| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2019-9002 | An issue was discovered in Tiny Issue 1.3.1 and pixeline Bugs through 1.3.2c. install/config-setup.p... | E S | |
| CVE-2019-9003 | In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-a... | S | |
| CVE-2019-9004 | In Eclipse Wakaama (formerly liblwm2m) 1.0, core/er-coap-13/er-coap-13.c in lwm2mserver in the LWM2M... | E S | |
| CVE-2019-9005 | The Cprime Power Scripts app before 4.0.14 for Atlassian Jira allows Directory Traversal.... | E | |
| CVE-2019-9008 | An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30. A user with low privileges can tak... | | |
| CVE-2019-9009 | An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Cont... | M | |
| CVE-2019-9010 | An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly veri... | | |
| CVE-2019-9011 | In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), an attacker ca... | | |
| CVE-2019-9012 | An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause u... | | |
| CVE-2019-9013 | An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based e... | | |
| CVE-2019-9015 | A Path Traversal vulnerability was discovered in MOPCMS through 2018-11-30, leading to deletion of u... | E | |
| CVE-2019-9016 | An XSS vulnerability was discovered in MOPCMS through 2018-11-30. There is persistent XSS that allow... | E | |
| CVE-2019-9017 | DWRCC in SolarWinds DameWare Mini Remote Control 10.0 x64 has a Buffer Overflow associated with the ... | E | |
| CVE-2019-9019 | The British Airways Entertainment System, as installed on Boeing 777-36N(ER) and possibly other airc... | E | |
| CVE-2019-9020 | An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x befo... | E S | |
| CVE-2019-9021 | An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x befo... | E S | |
| CVE-2019-9022 | An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_g... | E | |
| CVE-2019-9023 | An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x befo... | E S | |
| CVE-2019-9024 | An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x befo... | E S | |
| CVE-2019-9025 | An issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyte string supplied as an argume... | E S | |
| CVE-2019-9026 | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a heap-ba... | E | |
| CVE-2019-9027 | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a heap-ba... | E | |
| CVE-2019-9028 | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-b... | E | |
| CVE-2019-9029 | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is an out-of... | E | |
| CVE-2019-9030 | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-b... | E | |
| CVE-2019-9031 | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a NULL po... | E | |
| CVE-2019-9032 | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is an out-of... | E | |
| CVE-2019-9033 | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-b... | E | |
| CVE-2019-9034 | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-b... | E | |
| CVE-2019-9035 | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-b... | E | |
| CVE-2019-9036 | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a heap-ba... | E | |
| CVE-2019-9037 | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a buffer ... | E | |
| CVE-2019-9038 | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is an out-of... | E | |
| CVE-2019-9039 | In Couchbase Sync Gateway 2.1.2, an attacker with access to the Sync Gateway’s public REST API was a... | E | |
| CVE-2019-9040 | S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user via the admin/ajax.php?type=admin&ac... | | |
| CVE-2019-9041 | An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_template.php file, the parserIfLabel... | E | |
| CVE-2019-9042 | An issue was discovered in Sitemagic CMS v4.4. In the index.php?SMExt=SMFiles URI, the user can uplo... | E | |
| CVE-2019-9047 | GoRose v1.0.4 has SQL Injection when the order_by or group_by parameter can be controlled.... | E | |
| CVE-2019-9048 | An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete a theme (... | E | |
| CVE-2019-9049 | An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete modules v... | E | |
| CVE-2019-9050 | An issue was discovered in Pluck 4.7.9-dev1. It allows administrators to execute arbitrary code by u... | E | |
| CVE-2019-9051 | An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete articles ... | E | |
| CVE-2019-9052 | An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete pictures ... | E | |
| CVE-2019-9053 | An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a cra... | E | |
| CVE-2019-9055 | An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files action.a... | | |
| CVE-2019-9056 | An issue was discovered in CMS Made Simple 2.2.8. In the module FrontEndUsers (in the file class.Fro... | | |
| CVE-2019-9057 | An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach ... | | |
| CVE-2019-9058 | An issue was discovered in CMS Made Simple 2.2.8. In the administrator page admin/changegroupperm.ph... | | |
