Search Results (Refine Search)
- Results Type: Overview
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2019-5224 |
P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21) have an out of bounds read vulnerability. The system does not properly validate certain length parameter which an application transports to kernel. An attacker tricks the user to install a malicious application, successful exploit could cause out of bounds read and information disclosure. Published: November 29, 2019; 3:15:11 PM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-5218 |
There is an insufficient authentication vulnerability in Huawei Band 2 and Honor Band 3. The band does not sufficiently authenticate the device try to connect to it in certain scenario. Successful exploit could allow the attacker to spoof then connect to the band. Published: November 29, 2019; 3:15:11 PM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 5.8 MEDIUM |
CVE-2019-5212 |
There is an improper access control vulnerability in Huawei Share. The software does not properly restrict access to certain file from certain application. An attacker tricks the user into installing a malicious application then establishing a connect to the attacker through Huawei Share, successful exploit could cause information disclosure. Published: November 29, 2019; 3:15:10 PM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-5211 |
The Huawei Share function of P20 phones with versions earlier than Emily-L29C 9.1.0.311 has an improper file management vulnerability. The attacker tricks the victim to perform certain operations on the mobile phone during file transfer. Because the file is not properly processed, successfully exploit may cause some files on the victim's mobile phone are deleted. Published: November 29, 2019; 3:15:10 PM -0500 |
V4.0:(not available) V3.1: 5.7 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-5210 |
Nova 5i pro and Nova 5 smartphones with versions earlier than 9.1.1.190(C00E190R6P2)and Versions earlier than 9.1.1.175(C00E170R3P2) have an improper validation of array index vulnerability. The system does not properly validate the input value before use it as an array index when processing certain image information. The attacker tricks the user into installing a malicious application, successful exploit could cause malicious code execution. Published: November 29, 2019; 3:15:10 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 4.4 MEDIUM |
CVE-2019-5226 |
P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version. Published: November 29, 2019; 2:15:12 PM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-18922 |
A Directory Traversal in the Web interface of the Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047] allows unauthenticated attackers to read arbitrary system files via a GET request. NOTE: This is an End-of-Life product. Published: November 29, 2019; 2:15:11 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 7.8 HIGH |
CVE-2019-16767 |
The admin sys mode is now conditional and dedicated for the special case. By default, since ezmaster@5.2.11 no instance (container) is launched with advanced capabilities (not launched as root) Published: November 29, 2019; 1:15:11 PM -0500 |
V4.0:(not available) V3.1: 7.2 HIGH V2.0: 9.0 HIGH |
CVE-2019-19378 |
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c. Published: November 29, 2019; 12:15:11 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-16766 |
When using wagtail-2fa before 1.3.0, if someone gains access to someone's Wagtail login credentials, they can log into the CMS and bypass the 2FA check by changing the URL. They can then add a new device and gain full access to the CMS. This problem has been patched in version 1.3.0. Published: November 29, 2019; 12:15:11 PM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 4.0 MEDIUM |
CVE-2019-19391 |
In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other products, debug.getinfo has a type confusion issue that leads to arbitrary memory write or read operations, because certain cases involving valid stack levels and > options are mishandled. NOTE: The LuaJIT project owner states that the debug libary is unsafe by definition and that this is not a vulnerability. When LuaJIT was originally developed, the expectation was that the entire debug library had no security guarantees and thus it made no sense to assign CVEs. However, not all users of later LuaJIT derivatives share this perspective Published: November 29, 2019; 11:15:10 AM -0500 |
V4.0:(not available) V3.1: 9.1 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2019-19377 |
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c. Published: November 29, 2019; 11:15:10 AM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-14901 |
A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system. Published: November 29, 2019; 10:15:11 AM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2019-14897 |
A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA. Published: November 29, 2019; 10:15:10 AM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2019-14895 |
A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code. Published: November 29, 2019; 9:15:11 AM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2019-14865 |
A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots. Published: November 29, 2019; 5:15:12 AM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2019-19388 |
A cross-site scripting (XSS) vulnerability in app/dialplans/dialplan_detail_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the dialplan_uuid parameter. Published: November 28, 2019; 7:15:11 PM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-19387 |
A cross-site scripting (XSS) vulnerability in app/fifo_list/fifo_interactive.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the c parameter. Published: November 28, 2019; 7:15:11 PM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-19386 |
A cross-site scripting (XSS) vulnerability in app/voicemail_greetings/voicemail_greeting_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id and/or voicemail_id parameter. Published: November 28, 2019; 7:15:11 PM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-19385 |
A cross-site scripting (XSS) vulnerability in app/dialplans/dialplans.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the app_uuid parameter. Published: November 28, 2019; 7:15:11 PM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |