National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 126,127 matching records.
Displaying matches 41 through 60.
Vuln ID Summary CVSS Severity
CVE-2019-0145

Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable an escalation of privilege via local access.

Published: November 14, 2019; 02:15:12 PM -05:00
(not available)
CVE-2019-0144

Unhandled exception in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow an authenticated user to potentially enable a denial of service via local access.

Published: November 14, 2019; 02:15:12 PM -05:00
(not available)
CVE-2019-0143

Unhandled exception in Kernel-mode drivers for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access.

Published: November 14, 2019; 02:15:12 PM -05:00
(not available)
CVE-2019-0142

Insufficient access control in ilp60x64.sys driver for Intel(R) Ethernet 700 Series Controllers before version 1.33.0.0 may allow a privileged user to potentially enable escalation of privilege via local access.

Published: November 14, 2019; 02:15:11 PM -05:00
(not available)
CVE-2019-0140

Buffer overflow in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow an unauthenticated user to potentially enable an escalation of privilege via an adjacent access.

Published: November 14, 2019; 02:15:11 PM -05:00
(not available)
CVE-2019-0139

Insufficient access control in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow a privileged user to potentially enable an escalation of privilege, denial of service, or information disclosure via local access.

Published: November 14, 2019; 02:15:11 PM -05:00
(not available)
CVE-2013-4109

An unspecified cross-site scripting (XSS) vulnerability exists in Cryptocat Message Handling 1.1.165.

Published: November 14, 2019; 02:15:11 PM -05:00
(not available)
CVE-2013-3072

An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in http://<router_ip>/apply.cgi?/hdd_usr_setup.htm that when visited by any user, authenticated or not, causes the router to no longer require a password to access the web administration portal.

Published: November 14, 2019; 02:15:11 PM -05:00
(not available)
CVE-2013-3070

An Information Disclosure vulnerability exists in Netgear WNDR4700 running firmware 1.0.0.34 in the management web interface, which discloses the PSK of the wireless LAN.

Published: November 14, 2019; 02:15:11 PM -05:00
(not available)
CVE-2013-3073

A Symlink Traversal vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34.

Published: November 14, 2019; 01:15:11 PM -05:00
(not available)
CVE-2019-16110

The network protocol of Blade Shadow though 2.13.3 allows remote attackers to take control of a Shadow instance and execute arbitrary code by only knowing the victim's IP address, because packet data can be injected into the unencrypted UDP packet stream.

Published: November 14, 2019; 12:15:24 PM -05:00
(not available)
CVE-2019-15744

The Sony Xperia Xperia XZs Android device with a build fingerprint of Sony/keyaki_softbank/keyaki_softbank:7.1.1/TONE3-3.0.0-SOFTBANK-170517-0323/1:user/dev-keys contains a pre-installed app with a package name of jp.softbank.mb.tdrl app (versionCode=1413005, versionName=1.3.0) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.

Published: November 14, 2019; 12:15:24 PM -05:00
(not available)
CVE-2019-15743

The Sony Xperia Touch Android device with a build fingerprint of Sony/blanc_windy/blanc_windy:7.0/LOIRE-SMART-BLANC-1.0.0-170530-0834/1:user/dev-keys contains a pre-installed app with a package name of com.sonymobile.android.maintenancetool.testmic app (versionCode=24, versionName=7.0) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record audio to external storage.

Published: November 14, 2019; 12:15:24 PM -05:00
(not available)
CVE-2019-15475

The Xiaomi Mi A3 Android device with a build fingerprint of xiaomi/onc_eea/onc:9/PKQ1.181021.001/V10.2.8.0.PFLEUXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record telephone calls to external storage.

Published: November 14, 2019; 12:15:24 PM -05:00
(not available)
CVE-2019-15474

The Xiaomi Cepheus Android device with a build fingerprint of Xiaomi/cepheus/cepheus:9/PKQ1.181121.001/V10.2.6.0.PFAMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record telephone calls to external storage.

Published: November 14, 2019; 12:15:24 PM -05:00
(not available)
CVE-2019-15473

The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/jasmine/jasmine_sprout:9/PKQ1.180904.001/V10.0.2.0.PDIMIFJ:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record telephone calls to external storage.

Published: November 14, 2019; 12:15:24 PM -05:00
(not available)
CVE-2019-15472

The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/daisy/daisy_sprout:9/PKQ1.180917.001/V10.0.3.0.PDLMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record telephone calls to external storage.

Published: November 14, 2019; 12:15:24 PM -05:00
(not available)
CVE-2019-15471

The Xiaomi Mi Mix 2S Android device with a build fingerprint of Xiaomi/polaris/polaris:8.0.0/OPR1.170623.032/V9.5.19.0.ODGMIFA:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=27, versionName=8.1.0) that allows other pre-installed apps to perform microphone audio recording via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that export their capabilities to other pre-installed app. This app allows a third-party app to use its open interface to record telephone calls to external storage.

Published: November 14, 2019; 12:15:24 PM -05:00
(not available)
CVE-2019-15470

The Xiaomi Redmi Note 6 Pro Android device with a build fingerprint of xiaomi/tulip/tulip:8.1.0/OPM1.171019.011/V10.2.2.0.OEKMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=27, versionName=8.1.0) that allows other pre-installed apps to perform microphone audio recording via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that export their capabilities to other pre-installed app. This app allows a third-party app to use its open interface to record telephone calls to external storage.

Published: November 14, 2019; 12:15:24 PM -05:00
(not available)
CVE-2019-15469

The Xiaomi Mi Pad 4 Android device with a build fingerprint of Xiaomi/clover/clover:8.1.0/OPM1.171019.019/V9.6.26.0.ODJCNFD:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=27, versionName=8.1.0) that allows other pre-installed apps to perform microphone audio recording via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that export their capabilities to other pre-installed app. This app allows a third-party app to use its open interface to record telephone calls to external storage.

Published: November 14, 2019; 12:15:24 PM -05:00
(not available)