QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY vendor command, driver does not validate the data obtained from the user space which could be invalid and thus leads to an undesired behaviour in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS605, SD 600, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM630, SDM660, SDX24 2019-09-30T16:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10507 Lack of check of extscan change results received from firmware can lead to an out of buffer read in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS605, SD 210/SD 212/SD 205, SD 425, SD 430, SD 600, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24 2019-09-30T16:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10508 Lack of input validation for data received from user space can lead to OOB access in WLAN in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 430, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 650/52, SD 820A, SDX20 2019-09-30T16:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10509 Device record of the pairing device used after free during ACL disconnection in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016 2019-09-30T16:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10510 BT process died and BT toggled due to null pointer dereference when invalid vendor pass through command sent from remote in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS405, QCS605, SD 636, SD 675, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM630, SDM660 2019-09-30T16:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10538 Lack of check of address range received from firmware response allows modem to respond arbitrary pages into its address range which can compromise HLOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM660, SDX20, SDX24 2019-09-30T16:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10539 Possible buffer overflow issue due to lack of length check when parsing the extended cap IE header length in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574, QCA6574AU, QCA6584, QCA8081, QCA9379, QCS404, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, SXR1130 2019-09-30T16:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10540 Buffer overflow in WLAN NAN function due to lack of check of count value received in NAN availability attribute in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8074, MSM8996AU, QCA6174A, QCA6574AU, QCA8081, QCA9377, QCA9379, QCS404, QCS405, QCS605, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SXR1130 2019-09-30T16:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11279 CF UAA versions prior to 74.1.0 can request scopes for a client that shouldn't be allowed by submitting an array of requested scopes. A remote malicious user can escalate their own privileges to any scope, allowing them to take control of UAA and the resources it controls. 2019-09-26T22:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11733 When a master password is set, it is required to be entered again before stored passwords can be accessed in the 'Saved Logins' dialog. It was found that locally stored passwords can be copied to the clipboard thorough the 'copy password' context menu item without re-entering the master password if the master password had been previously entered in the same session, allowing for potential theft of stored passwords. This vulnerability affects Firefox < 68.0.2 and Firefox ESR < 68.0.2. 2019-09-27T18:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11734 Mozilla developers and community members reported memory safety bugs present in Firefox 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69. 2019-09-27T18:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11735 Mozilla developers and community members reported memory safety bugs present in Firefox 68 and Firefox ESR 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. 2019-09-27T18:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11736 The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory, allowing for the replacement of local files, including the Maintenance Service executable, which is run with privileged access. Additionally, there was a race condition during checks for junctions and symbolic links by the Maintenance Service, allowing for potential local file and directory manipulation to be undetected in some circumstances. This allows for potential privilege escalation by a user with unprivileged local access. <br>*Note: These attacks requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. 2019-09-27T18:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11737 If a wildcard ('*') is specified for the host in Content Security Policy (CSP) directives, any port or path restriction of the directive will be ignored, leading to CSP directives not being properly applied to content. This vulnerability affects Firefox < 69. 2019-09-27T18:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11738 If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. 2019-09-27T18:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11739 Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 68.1 and Thunderbird < 60.9. 2019-09-27T18:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11740 Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1. 2019-09-27T18:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11741 A compromised sandboxed content process can perform a Universal Cross-site Scripting (UXSS) attack on content from any site it can cause to be loaded in the same process. Because addons.mozilla.org and accounts.firefox.com have close ties to the Firefox product, malicious manipulation of these sites within the browser can potentially be used to modify a user's Firefox configuration. These two sites will now be isolated into their own process and not allowed to be loaded in a standard content process. This vulnerability affects Firefox < 69. 2019-09-27T18:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11742 A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a <canvas> element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1. 2019-09-27T18:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11743 Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to only be same-origin. This resulted in potential cross-origin information exposure of history through timing side-channel attacks. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1. 2019-09-27T18:15:12Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11744 Some HTML elements, such as <title> and <textarea>, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if a site does not filter user input as strictly for these elements as it does for other elements. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1. 2019-09-27T18:15:12Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11746 A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1. 2019-09-27T18:15:12Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11747 The "Forget about this site" feature in the History pane is intended to remove all saved user data that indicates a user has visited a site. This includes removing any HTTP Strict Transport Security (HSTS) settings received from sites that use it. Due to a bug, sites on the pre-load list also have their HSTS setting removed. On the next visit to that site if the user specifies an http: URL rather than secure https: they will not be protected by the pre-loaded HSTS setting. After that visit the site's HSTS setting will be restored. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. 2019-09-27T18:15:12Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11748 WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. In light of recent high profile vulnerabilities in other software, a decision was made to no longer persist these permissions. This avoids the possibility of trusted WebRTC resources being invisibly embedded in web content and abusing permissions previously given by users. Users will now be prompted for permissions on each use. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. 2019-09-27T18:15:12Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11749 A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUserMedia API using constraints to reveal device properties of cameras on the system without triggering a user prompt or notification. This allows for the potential fingerprinting of users. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. 2019-09-27T18:15:12Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11750 A type confusion vulnerability exists in Spidermonkey, which results in a non-exploitable crash. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. 2019-09-27T18:15:13Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11751 Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application. This can be used to write a log file to an arbitrary location such as the Windows 'Startup' folder. <br>*Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. 2019-09-27T18:15:13Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11752 It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1. 2019-09-27T18:15:13Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11753 The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware. If the Mozilla Maintenance Service is manipulated to update this unprotected location and the updated maintenance service in the unprotected location has been altered, the altered maintenance service can run with elevated privileges during the update process due to a lack of integrity checks. This allows for privilege escalation if the executable has been replaced locally. <br>*Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Firefox < 69, Firefox ESR < 60.9, and Firefox ESR < 68.1. 2019-09-27T18:15:13Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11754 When the pointer lock is enabled by a website though requestPointerLock(), no user notification is given. This could allow a malicious website to hijack the mouse pointer and confuse users. This vulnerability affects Firefox < 69.0.1. 2019-09-27T18:15:13Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11755 A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital signature, although the signer might have had no access to the contents of the encrypted message, and might have stripped a different signature from the encrypted message. Previous versions had only suppressed showing a digital signature for messages with an outer multipart/signed layer. This vulnerability affects Thunderbird < 68.1.1. 2019-09-27T18:15:14Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11927 An integer overflow in WhatsApp media parsing libraries allows a remote attacker to perform an out-of-bounds write on the heap via specially-crafted EXIF tags in WEBP images. This issue affects WhatsApp for Android before version 2.19.143 and WhatsApp for iOS before version 2.19.100. 2019-09-27T21:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12646 A vulnerability in the Network Address Translation (NAT) Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper processing of transient SIP packets on which NAT is performed on an affected device. An attacker could exploit this vulnerability by using UDP port 5060 to send crafted SIP packets through an affected device that is performing NAT for SIP packets. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition. 2019-09-25T20:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12647 A vulnerability in the Ident protocol handler of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability exists because the affected software incorrectly handles memory structures, leading to a NULL pointer dereference. An attacker could exploit this vulnerability by opening a TCP connection to specific ports and sending traffic over that connection. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. 2019-09-25T20:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12648 A vulnerability in the IOx application environment for Cisco IOS Software could allow an authenticated, remote attacker to gain unauthorized access to the Guest Operating System (Guest OS) running on an affected device. The vulnerability is due to incorrect role-based access control (RBAC) evaluation when a low-privileged user requests access to a Guest OS that should be restricted to administrative accounts. An attacker could exploit this vulnerability by authenticating to the Guest OS by using the low-privileged-user credentials. An exploit could allow the attacker to gain unauthorized access to the Guest OS as a root user. 2019-09-25T20:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12649 A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. The vulnerability exists because, under certain circumstances, an affected device can be configured to not verify the digital signatures of system image files during the boot process. An attacker could exploit this vulnerability by abusing a specific feature that is part of the device boot process. A successful exploit could allow the attacker to install and boot a malicious software image or execute unsigned binaries on the targeted device. 2019-09-25T20:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12652 A vulnerability in the ingress packet processing function of Cisco IOS Software for Cisco Catalyst 4000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper resource allocation when processing TCP packets directed to the device on specific Cisco Catalyst 4000 Series Switches. An attacker could exploit this vulnerability by sending crafted TCP streams to an affected device. A successful exploit could cause the affected device to run out of buffer resources, impairing operations of control plane and management plane protocols, resulting in a DoS condition. This vulnerability can be triggered only by traffic that is destined to an affected device and cannot be exploited using traffic that transits an affected device. 2019-09-25T21:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12653 A vulnerability in the Raw Socket Transport feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper parsing of Raw Socket Transport payloads. An attacker could exploit this vulnerability by establishing a TCP session and then sending a malicious TCP segment via IPv4 to an affected device. This cannot be exploited via IPv6, as the Raw Socket Transport feature does not support IPv6 as a network layer protocol. 2019-09-25T21:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12654 A vulnerability in the common Session Initiation Protocol (SIP) library of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient sanity checks on an internal data structure. An attacker could exploit this vulnerability by sending a sequence of malicious SIP messages to an affected device. An exploit could allow the attacker to cause a NULL pointer dereference, resulting in a crash of the iosd process. This triggers a reload of the device. 2019-09-25T21:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12655 A vulnerability in the FTP application layer gateway (ALG) functionality used by Network Address Translation (NAT), NAT IPv6 to IPv4 (NAT64), and the Zone-Based Policy Firewall (ZBFW) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a buffer overflow that occurs when an affected device inspects certain FTP traffic. An attacker could exploit this vulnerability by performing a specific FTP transfer through the device. A successful exploit could allow the attacker to cause the device to reload. 2019-09-25T21:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12656 A vulnerability in the IOx application environment of multiple Cisco platforms could allow an unauthenticated, remote attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a denial of service (DoS) condition. The vulnerability is due to a Transport Layer Security (TLS) implementation issue. An attacker could exploit this vulnerability by sending crafted TLS packets to the IOx web server on an affected device. A successful exploit could allow the attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a DoS condition. 2019-09-25T21:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12657 A vulnerability in Unified Threat Defense (UTD) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper validation of IPv6 packets through the UTD feature. An attacker could exploit this vulnerability by sending IPv6 traffic through an affected device that is configured with UTD. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. 2019-09-25T21:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12658 A vulnerability in the filesystem resource management code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to exhaust filesystem resources on an affected device and cause a denial of service (DoS) condition. The vulnerability is due to ineffective management of the underlying filesystem resources. An attacker could exploit this vulnerability by performing specific actions that result in messages being sent to specific operating system log files. A successful exploit could allow the attacker to exhaust available filesystem space on an affected device. This could cause the device to crash and reload, resulting in a DoS condition for clients whose network traffic is transiting the device. Upon reload of the device, the impacted filesystem space is cleared, and the device will return to normal operation. However, continued exploitation of this vulnerability could cause subsequent forced crashes and reloads, which could lead to an extended DoS condition. 2019-09-25T21:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12659 A vulnerability in the HTTP server code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the HTTP server to crash. The vulnerability is due to a logical error in the logging mechanism. An attacker could exploit this vulnerability by generating a high amount of long-lived connections to the HTTP service on the device. A successful exploit could allow the attacker to cause the HTTP server to crash. 2019-09-25T21:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12660 A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to write values to the underlying memory of an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to modify the configuration of the device to cause it to be non-secure and abnormally functioning. 2019-09-25T21:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12661 A vulnerability in a Virtualization Manager (VMAN) related CLI command of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific VMAN CLI command on the affected device. An attacker who has administrator access to an affected device could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges, which may lead to complete system compromise. 2019-09-25T21:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12662 A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is due to improper signature verification during the installation of an Open Virtual Appliance (OVA) image. An authenticated, local attacker could exploit this vulnerability and load a malicious, unsigned OVA image on an affected device. A successful exploit could allow an attacker to perform code execution on a crafted software OVA image. 2019-09-25T21:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12669 A vulnerability in the RADIUS Change of Authorization (CoA) code of Cisco TrustSec, a feature within Cisco IOS XE Software, could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of a malformed packet. An attacker could exploit this vulnerability by sending a malformed packet to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device. 2019-09-25T21:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12670 A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker within the IOx Guest Shell to modify the namespace container protections on an affected device. The vulnerability is due to insufficient file permissions. An attacker could exploit this vulnerability by modifying files that they should not have access to. A successful exploit could allow the attacker to remove container protections and perform file actions outside the namespace of the container. 2019-09-25T21:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12671 A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system (OS). The vulnerability is due to insufficient enforcement of the consent token in authorizing shell access. An attacker could exploit this vulnerability by authenticating to the CLI and requesting shell access on an affected device. A successful exploit could allow the attacker to gain shell access on the affected device and execute commands on the underlying OS. 2019-09-25T21:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12736 JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection. 2019-10-02T19:15:14Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13123 Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs involving 3 functions exhausting available stack memory because of Uncontrolled Recursion in the V8 JavaScript engine (issue 1 of 2). 2019-09-30T20:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13124 Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs involving 3 functions exhausting available stack memory because of Uncontrolled Recursion in the V8 JavaScript engine (issue 2 of 2). 2019-09-30T20:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13466 Western Digital SSD Dashboard before 2.5.1.0 and SanDisk SSD Dashboard before 2.5.1.0 have Incorrect Access Control. The ?generate reports? archive is protected with a hard-coded password. An application update that addresses the protection of archive encryption is available. 2019-09-30T18:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13467 Description: Western Digital SSD Dashboard before 2.5.1.0 and SanDisk SSD Dashboard before 2.5.1.0 applications are potentially vulnerable to man-in-the-middle attacks when the applications download resources from the Dashboard web service. This vulnerability may allow an attacker to substitute downloaded resources with arbitrary files. 2019-09-30T19:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13523 In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), which can be accessed without authentication over the network. Affected performance IP Cameras: HBD3PR2,H4D3PRV3,HED3PR3,H4D3PRV2,HBD3PR1,H4W8PR2,HBW8PR2,H2W2PC1M,H2W4PER3,H2W2PER3,HEW2PER3,HEW4PER3B,HBW2PER1,HEW4PER2,HEW4PER2B,HEW2PER2,H4W2PER2,HBW2PER2,H4W2PER3, and HPW2P1. Affected Performance Series NVRs: HEN08104,HEN08144,HEN081124,HEN16104,HEN16144,HEN16184,HEN16204,HEN162244,HEN16284,HEN16304,HEN16384,HEN32104,HEN321124,HEN32204,HEN32284,HEN322164,HEN32304, HEN32384,HEN323164,HEN64204,HEN64304,HEN643164,HEN643324,HEN643484,HEN04103,HEN04113,HEN04123,HEN08103,HEN08113,HEN08123,HEN08143,HEN16103,HEN16123,HEN16143,HEN16163,HEN04103L,HEN08103L,HEN16103L,HEN32103L. 2019-09-26T16:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13957 In Umbraco 7.3.8, there is SQL Injection in the backoffice/PageWApprove/PageWApproveApi/GetInpectSearch method via the nodeName parameter. 2019-10-02T19:15:14Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14454 SuiteCRM 7.11.x and 7.10.x before 7.11.8 and 7.10.20 is vulnerable to vertical privilege escalation. 2019-10-02T12:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14666 GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature. The lack of correct validation leads to recovery of the token generated via the password reset functionality, and thus an authenticated attacker can set an arbitrary password for any user. This vulnerability can be exploited to take control of admin account. This vulnerability could be also abused to obtain other sensitive fields like API keys or password hashes. 2019-09-25T20:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14752 SuiteCRM 7.10.x and 7.11.x before 7.10.20 and 7.11.8 has XSS. 2019-09-30T13:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14844 A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". A remote unauthenticated user could use this flaw to crash the KDC. 2019-09-26T12:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14952 JetBrains YouTrack versions before 2019.1.52584 had a possible XSS in the issue titles. 2019-10-01T14:15:32Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14953 JetBrains YouTrack versions before 2019.2.53938 had a possible XSS through issue attachments when using the Firefox browser. 2019-10-01T16:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14956 JetBrains YouTrack before 2019.2.53938 was using incorrect settings, allowing a user without necessary permissions to get other project names. 2019-10-02T19:15:14Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14959 JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection. 2019-10-02T19:15:14Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14961 JetBrains Upsource before 2019.1.1412 was not properly escaping HTML tags in a code block comments, leading to XSS. 2019-10-01T17:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-15036 An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could execute any command on the server machine. The issue was fixed in TeamCity 2018.2.5 and 2019.1. 2019-10-02T19:15:15Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-15037 An issue was discovered in JetBrains TeamCity 2018.2.4. It had several XSS vulnerabilities on the settings pages. The issues were fixed in TeamCity 2019.1. 2019-10-02T19:15:15Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-15039 An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2018.2.5 and 2019.1. 2019-10-01T14:15:38Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-15040 JetBrains YouTrack versions before 2019.1 had a CSRF vulnerability on the settings page. 2019-10-02T19:15:15Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-15067 An authentication bypass vulnerability discovered in Smart Battery A2-25DE, a multifunctional portable charger, firmware version ?<= SECFS-2013-10-16-13:42:58-629c30ee-60c68be6. An attacker can bypass authentication and gain privilege by modifying the login page. 2019-09-25T19:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-15166 lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks. 2019-10-03T17:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-15810 Insufficient sanitization during device search in Netdisco 2.042010 allows for reflected XSS via manipulation of a URL parameter. 2019-09-30T17:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-15862 An issue was discovered in CKFinder through 2.6.2.1. Improper checks of file names allows remote attackers to upload files without any extension (even if the application was configured to accept files only with a defined set of extensions). This affects CKFinder for ASP, CKFinder for ASP.NET, CKFinder for ColdFusion, and CKFinder for PHP. 2019-09-26T21:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-15891 An issue was discovered in CKFinder through 2.6.2.1 and 3.x through 3.5.0. The documentation has misleading information that could lead to a conclusion that the application has a built-in bulletproof content sniffing protection. 2019-09-26T21:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-15940 Victure PC530 devices allow unauthenticated TELNET access as root. 2019-10-01T13:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-15941 OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect authorization request. To be vulnerable, there must exist an OIDC Relaying party within the LemonLDAP configuration with weaker access control rules than the target RP, and no filtering on redirection URIs. 2019-09-25T20:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16171 In JetBrains YouTrack through 2019.2.56594, stored XSS was found on the issue page. 2019-10-02T19:15:15Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16253 The Text-to-speech Engine (aka SamsungTTS) application before 3.0.02.7 and 3.0.00.101 for Android allows a local attacker to escalate privileges, e.g., to system privileges. The Samsung case ID is 101755. 2019-09-25T23:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16276 Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling. 2019-09-30T19:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16409 In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. (Users who upgrade from SilverStripe 3.x to 4.x and had Versioned Files installed have no further need for this module, because the 4.x release has built-in versioning. However, nothing in the upgrade process automates the destruction of these insecure artefacts, nor alerts the user to the criticality of destruction.) 2019-09-26T16:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16414 A DOM based XSS in GFI Kerio Control v9.3.0 allows embedding of malicious code and manipulating the login page to send back a victim's cleartext credentials to an attacker via a login/?reason=failure&NTLM= URI. 2019-09-30T13:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16524 The easy-fancybox plugin before 1.8.18 for WordPress (aka Easy FancyBox) is susceptible to Stored XSS in the Settings Menu inc/class-easyfancybox.php due to improper encoding of arbitrarily submitted settings parameters. This occurs because there is no inline styles output filter. 2019-09-26T16:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16676 Plataformatec Simple Form has Incorrect Access Control in file_method? in lib/simple_form/form_builder.rb, because a user-supplied string is invoked as a method call. 2019-09-30T12:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16683 An issue was discovered in the image-manager in Xoops 2.5.10. When the breadcrumb showing the category name is hovered over while editing any image, a JavaScript payload executes. 2019-09-30T16:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16684 An issue was discovered in the image-manager in Xoops 2.5.10. When any image with a JavaScript payload as its name is hovered over in the list or in the Edit page, the payload executes. 2019-09-30T16:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16685 Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation. 