| CVE-2019-9059 | An issue was discovered in CMS Made Simple 2.2.8. It is possible, with an administrator account, to ... | | |
| CVE-2019-9060 | An issue was discovered in CMS Made Simple 2.2.8. It is possible to achieve unauthenticated path tra... | | |
| CVE-2019-9061 | An issue was discovered in CMS Made Simple 2.2.8. In the module ModuleManager (in the file action.in... | | |
| CVE-2019-9062 | PHP Scripts Mall Online Food Ordering Script 1.0 has Cross-Site Request Forgery (CSRF) in my-account... | E | |
| CVE-2019-9063 | PHP Scripts Mall Auction website script 2.0.4 allows parameter tampering of the payment amount.... | E | |
| CVE-2019-9064 | PHP Scripts Mall Cab Booking Script 1.0.3 allows Directory Traversal into the parent directory of a ... | E | |
| CVE-2019-9065 | PHP Scripts Mall Custom T-Shirt Ecommerce Script 3.1.1 allows parameter tampering of the payment amo... | E | |
| CVE-2019-9066 | PHP Scripts Mall PHP Appointment Booking Script 3.0.3 allows HTML injection in a user profile.... | E | |
| CVE-2019-9070 | An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based bu... | E S | |
| CVE-2019-9071 | An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consump... | E S | |
| CVE-2019-9072 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in ... | E S | |
| CVE-2019-9073 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in ... | E S | |
| CVE-2019-9074 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in ... | E S | |
| CVE-2019-9075 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in ... | E S | |
| CVE-2019-9076 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in ... | E S | |
| CVE-2019-9077 | An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_spe... | E S | |
| CVE-2019-9078 | zzcms 2019 has XSS via an arbitrary user/ask.php?do=modify parameter because inc/stopsqlin.php does ... | E | |
| CVE-2019-9080 | DomainMOD before 4.14.0 uses MD5 without a salt for password storage.... | | |
| CVE-2019-9081 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2019-9082 | ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command E... | KEV E | |
| CVE-2019-9083 | SQLiteManager 1.20 and 1.24 allows SQL injection via the /sqlitemanager/main.php dbsel parameter. NO... | E | |
| CVE-2019-9084 | In Hoteldruid before 2.3.1, a division by zero was discovered in $num_tabelle in tab_tariffe.php (ak... | E | |
| CVE-2019-9085 | Hoteldruid before v2.3.1 allows remote authenticated users to cause a denial of service (invoice-cre... | E | |
| CVE-2019-9086 | HotelDruid before v2.3.1 has SQL Injection via the /visualizza_tabelle.php anno parameter.... | E | |
| CVE-2019-9087 | HotelDruid before v2.3.1 has SQL Injection via the /tab_tariffe.php numtariffa1 parameter.... | E | |
| CVE-2019-9093 | A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in file/file/upload in Humhub 1.... | | |
| CVE-2019-9094 | A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in /s/adada/cfiles/upload in Hum... | | |
| CVE-2019-9095 | An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 device... | | |
| CVE-2019-9096 | An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 device... | | |
| CVE-2019-9097 | An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 device... | | |
| CVE-2019-9098 | An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 device... | | |
| CVE-2019-9099 | An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 device... | | |
| CVE-2019-9101 | An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 device... | | |
| CVE-2019-9102 | An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 device... | | |
| CVE-2019-9103 | An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 device... | | |
| CVE-2019-9104 | An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 device... | | |
| CVE-2019-9105 | The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices al... | E | |
| CVE-2019-9106 | The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices al... | E | |
| CVE-2019-9107 | XSS exists in WUZHI CMS 4.1.0 via index.php?m=attachment&f=imagecut&v=init&imgurl=[XSS] to coreframe... | E | |
| CVE-2019-9108 | XSS exists in WUZHI CMS 4.1.0 via index.php?m=core&f=map&v=baidumap&x=[XSS]&y=[XSS] to coreframe/app... | E | |
| CVE-2019-9109 | XSS exists in WUZHI CMS 4.1.0 via index.php?m=message&f=message&v=add&username=[XSS] to coreframe/ap... | E | |
| CVE-2019-9110 | XSS exists in WUZHI CMS 4.1.0 via index.php?m=content&f=postinfo&v=listing&set_iframe=[XSS] to coref... | E | |
| CVE-2019-9111 | The msm gpu driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3 device through 2018-11... | | |
| CVE-2019-9112 | The msm gpu driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3 device through 2018-11... | | |
| CVE-2019-9113 | Ming (aka libming) 0.4.8 has a NULL pointer dereference in the function getString() in the decompile... | E | |
| CVE-2019-9114 | Ming (aka libming) 0.4.8 has an out of bounds write vulnerability in the function strcpyext() in the... | E | |
| CVE-2019-9115 | In irisnet-crypto before 1.1.7 for IRISnet, the util/utils.js file allows code execution because of ... | | |
| CVE-2019-9116 | DLL hijacking is possible in Sublime Text 3 version 3.1.1 build 3176 on 32-bit Windows platforms bec... | E | |
| CVE-2019-9117 | An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This... | E | |
| CVE-2019-9118 | An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This... | E | |
| CVE-2019-9119 | An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This... | E | |
| CVE-2019-9120 | An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This... | E | |
| CVE-2019-9121 | An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This... | | |
| CVE-2019-9122 | An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute... | E | |
| CVE-2019-9123 | An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. The "user" account has a blank passwor... | E | |
| CVE-2019-9124 | An issue was discovered on D-Link DIR-878 1.12B01 devices. At the /HNAP1 URI, an attacker can log in... | E | |
| CVE-2019-9125 | An issue was discovered on D-Link DIR-878 1.12B01 devices. Because strncpy is misused, there is a st... | E | |
| CVE-2019-9126 | An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is an information disclosure vul... | E | |
| CVE-2019-9132 | Remote code execution vulnerability exists in KaKaoTalk PC messenger when user clicks specially craf... | | |
| CVE-2019-9133 | KMPlayer Subtitles parser Heap Overflow Vulnerability | | |
| CVE-2019-9134 | Architectural Information System 1.0 and earlier versions have a Stack-based buffer overflow, allows... | | |
| CVE-2019-9135 | DaviewIndy 8.98.7 and earlier versions have a Heap-based overflow vulnerability, triggered when the ... | | |
| CVE-2019-9136 | DaviewIndy 8.98.7 and earlier versions have a Heap-based overflow vulnerability, triggered when the ... | | |
| CVE-2019-9137 | DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnerability, triggered when the use... | | |
| CVE-2019-9138 | DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnerability, triggered when the use... | | |
| CVE-2019-9139 | DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnerability, triggered when the use... | | |
| CVE-2019-9140 | Happypoint mobile application information disclosure vulnerability | | |
| CVE-2019-9141 | Zoneplayer ActiveX Remote Code Execution vulnerability | | |
| CVE-2019-9142 | An issue was discovered in b3log Symphony (aka Sym) before v3.4.7. XSS exists via the userIntro and ... | S | |
| CVE-2019-9143 | An issue was discovered in Exiv2 0.27. There is infinite recursion at Exiv2::Image::printTiffStructu... | E | |
| CVE-2019-9144 | An issue was discovered in Exiv2 0.27. There is infinite recursion at BigTiffImage::printIFD in the ... | E | |
| CVE-2019-9145 | An issue was discovered in Hsycms V1.1. There is an XSS vulnerability via the name field to the /boo... | E | |
| CVE-2019-9146 | Jamf Self Service 10.9.0 allows man-in-the-middle attackers to obtain a root shell by leveraging the... | E | |
| CVE-2019-9147 | Mailvelope prior to 3.1.0 is vulnerable to a clickjacking attack against the settings page. As the s... | | |
| CVE-2019-9148 | Mailvelope prior to 3.3.0 accepts or operates with invalid PGP public keys: Mailvelope allows import... | E | |
| CVE-2019-9149 | Mailvelope prior to 3.3.0 allows private key operations without user interaction via its client-API.... | E | |
| CVE-2019-9150 | Mailvelope prior to 3.3.0 does not require user interaction to import public keys shown on web page.... | | |
| CVE-2019-9151 | An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the functi... | E | |
| CVE-2019-9152 | An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the functi... | E | |
| CVE-2019-9153 | Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to forge... | E S | |
| CVE-2019-9154 | Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to pass ... | E S | |
| CVE-2019-9155 | A cryptographic issue in OpenPGP.js <=4.2.0 allows an attacker who is able provide forged messages a... | E S | |
| CVE-2019-9156 | Gemalto DS3 Authentication Server 2.6.1-SP01 allows OS Command Injection.... | E | |
| CVE-2019-9157 | Gemalto DS3 Authentication Server 2.6.1-SP01 allows Local File Disclosure.... | | |
| CVE-2019-9158 | Gemalto DS3 Authentication Server 2.6.1-SP01 has Broken Access Control.... | E | |
| CVE-2019-9160 | WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a backdoor account allowi... | | |
| CVE-2019-9161 | WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a Remote Code Execution i... | | |
| CVE-2019-9162 | In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT modu... | E S | |
| CVE-2019-9163 | The connection initiation process in March Networks Command Client before 2.7.2 allows remote attack... | | |
| CVE-2019-9164 | Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remo... | E | |
