National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 127,454 matching records.
Displaying matches 621 through 640.
Vuln ID Summary CVSS Severity
CVE-2019-5263

HiSuite with 9.1.0.305 and earlier versions and 9.1.0.305(MAC) and earlier versions and HwBackup with earlier versions before 9.1.1.308 have a brute forcing encrypted backup data vulnerability. Huawei smartphone user backup information can be obtained by brute forcing the password for encrypting the backup.

Published: November 29, 2019; 03:15:12 PM -05:00
V3.1: 5.5 MEDIUM
    V2: 2.1 LOW
CVE-2019-5232

There is a use of insufficiently random values vulnerability in Huawei ViewPoint products. An unauthenticated, remote attacker can guess information by a large number of attempts. Successful exploitation may cause information leak.

Published: November 29, 2019; 03:15:11 PM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-5227

P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version.

Published: November 29, 2019; 03:15:11 PM -05:00
V3.1: 5.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-5225

P30, Mate 20, P30 Pro smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), versions earlier than Hima-AL00B 9.1.0.135(C00E200R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12) have a buffer overflow vulnerability on several , the system does not properly validate certain length parameter which an application transports to kernel. An attacker tricks the user to install a malicious application, successful exploit could cause malicious code execution.

Published: November 29, 2019; 03:15:11 PM -05:00
V3.1: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-5224

P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21) have an out of bounds read vulnerability. The system does not properly validate certain length parameter which an application transports to kernel. An attacker tricks the user to install a malicious application, successful exploit could cause out of bounds read and information disclosure.

Published: November 29, 2019; 03:15:11 PM -05:00
V3.1: 5.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-5218

There is an insufficient authentication vulnerability in Huawei Band 2 and Honor Band 3. The band does not sufficiently authenticate the device try to connect to it in certain scenario. Successful exploit could allow the attacker to spoof then connect to the band.

Published: November 29, 2019; 03:15:11 PM -05:00
(not available)
CVE-2019-5212

There is an improper access control vulnerability in Huawei Share. The software does not properly restrict access to certain file from certain application. An attacker tricks the user into installing a malicious application then establishing a connect to the attacker through Huawei Share, successful exploit could cause information disclosure.

Published: November 29, 2019; 03:15:10 PM -05:00
V3.1: 5.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-5211

The Huawei Share function of P20 phones with versions earlier than Emily-L29C 9.1.0.311 has an improper file management vulnerability. The attacker tricks the victim to perform certain operations on the mobile phone during file transfer. Because the file is not properly processed, successfully exploit may cause some files on the victim's mobile phone are deleted.

Published: November 29, 2019; 03:15:10 PM -05:00
V3.1: 5.7 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-5210

Nova 5i pro and Nova 5 smartphones with versions earlier than 9.1.1.190(C00E190R6P2)and Versions earlier than 9.1.1.175(C00E170R3P2) have an improper validation of array index vulnerability. The system does not properly validate the input value before use it as an array index when processing certain image information. The attacker tricks the user into installing a malicious application, successful exploit could cause malicious code execution.

Published: November 29, 2019; 03:15:10 PM -05:00
V3.1: 7.8 HIGH
    V2: 4.4 MEDIUM
CVE-2019-5226

P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version.

Published: November 29, 2019; 02:15:12 PM -05:00
V3.1: 5.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-18922

A Directory Traversal in the Web interface of the Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047] allows unauthenticated attackers to read arbitrary system files via a GET request. NOTE: This is an End-of-Life product.

Published: November 29, 2019; 02:15:11 PM -05:00
V3.1: 7.5 HIGH
    V2: 7.8 HIGH
CVE-2019-16767

The admin sys mode is now conditional and dedicated for the special case. By default, since ezmaster@5.2.11 no instance (container) is launched with advanced capabilities (not launched as root)

Published: November 29, 2019; 01:15:11 PM -05:00
(not available)
CVE-2019-19378

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c.

Published: November 29, 2019; 12:15:11 PM -05:00
V3.1: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-16766

When using wagtail-2fa before 1.3.0, if someone gains access to someone's Wagtail login credentials, they can log into the CMS and bypass the 2FA check by changing the URL. They can then add a new device and gain full access to the CMS. This problem has been patched in version 1.3.0.

Published: November 29, 2019; 12:15:11 PM -05:00
(not available)
CVE-2019-19391

** DISPUTED ** In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other products, debug.getinfo has a type confusion issue that leads to arbitrary memory write or read operations, because certain cases involving valid stack levels and > options are mishandled. NOTE: The LuaJIT project owner states that the debug libary is unsafe by definition and that this is not a vulnerability. When LuaJIT was originally developed, the expectation was that the entire debug library had no security guarantees and thus it made no sense to assign CVEs. However, not all users of later LuaJIT derivatives share this perspective.

Published: November 29, 2019; 11:15:10 AM -05:00
(not available)
CVE-2019-19377

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c.

Published: November 29, 2019; 11:15:10 AM -05:00
V3.1: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-14901

A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system.

Published: November 29, 2019; 10:15:11 AM -05:00
V3.1: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2019-14897

A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA.

Published: November 29, 2019; 10:15:10 AM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2019-14895

A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code.

Published: November 29, 2019; 09:15:11 AM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2019-14865

A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots.

Published: November 29, 2019; 05:15:12 AM -05:00
V3.1: 5.5 MEDIUM
    V2: 4.9 MEDIUM