2019-09-27T20:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16686 Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin. 2019-09-27T20:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16687 Dolibarr 9.0.5 has stored XSS in a User Profile in a Signature section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation. 2019-09-27T20:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16688 Dolibarr 9.0.5 has stored XSS in an Email Template section to mails_templates.php. A user with no privileges can inject script to attack the admin. (This stored XSS can affect all types of user privilege from Admin to users with no permissions.) 2019-09-27T20:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16743 eBrigade before 5.0 has evenement_ical.php evenement SQL Injection. 2019-09-30T13:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16744 eBrigade before 5.0 has evenements.php cid SQL Injection. 2019-09-30T13:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16745 eBrigade before 5.0 has evenement_choice.php chxCal SQL Injection. 2019-09-30T13:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16755 BMC Remedy ITSM Suite is prone to unspecified vulnerabilities in both DWP and SmartIT components, which can permit remote attackers to perform pre-authenticated remote commands execution on the Operating System running the targeted application. Affected DWP versions: versions: 3.x to 18.x, all versions, service packs, and patches are affected by this vulnerability. Affected SmartIT versions: 1.x, 2.0, 18.05, 18.08, and 19.02, all versions, service packs, and patches are affected by this vulnerability. 2019-09-26T16:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16889 Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause a denial of service (disk consumption) because *.cache files in /var/run/beaker/container_file/ are created when providing a valid length payload of 249 characters or fewer to the beaker.session.id cookie in a GET header. The attacker can use a long series of unique session IDs. 2019-09-25T20:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16892 In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service (disk consumption). 2019-09-25T22:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16910 Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.) 2019-09-26T13:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16920 Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. 2019-09-27T12:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16922 SuiteCRM 7.10.x before 7.10.20 and 7.11.x before 7.11.8 allows unintended public exposure of files. 2019-09-27T16:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16924 The Nulock application 1.5.0 for mobile devices sends a cleartext password over Bluetooth, which allows remote attackers (after sniffing the network) to take control of the lock. 2019-09-27T18:15:14Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16925 Flower 0.9.3 has XSS via the name parameter in an @app.task call. 2019-09-28T00:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16926 Flower 0.9.3 has XSS via a crafted worker name. 2019-09-28T00:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16927 Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc, a different vulnerability than CVE-2019-9877. 2019-09-27T20:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16928 Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command. 2019-09-27T21:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16930 Zcashd in Zcash before 2.0.7-3 allows discovery of the IP address of a full node that owns a shielded address, related to mishandling of exceptions during deserialization of note plaintexts. This affects anyone who has disclosed their zaddr to a third party. 2019-09-28T22:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16932 A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data. 2019-09-30T16:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16935 The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server. 2019-09-28T02:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16941 NSA Ghidra through 9.0.4, when experimental mode is enabled, allows arbitrary code execution if the Read XML Files feature of Bit Patterns Explorer is used with a modified XML document. This occurs in Features/BytePatterns/src/main/java/ghidra/bitpatterns/info/FileBitPatternInfoReader.java. An attack could start with an XML document that was originally created by DumpFunctionPatternInfoScript but then directly modified by an attacker (for example, to make a java.lang.Runtime.exec call). 2019-09-28T16:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16993 In phpBB before 3.1.7-PL1, includes/acp/acp_bbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting them. 2019-09-30T12:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16994 In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a. 2019-09-30T13:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16995 In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d. 2019-09-30T13:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16996 In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/product_admin.class.php via the admin/?n=product&c=product_admin&a=dopara&app_type=shop id parameter. 2019-09-30T13:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16997 In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/language/admin/language_general.class.php via the admin/?n=language&c=language_general&a=doExportPack appno parameter. 2019-09-30T13:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16999 CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status field in JSON data to the api/osinstall/v1/device/getNumByStatus URI. 2019-09-30T13:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17040 contrib/pmdb2diag/pmdb2diag.c in Rsyslog v8.1908.0 allows out-of-bounds access because the level length is mishandled. 2019-09-30T14:15:14Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17045 Ilch 2.1.22 allows stored XSS via the title, text, or email id to the Jobs Tab. 2019-09-30T15:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17046 Ilch 2.1.22 allows remote code execution because php is listed under "Allowed files" on the index.php/admin/media/settings/index page. 2019-09-30T15:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17049 NETGEAR SRX5308 4.3.5-3 devices allow SQL Injection, as exploited in the wild in September 2019 to add a new user account. 2019-09-30T19:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17050 An issue was discovered in the Voyager package through 1.2.7 for Laravel. An attacker with admin privileges and Compass access can read or delete arbitrary files, such as the .env file. NOTE: a software maintainer has suggested a solution in which Compass is switched off in a production environment. 2019-09-30T19:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17051 Evernote before 7.13 GA on macOS allows code execution because the com.apple.quarantine attribute is not used for attachment files, as demonstrated by a one-click attack involving a drag-and-drop operation on a crafted Terminal file. 2019-09-30T20:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17073 emlog through 6.0.0beta allows remote authenticated users to delete arbitrary files via admin/template.php?action=del&tpl=../ directory traversal. 2019-10-01T20:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2055 In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113164693 2019-09-27T19:15:12Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2059 In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118386824 2019-09-27T19:15:13Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2060 In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112709994 2019-09-27T19:15:13Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2061 In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112610994 2019-09-27T19:15:13Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2062 In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117660045 2019-09-27T19:15:13Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2063 In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116019594 2019-09-27T19:15:13Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2064 In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116469592 2019-09-27T19:15:13Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2065 In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118143575 2019-09-27T19:15:13Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2066 In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117100617 2019-09-27T19:15:13Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2067 In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116114402 2019-09-27T19:15:13Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2068 In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117099943 2019-09-27T19:15:13Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2069 In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117832864 2019-09-27T19:15:13Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2070 In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117883804 2019-09-27T19:15:13Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2071 In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117216549 2019-09-27T19:15:13Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2072 In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116117112 2019-09-27T19:15:13Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2073 In libxaac there is a possible out of bounds write to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117100484 2019-09-27T19:15:13Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2074 In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116617847 2019-09-27T19:15:13Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2075 In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115908308 2019-09-27T19:15:13Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2076 