| CVE-2019-9165 | SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL com... | E | |
| CVE-2019-9166 | Privilege escalation in Nagios XI before 5.5.11 allows local attackers to elevate privileges to root... | | |
| CVE-2019-9167 | Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbit... | E | |
| CVE-2019-9168 | WooCommerce before 3.5.5 allows XSS via a Photoswipe caption.... | S | |
| CVE-2019-9169 | In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a h... | E S | |
| CVE-2019-9170 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.... | E | |
| CVE-2019-9171 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.... | E | |
| CVE-2019-9172 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.... | E | |
| CVE-2019-9174 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.... | | |
| CVE-2019-9175 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.... | | |
| CVE-2019-9176 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.... | | |
| CVE-2019-9177 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2019-9178 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.... | E | |
| CVE-2019-9179 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.... | E | |
| CVE-2019-9181 | SchoolCMS version 2.3.1 allows file upload via the logo upload feature at admin.php?m=admin&c=site&a... | E | |
| CVE-2019-9182 | There is a CSRF in ZZZCMS zzzphp V1.6.1 via a /admin015/save.php?act=editfile request. It allows PHP... | E | |
| CVE-2019-9183 | An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0. A buffer overflow is pres... | S | |
| CVE-2019-9184 | SQL injection vulnerability in the J2Store plugin 3.x before 3.3.7 for Joomla! allows remote attacke... | E S | |
| CVE-2019-9185 | Controller/Async/FilesystemManager.php in the filemanager in Bolt before 3.6.5 allows remote attacke... | E S | |
| CVE-2019-9186 | In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default settin... | | |
| CVE-2019-9187 | ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate ... | | |
| CVE-2019-9189 | Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application allows the upload of arbitrary ... | | |
| CVE-2019-9191 | The ETSI Enterprise Transport Security (ETS, formerly known as eTLS) protocol does not provide per-s... | | |
| CVE-2019-9192 | In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec... | E | |
| CVE-2019-9193 | In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in t... | E | |
| CVE-2019-9194 | elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.... | E S | |
| CVE-2019-9195 | util/src/zip.rs in Grin before 1.0.2 mishandles suspicious files. An attacker can execute arbitrary ... | E S | |
| CVE-2019-9196 | The Face authentication component in Aware mobile liveness 2.2.1 sdk 2.2.0 for Knomi allows a Biomet... | E | |
| CVE-2019-9197 | The com.unity3d.kharma protocol handler in Unity Editor 2018.3 allows remote attackers to execute ar... | S | |
| CVE-2019-9199 | PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer d... | E | |
| CVE-2019-9200 | A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74... | E | |
| CVE-2019-9201 | Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and o... | E | |
| CVE-2019-9202 | Nagios IM (component of Nagios XI) before 2.2.7 allows authenticated users to execute arbitrary code... | E | |
| CVE-2019-9203 | Authorization bypass in Nagios IM (component of Nagios XI) before 2.2.7 allows closing incidents in ... | E | |
| CVE-2019-9204 | SQL injection vulnerability in Nagios IM (component of Nagios XI) before 2.2.7 allows attackers to e... | E | |
| CVE-2019-9206 | PRTG Network Monitor v7.1.3.3378 allows XSS via the /public/login.htm errormsg or loginurl parameter... | E | |
| CVE-2019-9207 | PRTG Network Monitor v7.1.3.3378 allows XSS via the /search.htm searchtext parameter. NOTE: This pro... | | |
| CVE-2019-9208 | In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissector could crash. This was addressed ... | E | |
| CVE-2019-9209 | In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. T... | E S | |
| CVE-2019-9210 | In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an ... | E | |
| CVE-2019-9211 | There is a reachable assertion abort in the function write_long_string_missing_values() in data/sys-... | E | |
| CVE-2019-9212 | SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrary commands via a crafted seria... | S | |
| CVE-2019-9213 | In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum... | E S | |
| CVE-2019-9214 | In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the RPCAP dissector could crash. This was addressed... | | |
| CVE-2019-9215 | In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizat... | | |
| CVE-2019-9217 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.... | | |
| CVE-2019-9218 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.... | | |
| CVE-2019-9219 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.... | E | |
| CVE-2019-9220 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.... | E | |