In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115907334 2019-09-27T19:15:14Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2077 In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-114745929 2019-09-27T19:15:14Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2078 In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-114749542 2019-09-27T19:15:14Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2079 In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115509210 2019-09-27T19:15:14Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2080 In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118619159 2019-09-27T19:15:14Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2081 In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116473261 2019-09-27T19:15:14Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2082 In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117495103 2019-09-27T19:15:14Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2083 In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117495362 2019-09-27T19:15:14Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2084 In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117494734 2019-09-27T19:15:14Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2085 In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117496180 2019-09-27T19:15:14Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2086 In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-114735603 2019-09-27T19:15:14Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2087 In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118149009 2019-09-27T19:15:14Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2138 In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118494320 2019-09-27T19:15:14Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2139 In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117610049 2019-09-27T19:15:14Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2140 In libxaac, there is a possible information disclosure due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112705708 2019-09-27T19:15:14Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2141 In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112705155 2019-09-27T19:15:14Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2142 In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112768568 2019-09-27T19:15:14Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2143 In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-114746174 2019-09-27T19:15:15Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2144 In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112856493 2019-09-27T19:15:15Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2145 In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112858430 2019-09-27T19:15:15Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2146 In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112859714 2019-09-27T19:15:15Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2147 In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116474108 2019-09-27T19:15:15Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2148 In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113508105 2019-09-27T19:15:15Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2149 In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113262406 2019-09-27T19:15:15Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2150 In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117935831 2019-09-27T19:15:15Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2151 In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117495174 2019-09-27T19:15:15Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2152 In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118145923 2019-09-27T19:15:15Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2153 In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112611181 2019-09-27T19:15:15Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2154 In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117610057 2019-09-27T19:15:15Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2155 In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117655547 2019-09-27T19:15:15Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2156 In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112552816 2019-09-27T19:15:15Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2157 In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112611363 2019-09-27T19:15:15Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2158 In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118766492 2019-09-27T19:15:15Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2159 In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112707186 2019-09-27T19:15:15Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2160 In libxaac there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112715795 2019-09-27T19:15:16Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2161 In libxaac there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112553431 2019-09-27T19:15:16Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2162 In libxaac there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112713720 2019-09-27T19:15:16Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2163 In libxaac there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118138797 2019-09-27T19:15:16Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2164 In libxaac there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113263695 2019-09-27T19:15:16Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2165 In libxaac there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112712154 2019-09-27T19:15:16Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2166 In libxaac there is a possible information disclosure due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117661478 2019-09-27T19:15:16Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2167 In libxaac there is a possible information disclosure due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118615501 2019-09-27T19:15:16Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2168 In libxaac there is a possible information disclosure due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118492594 2019-09-27T19:15:16Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2169 In libxaac there is a possible information disclosure due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118492282 2019-09-27T19:15:16Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2170 In libxaac there is a possible information disclosure due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118615735 2019-09-27T19:15:16Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2172 In libxaac there is a possible information disclosure due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113035224 2019-09-27T19:15:16Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2188 In the Easel driver, there is possible memory corruption due to race conditions. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112309571 2019-09-27T19:15:16Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2189 In the Easel driver, there is possible memory corruption due to race conditions. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112312381 2019-09-27T19:15:16Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2190 In LG's LAF component, there is a possible leak of information in a protected disk partition due to a missing bounds check. This could lead to local information disclosure via USB with User execution privileges needed. User interaction is not required for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-68771598 2019-09-27T19:15:16Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2191 In LG's LAF component, there is a possible leak of information in a protected disk partition due to a missing bounds check. This could lead to local information disclosure via USB with User execution privileges needed. User interaction is not required for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-68770980 2019-09-27T19:15:17Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2252 Classic buffer overflow vulnerability while playing the specific video whose Decode picture buffer size is more than 16 in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 2019-09-30T16:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2284 Possible use-after-free issue due to a race condition while calling camera ioctl concurrently in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, QCS405, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855, SDM439, SDX24 2019-09-30T16:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2294 Usage of hard-coded magic number for calculating heap guard bytes can allow users to corrupt heap blocks without heap algorithm knowledge in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 2019-09-30T16:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2333 Buffer overflow due to improper validation of buffer size while IPA driver processing to perform read operation in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 2019-09-30T16:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2341 Buffer overflow when the audio buffer size provided by user is larger than the maximum allowable audio buffer size. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 2019-09-30T16:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3736 Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a password storage vulnerability in the ACM component. A remote authenticated malicious user with root privileges may potentially use a support tool to decrypt encrypted passwords stored locally on the system to use it to access other components using the privileges of the compromised user. 2019-09-27T21:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3746 Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do not limit the number of authentication attempts to the ACM API. An authenticated remote user may exploit this vulnerability to launch a brute-force authentication attack in order to gain access to the system. 2019-09-27T21:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3747 Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a stored cross-site scripting vulnerability. A remote malicious ACM admin user may potentially exploit this vulnerability to store malicious HTML or JavaScript code in Cloud DR add-on specific field. When victim users access the page through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. 2019-09-27T21:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3766 Dell EMC ECS versions prior to 3.4.0.0 contain an improper restriction of excessive authentication attempts vulnerability. An unauthenticated remote attacker may potentially perform a password brute-force attack to gain access to the targeted accounts. 2019-09-27T21:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-4106 IBM WebSphere eXtreme Scale 8.6 Admin Console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158099. 2019-09-30T16:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-4109 IBM WebSphere eXtreme Scale 8.6 Admin Console could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 158102. 2019-09-30T16:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-4112 IBM WebSphere eXtreme Scale 8.6 Admin Console allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158105. 2019-09-30T16:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-4115 IBM WebSphere eXtreme Scale 8.6 Admin API is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158113. 2019-09-30T16:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-4246 IBM Daeja ViewONE Virtual 5.0 through 5.0.6 could expose internal parameters to ViewONE clients that could be used in further attacks against the system. IBM X-Force ID: 159521. 2019-10-01T15:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-4280 IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 displays sensitive information in HTTP requests which could be used in further attacks against the system. IBM X-Force ID: 160503. 2019-09-30T16:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-4304 IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security restrictions caused by improper session validation. IBM X-Force ID: 160950. 2019-09-30T16:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-4305 IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information caused by the improper setting of a cookie. IBM X-Force ID: 160951. 2019-09-30T16:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-4422 IBM Security Guardium 9.0, 9.5, and 10.6 are vulnerable to a privilege escalation which could allow an authenticated user to change the accessmgr password. IBM X-Force ID: 162768. 2019-10-03T14:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-4423 IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162769. 2019-09-30T16:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-4441 IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 163177. 2019-10-03T14:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-4494 IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164115. 2019-10-01T15:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-4495 IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164116. 2019-10-01T15:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-4497 IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164118. 2019-10-01T15:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-4520 IBM Security Directory Server 6.4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 165178. 2019-10-02T15:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-4538 IBM Security Directory Server 6.4.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 165660. 2019-10-02T15:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-4539 IBM Security Directory Server 6.4.0 does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system. IBM X-Force ID: 165812. 2019-10-02T15:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-4542 IBM Security Directory Server 6.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 165815. 2019-10-02T15:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-4549 IBM Security Directory Server 6.4.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165951. 2019-10-02T15:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-6161 An internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB (Storage Block) BMC in firmware versions prior to 1908.M. This vulnerability allows session IDs to be reused, which could provide unauthorized access to the BMC under certain circumstances. This vulnerability does not affect ThinkSystem XCC, System x IMM2, or other BMCs. 2019-09-26T16:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-6649 F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings. 2019-09-20T20:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-6656 BIG-IP APM Edge Client before version 7.1.8 (7180.2019.508.705) logs the full apm session ID in the log files. Vulnerable versions of the client are bundled with BIG-IP APM versions 15.0.0-15.0.1, 14,1.0-14.1.0.6, 14.0.0-14.0.0.4, 13.0.0-13.1.1.5, 12.1.0-12.1.5, and 11.5.1-11.6.5. In BIG-IP APM 13.1.0 and later, the APM Clients components can be updated independently from BIG-IP software. Client version 7.1.8 (7180.2019.508.705) and later has the fix. 2019-09-25T20:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8072 ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Security bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user. 2019-09-27T16:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8073 ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection via Vulnerable component vulnerability. Successful exploitation could lead to Arbitrary code execution in the context of the current user. 2019-09-27T16:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8074 ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Path Traversal vulnerability. Successful exploitation could lead to Access Control Bypass in the context of the current user. 2019-09-27T16:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8075 Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user. 2019-09-27T16:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8288 Vulnerability in Online Store v1.0, Stored XSS in user_view.php where adidas_member_user variable is not sanitized. 2019-10-01T20:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8289 Vulnerability in Online Store v1.0, stored XSS in admin/user_view.php adidas_member_email variable 2019-10-01T20:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8290 Vulnerability in Online Store v1.0, The registration form requirements for the member email format can be bypassed by posting directly to sent_register.php allowing special characters to be included and an XSS payload to be injected. 2019-10-01T20:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9232 In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483 2019-09-27T19:15:17Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9233 In wpa_supplicant_8, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122529021 2019-09-27T19:15:17Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9234 In wpa_supplicant_8, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122465453 2019-09-27T19:15:17Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9235 In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122323053 2019-09-27T19:15:17Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9236 In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122322613 2019-09-27T19:15:17Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9237 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-121325979 2019-09-27T19:15:17Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9238 In the NFC stack, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-121267042 2019-09-27T19:15:17Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9239 In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-121263487 2019-09-27T19:15:17Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9240 In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-121150966 2019-09-27T19:15:17Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9241 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-121036603 2019-09-27T19:15:17Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9242 In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-121035878 2019-09-27T19:15:17Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9243 In wpa_supplicant_8, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120905706 2019-09-27T19:15:17Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9244 In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120865977 2019-09-27T19:15:17Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9247 In AAC Codec, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120426166 2019-09-27T19:15:17Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9249 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120255805 2019-09-27T19:15:17Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9250 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120276962 2019-09-27T19:15:18Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9251 In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120274615 2019-09-27T19:15:18Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9252 In libavc there is a possible out of bounds read due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-73339042 2019-09-27T19:15:18Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9253 In KeyStore, there is a possible storage of symmetric keys in the TEE instead of the strongbox due to a missing strongbox flag. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-109769728 2019-09-27T19:15:18Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9256 In libmediaextractor there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111921829 2019-09-27T19:15:18Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9257 In Bluetooth, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113572342 2019-09-27T19:15:18Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9258 In wifilogd, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113655028 2019-09-27T19:15:18Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9259 In the Bluetooth stack, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113575306 2019-09-27T19:15:18Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9260 In Bluetooth, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113495295 2019-09-27T19:15:18Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9261 In libxaac there is a possible out of bounds read due to missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116774214 2019-09-27T19:15:18Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9262 In MPEG4Extractor, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111792351 2019-09-27T19:15:18Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9264 In libxaac there is a possible out of bounds read due to missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116774502 2019-09-27T19:15:18Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9265 In Bluetooth, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-37994606 2019-09-27T19:15:18Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9266 In sensorservice, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-119501435 2019-09-27T19:15:18Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9268 In libstagefright, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-77474014 2019-09-27T19:15:18Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9269 In System Settings, there is a possible permissions bypass due to a cached Linux user ID. This could lead to a local permissions bypass with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-36899497 2019-09-27T19:15:18Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9272 In WiFi, there is a possible leak of WiFi state due to a permissions bypass. This could lead to a local information disclosure which could be used to determine device location with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-11596047 2019-09-27T19:15:18Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9277 In the proc filesystem, there is a possible information disclosure due to log information disclosure. This could lead to local disclosure of app and browser activity with User execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-68016944 2019-09-27T19:15:19Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9278 In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774 2019-09-27T19:15:19Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9279 In the wifi hotspot service, there is a possible denial of service due to a null pointer dereference. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-110476382 2019-09-27T19:15:19Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9281 In GoogleContactsSyncAdapter, there is a possible path traversal due to improper input sanitization. This could lead to a bypass of user interaction requirements with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-32748076 2019-09-27T19:15:19Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9282 In skia, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113211371 2019-09-27T19:15:19Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9283 In AAC Codec, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112663564 2019-09-27T19:15:19Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9284 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure, with no additional privileges required. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111850706 2019-09-27T19:15:19Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9285 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111215315 2019-09-27T19:15:19Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9286 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111213909 2019-09-27T19:15:19Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9287 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-78287084 2019-09-27T19:15:19Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9288 In libhidcommand_jni, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the USB service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111363077 2019-09-27T19:15:19Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9289 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-79883824 2019-09-27T19:15:19Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9290 In tzdata there is possible memory corruption due to a mismatch between allocation and deallocation functions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113039724 2019-09-27T19:15:19Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9291 In Bluetooth, there is a possible remote code execution due to an improper memory allocation. This could lead to remote code execution in Bluetooth with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112159179 2019-09-27T19:15:19Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9292 In the Activity Manager service, there is a possible information disclosure due to a confused deputy. This could lead to local disclosure of current foreground process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115384617 2019-09-27T19:15:19Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9293 In libstagefright, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117661116 2019-09-27T19:15:19Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9294 In libstagefright, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111764444 2019-09-27T19:15:19Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9295 In com.android.apps.tag, there is a possible bypass of user interaction requirements due to a missing permission check. This could lead to a to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-36885811 2019-09-27T19:15:20Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9296 In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112162089 2019-09-27T19:15:20Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9297 In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112890242 2019-09-27T19:15:20Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9298 In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112892194 2019-09-27T19:15:20Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9299 In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112663886 2019-09-27T19:15:20Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9300 In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112661610 2019-09-27T19:15:20Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9301 In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112663384 2019-09-27T19:15:20Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9302 In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112661356 2019-09-27T19:15:20Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9303 In libFDK, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112661057 2019-09-27T19:15:20Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9304 In libMpegTPDec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112662270 2019-09-27T19:15:20Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9305 In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112661835 2019-09-27T19:15:20Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9306 In libMpegTPDec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112661348 2019-09-27T19:15:20Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9307 In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112661893 2019-09-27T19:15:20Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9308 In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112661742 2019-09-27T19:15:20Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9309 In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to a to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117985575 2019-09-27T19:15:20Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9310 In libFDK, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112891546 2019-09-27T19:15:20Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9311 In Bluetooth, there is a possible crash due to an integer overflow. This could lead to remote denial of service on incoming calls with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-79431031 2019-09-27T19:15:21Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9313 In libstagefright, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112005441 2019-09-27T19:15:21Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9314 In libavc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112329563 2019-09-27T19:15:21Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9315 In libhevc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112326216 2019-09-27T19:15:21Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9316 In libstagefright, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112052432 2019-09-27T19:15:21Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9317 In libstagefright, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112052258 2019-09-27T19:15:21Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9318 In libhevc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111764725 2019-09-27T19:15:21Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9319 In libavc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111762100 2019-09-27T19:15:21Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9320 In libavc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111761624 2019-09-27T19:15:21Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9321 In libavc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111208713 2019-09-27T19:15:21Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9322 In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111128067 2019-09-27T19:15:21Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9323 In the Wallpaper Manager service, there is a possible information disclosure due to a missing permission check. Any application can access wallpaper image with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-30770233 2019-09-27T19:15:21Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9325 In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112001302 2019-09-27T19:15:21Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9326 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111215173 2019-09-27T19:15:21Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9327 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112050583 2019-09-27T19:15:22Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9328 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure, with no additional privileges required. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111895000 2019-09-27T19:15:22Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9329 In Bluetooth, there is a possible out of bounds read due to uninitialized data. This could lead to remote information disclosure, with no additional privileges required. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112917952 2019-09-27T19:15:22Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9330 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111214739 2019-09-27T19:15:22Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9331 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112272279 2019-09-27T19:15:22Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9332 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-78286500 2019-09-27T19:15:22Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9333 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-109753657 2019-09-27T19:15:22Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9334 In libhevc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112859934 2019-09-27T19:15:22Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9335 In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112328051 2019-09-27T19:15:22Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9336 In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112326322 2019-09-27T19:15:22Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9337 In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112204376 2019-09-27T19:15:22Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9338 In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111762686 2019-09-27T19:15:22Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9341 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111214770 2019-09-27T19:15:22Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9342 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111214470 2019-09-27T19:15:22Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9343 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112050983 2019-09-27T19:15:22Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9344 In NFC server, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120845341 2019-09-27T19:15:22Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9346 In libstagefright, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-128433933 2019-09-27T19:15:23Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9347 In the m4v_h263 codec, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-109891727 2019-09-27T19:15:23Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9348 In libstagefright, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-128431761 2019-09-27T19:15:23Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9349 In libstagefright, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-124330204 2019-09-27T19:15:23Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9350 In Keymaster, there is a possible EoP due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-129562815 2019-09-27T19:15:23Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9351 In SyncStatusObserver, there is a possible bypass for operating system protections that isolate user profiles from each other due to a missing permission check. This could lead to local limited information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-128599864 2019-09-27T19:15:23Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9352 In libstagefright, there is a possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-124253062 2019-09-27T19:15:23Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9353 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-123024201 2019-09-27T19:15:23Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9354 In NFC server, there's a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118148142 2019-09-27T19:15:23Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9355 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115903122 2019-09-27T19:15:23Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9357 In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112662995 2019-09-27T19:15:23Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9358 In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to a to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120156401 2019-09-27T19:15:23Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9359 In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111407302 2019-09-27T19:15:23Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9360 In the TEE, there's a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120610663 2019-09-27T19:15:23Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9361 In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111762807 2019-09-27T19:15:24Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9362 In libSACdec, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120426980 2019-09-27T19:15:24Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9363 In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-123584306 2019-09-27T19:15:24Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9364 In AudioService, there is a possible trigger of background user audio due to a permissions bypass. This could lead to local information disclosure by playing the background user's audio with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-73364631 2019-09-27T19:15:24Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9365 In Bluetooth, there is a possible deserialization error due to missing string validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-109838537 2019-09-27T19:15:24Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9366 In libSBRdec there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112052062 2019-09-27T19:15:24Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9367 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112106425 2019-09-27T19:15:24Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9368 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-79883568 2019-09-27T19:15:24Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9369 In Bluetooth, there is a use of uninitialized variable. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-79995407 2019-09-27T19:15:24Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9370 In sonivox, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-133880046 2019-09-27T19:15:24Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9371 In libvpx, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-132783254 2019-09-27T19:15:24Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9372 In libskia, there is a possible crash due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-132782448 2019-09-27T19:15:24Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9373 In JobStore, there is a mismatched serialization/deserialization for the "battery-not-low" job attribute. This could lead to a local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-130173029 2019-09-27T19:15:24Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9374 In CompanionDeviceManager, there is a possible bypass of user interaction requirements due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-129476618 2019-09-27T19:15:24Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9375 In hostapd, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-129344244 2019-09-27T19:15:24Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9376 In the Accounts package, there is a possible crash due to improper input validation. This could lead to permanent local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-129287265 2019-09-27T19:15:25Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9378 In the Activity Manager service, there is a possible permission bypass due to incorrect permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-124539196 2019-09-27T19:15:25Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9379 In libstagefright, there is a possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-124329638 2019-09-27T19:15:25Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9380 In the settings UI, there is a possible spoofing vulnerability due to a missing permission check. This could lead to a user mistakenly changing permission settings with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-123700098 2019-09-27T19:15:25Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9381 In netd, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122677612 2019-09-27T19:15:25Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9382 In libeffects, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120874654 2019-09-27T19:15:25Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9383 In NFC server, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120843827 2019-09-27T19:15:25Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9384 In LockPatternUtils, there is a possible escalation of privilege due to an improper permissions check. This could lead to local bypass of the Lockguard with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120568007 2019-09-27T19:15:25Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9385 In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120452956 2019-09-27T19:15:25Z