| CVE-2019-9221 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.... | | |
| CVE-2019-9222 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.... | | |
| CVE-2019-9223 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.... | E | |
| CVE-2019-9224 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.... | E | |
| CVE-2019-9225 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.... | E | |
| CVE-2019-9226 | An issue was discovered in baigo CMS 2.1.1. There is a persistent XSS vulnerability that allows remo... | E | |
| CVE-2019-9227 | An issue was discovered in baigo CMS 2.1.1. There is a vulnerability that allows remote attackers to... | E | |
| CVE-2019-9228 | An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices ... | | |
| CVE-2019-9229 | An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices ... | | |
| CVE-2019-9230 | An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices ... | | |
| CVE-2019-9231 | An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices ... | | |
| CVE-2019-9232 | In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to ... | | |
| CVE-2019-9233 | In wpa_supplicant_8, there is a possible out of bounds read due to an incorrect bounds check. This c... | | |
| CVE-2019-9234 | In wpa_supplicant_8, there is a possible out of bounds read due to a missing bounds check. This coul... | | |
| CVE-2019-9235 | In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to loc... | | |
| CVE-2019-9236 | In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to loc... | | |
| CVE-2019-9237 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead ... | | |
| CVE-2019-9238 | In the NFC stack, there is a possible out of bounds write due to a missing bounds check. This could ... | | |
| CVE-2019-9239 | In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to loc... | | |
| CVE-2019-9240 | In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to loc... | | |
| CVE-2019-9241 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead ... | | |
| CVE-2019-9242 | In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to loc... | | |
| CVE-2019-9243 | In wpa_supplicant_8, there is a possible out of bounds read due to a missing bounds check. This coul... | | |
| CVE-2019-9244 | In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to loc... | | |
| CVE-2019-9245 | In the Android kernel in the f2fs driver there is a possible out of bounds read due to a missing bou... | | |
| CVE-2019-9246 | In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to loc... | | |
| CVE-2019-9247 | In AAC Codec, there is a missing variable initialization. This could lead to remote information disc... | | |
| CVE-2019-9248 | In the Android kernel in the FingerTipS touchscreen driver there is a possible out of bounds write d... | | |
| CVE-2019-9249 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead ... | | |
| CVE-2019-9250 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead ... | | |
| CVE-2019-9251 | In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to loc... | | |
| CVE-2019-9252 | In libavc there is a possible out of bounds read due to uninitialized data. This could lead to remot... | | |
| CVE-2019-9253 | In KeyStore, there is a possible storage of symmetric keys in the TEE instead of the strongbox due t... | | |
| CVE-2019-9254 | In readArgumentList of zygote.java in Android 10, there is a possible command injection due to impro... | | |
| CVE-2019-9256 | In libmediaextractor there is a possible out of bounds write due to an integer overflow. This could ... | | |
| CVE-2019-9257 | In Bluetooth, there is a possible out of bounds write due to an integer overflow. This could lead to... | | |
| CVE-2019-9258 | In wifilogd, there is a possible out of bounds write due to a missing bounds check. This could lead ... | | |
| CVE-2019-9259 | In the Bluetooth stack, there is a possible out of bounds write due to a use after free. This could ... | | |
| CVE-2019-9260 | In Bluetooth, there is a possible out of bounds read due to an incorrect bounds check. This could le... | | |
| CVE-2019-9261 | In libxaac there is a possible out of bounds read due to missing bounds check. This could lead to in... | | |
| CVE-2019-9262 | In MPEG4Extractor, there is a possible out of bounds write due to an integer overflow. This could le... | | |
| CVE-2019-9263 | In telephony, there is a possible bypass of user interaction requirements due to missing permission ... | | |
| CVE-2019-9264 | In libxaac there is a possible out of bounds read due to missing bounds check. This could lead to in... | | |
| CVE-2019-9265 | In Bluetooth, there is a possible out of bounds read due to an incorrect bounds check. This could le... | | |
| CVE-2019-9266 | In sensorservice, there is a possible out of bounds write due to a missing bounds check. This could ... | | |
| CVE-2019-9268 | In libstagefright, there is a possible use-after-free due to improper locking. This could lead to lo... | | |
| CVE-2019-9269 | In System Settings, there is a possible permissions bypass due to a cached Linux user ID. This could... | | |
| CVE-2019-9270 | In the Android kernel in unifi and r8180 WiFi drivers there is a possible out of bounds write due to... | | |
| CVE-2019-9271 | In the Android kernel in the mnh driver there is a race condition due to insufficient locking. This ... | | |
| CVE-2019-9272 | In WiFi, there is a possible leak of WiFi state due to a permissions bypass. This could lead to a lo... | | |
| CVE-2019-9273 | In the Android kernel in the synaptics_dsx_htc touchscreen driver there is a possible use after free... | | |
| CVE-2019-9274 | In the Android kernel in the mnh driver there is a possible out of bounds write due to a missing bou... | | |
| CVE-2019-9275 | In the Android kernel in the mnh driver there is a use after free due to improper locking. This coul... | | |
| CVE-2019-9276 | In the Android kernel in the synaptics_dsx_htc touchscreen driver there is a possible out of bounds ... | | |
| CVE-2019-9277 | In the proc filesystem, there is a possible information disclosure due to log information disclosure... | | |
| CVE-2019-9278 | In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to r... | S | |
| CVE-2019-9279 | In the wifi hotspot service, there is a possible denial of service due to a null pointer dereference... | | |
| CVE-2019-9280 | In keyguard, there is a possible escalation of privilege due to improper permission checks. This cou... | | |
| CVE-2019-9281 | In GoogleContactsSyncAdapter, there is a possible path traversal due to improper input sanitization.... | | |
| CVE-2019-9282 | In skia, there is a possible out of bounds read due to a missing bounds check. This could lead to re... | | |
| CVE-2019-9283 | In AAC Codec, there is a possible resource exhaustion due to improper input validation. This could l... | | |
| CVE-2019-9284 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead ... | | |
| CVE-2019-9285 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead ... | | |
| CVE-2019-9286 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead ... | | |
| CVE-2019-9287 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead ... | | |
| CVE-2019-9288 | In libhidcommand_jni, there is a possible out of bounds write due to a missing bounds check. This co... | | |
| CVE-2019-9289 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead ... | | |
| CVE-2019-9290 | In tzdata there is possible memory corruption due to a mismatch between allocation and deallocation ... | | |
| CVE-2019-9291 | In Bluetooth, there is a possible remote code execution due to an improper memory allocation. This c... | | |
| CVE-2019-9292 | In the Activity Manager service, there is a possible information disclosure due to a confused deputy... | | |
| CVE-2019-9293 | In libstagefright, there is a possible out of bounds read due to a missing bounds check. This could ... | | |
| CVE-2019-9294 | In libstagefright, there is a possible out of bounds read due to a missing bounds check. This could ... | | |
| CVE-2019-9295 | In com.android.apps.tag, there is a possible bypass of user interaction requirements due to a missin... | | |
| CVE-2019-9296 | In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to loc... | | |
| CVE-2019-9297 | In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to... | | |
| CVE-2019-9298 | In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to... | | |
| CVE-2019-9299 | In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to... | | |
| CVE-2019-9300 | In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to... | | |
| CVE-2019-9301 | In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to... | | |
| CVE-2019-9302 | In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to... | | |
| CVE-2019-9303 | In libFDK, there is a possible out of bounds write due to an integer overflow. This could lead to re... | | |
| CVE-2019-9304 | In libMpegTPDec, there is a possible out of bounds write due to an integer overflow. This could lead... | | |
| CVE-2019-9305 | In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to... | | |
| CVE-2019-9306 | In libMpegTPDec, there is a possible out of bounds write due to an integer overflow. This could lead... | | |
| CVE-2019-9307 | In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to... | | |
| CVE-2019-9308 | In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to... | | |
| CVE-2019-9309 | In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to a ... | | |
| CVE-2019-9310 | In libFDK, there is a possible out of bounds write due to an integer overflow. This could lead to re... | | |
| CVE-2019-9311 | In Bluetooth, there is a possible crash due to an integer overflow. This could lead to remote denial... | | |
| CVE-2019-9312 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead ... | | |
| CVE-2019-9313 | In libstagefright, there is a missing variable initialization. This could lead to remote information... | | |
| CVE-2019-9314 | In libavc, there is a missing variable initialization. This could lead to remote information disclos... | | |
| CVE-2019-9315 | In libhevc, there is a missing variable initialization. This could lead to remote information disclo... | | |
| CVE-2019-9316 | In libstagefright, there is a missing variable initialization. This could lead to remote information... | | |
| CVE-2019-9317 | In libstagefright, there is a missing variable initialization. This could lead to remote information... | | |
| CVE-2019-9318 | In libhevc, there is a missing variable initialization. This could lead to remote information disclo... | | |
| CVE-2019-9319 | In libavc, there is a missing variable initialization. This could lead to remote information disclos... | | |
| CVE-2019-9320 | In libavc, there is a missing variable initialization. This could lead to remote information disclos... | | |
| CVE-2019-9321 | In libavc, there is a missing variable initialization. This could lead to remote information disclos... | | |
| CVE-2019-9322 | In libavc there is a possible information disclosure due to uninitialized data. This could lead to r... | | |
| CVE-2019-9323 | In the Wallpaper Manager service, there is a possible information disclosure due to a missing permis... | | |
| CVE-2019-9325 | In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to ... | | |
| CVE-2019-9326 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead ... | | |
| CVE-2019-9327 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead ... | | |
| CVE-2019-9328 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead ... | | |
| CVE-2019-9329 | In Bluetooth, there is a possible out of bounds read due to uninitialized data. This could lead to r... | | |
| CVE-2019-9330 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead ... | | |
| CVE-2019-9331 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead ... | | |
| CVE-2019-9332 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead ... | | |
| CVE-2019-9333 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead ... | | |
| CVE-2019-9334 | In libhevc there is a possible information disclosure due to uninitialized data. This could lead to ... | | |
| CVE-2019-9335 | In libavc there is a possible information disclosure due to uninitialized data. This could lead to r... | | |
| CVE-2019-9336 | In libavc there is a possible information disclosure due to uninitialized data. This could lead to r... | | |
| CVE-2019-9337 | In libavc there is a possible information disclosure due to uninitialized data. This could lead to r... | | |
| CVE-2019-9338 | In libavc there is a possible information disclosure due to uninitialized data. This could lead to r... | | |
| CVE-2019-9341 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead ... | | |
| CVE-2019-9342 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead ... | | |
| CVE-2019-9343 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead ... | | |
| CVE-2019-9344 | In NFC server, there is a possible out of bounds read due to a missing bounds check. This could lead... | | |
| CVE-2019-9345 | In the Android kernel in sdcardfs there is a possible violation of the separation of data between pr... | | |
| CVE-2019-9346 | In libstagefright, there is a possible out of bounds write due to a heap buffer overflow. This could... | | |
| CVE-2019-9347 | In the m4v_h263 codec, there is a possible out of bounds read due to a use after free. This could le... | | |
| CVE-2019-9348 | In libstagefright, there is a possible resource exhaustion due to improper input validation. This co... | | |
| CVE-2019-9349 | In libstagefright, there is a possible resource exhaustion due to improper input validation. This co... | | |
| CVE-2019-9350 | In Keymaster, there is a possible EoP due to a use after free. This could lead to local escalation o... | | |
| CVE-2019-9351 | In SyncStatusObserver, there is a possible bypass for operating system protections that isolate user... | | |
| CVE-2019-9352 | In libstagefright, there is a possible resource exhaustion due to a missing bounds check. This could... | | |
| CVE-2019-9353 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead ... | | |
| CVE-2019-9354 | In NFC server, there's a possible out of bounds read due to a missing bounds check. This could lead ... | | |
| CVE-2019-9355 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead ... | | |
| CVE-2019-9356 | In NFC server, there is a possible out of bounds read due to a missing bounds check. This could lead... | | |
| CVE-2019-9357 | In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to... | | |
| CVE-2019-9358 | In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to a ... | | |
| CVE-2019-9359 | In libavc there is a possible information disclosure due to uninitialized data. This could lead to r... | | |
| CVE-2019-9360 | In the TEE, there's a possible out of bounds read due to a missing bounds check. This could lead to ... | | |
| CVE-2019-9361 | In libavc there is a possible information disclosure due to uninitialized data. This could lead to r... | | |
| CVE-2019-9362 | In libSACdec, there is a possible out of bounds read due to a missing bounds check. This could lead ... | | |
| CVE-2019-9363 | In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead... | | |
| CVE-2019-9364 | In AudioService, there is a possible trigger of background user audio due to a permissions bypass. T... | | |
| CVE-2019-9365 | In Bluetooth, there is a possible deserialization error due to missing string validation. This could... | | |
| CVE-2019-9366 | In libSBRdec there is a possible out of bounds read due to a missing bounds check. This could lead t... | | |
| CVE-2019-9367 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead ... | | |
| CVE-2019-9368 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead ... | | |
| CVE-2019-9369 | In Bluetooth, there is a use of uninitialized variable. This could lead to local information disclos... | | |
| CVE-2019-9370 | In sonivox, there is a possible out of bounds read due to an incorrect bounds check. This could lead... | | |
| CVE-2019-9371 | In libvpx, there is a possible resource exhaustion due to improper input validation. This could lead... | | |
| CVE-2019-9372 | In libskia, there is a possible crash due to a missing null check. This could lead to remote denial ... | | |
| CVE-2019-9373 | In JobStore, there is a mismatched serialization/deserialization for the "battery-not-low" job attri... | | |
| CVE-2019-9374 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2019-9375 | In hostapd, there is a possible out of bounds write due to a race condition. This could lead to loca... | | |
| CVE-2019-9376 | In Account of Account.java, there is a possible boot loop due to improper input validation. This cou... | | |
| CVE-2019-9377 | In FingerprintService, there is a possible bypass for operating system protections that isolate user... | | |
| CVE-2019-9378 | In the Activity Manager service, there is a possible permission bypass due to incorrect permission c... | | |
| CVE-2019-9379 | In libstagefright, there is a possible resource exhaustion due to a missing bounds check. This could... | | |
| CVE-2019-9380 | In the settings UI, there is a possible spoofing vulnerability due to a missing permission check. Th... | | |
| CVE-2019-9381 | In netd, there is a possible out of bounds read due to a use after free. This could lead to remote i... | | |
| CVE-2019-9382 | In libeffects, there is a possible out of bounds write due to a missing bounds check. This could lea... | | |
| CVE-2019-9383 | In NFC server, there is a possible out of bounds read due to a missing bounds check. This could lead... | | |
| CVE-2019-9384 | In LockPatternUtils, there is a possible escalation of privilege due to an improper permissions chec... | | |
| CVE-2019-9385 | In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to... | | |
| CVE-2019-9386 | In NFC server, there is a possible out of bounds write due to a missing bounds check. This could lea... | | |
| CVE-2019-9387 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead ... | | |
| CVE-2019-9388 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead ... | | |
| CVE-2019-9389 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead ... | | |
| CVE-2019-9390 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead ... | | |
| CVE-2019-9391 | In libxaac, there is a possible out of bounds read due to uninitialized data. This could lead to inf... | | |
| CVE-2019-9393 | In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lea... | | |
| CVE-2019-9394 | In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lea... | | |
| CVE-2019-9395 | In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lea... | | |
| CVE-2019-9396 | In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lea... | | |
| CVE-2019-9397 | In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lea... | | |
| CVE-2019-9398 | In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lea... | | |
| CVE-2019-9399 | The Print Service is susceptible to man in the middle attacks due to improperly used crypto. This co... | | |
| CVE-2019-9400 | In Bluetooth, there is a possible null pointer dereference due to a missing null check. This could l... | | |
| CVE-2019-9401 | In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lea... | | |
| CVE-2019-9402 | In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lea... | | |
| CVE-2019-9403 | In cn-cbor, there is a possible out of bounds read due to improper casting. This could lead to remot... | | |
| CVE-2019-9404 | In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lea... | | |
| CVE-2019-9405 | In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to... | | |
| CVE-2019-9406 | In libhevc there is a possible information disclosure due to uninitialized data. This could lead to ... | | |
| CVE-2019-9407 | In notification management of the service manager, there is a possible permissions bypass. This coul... | | |
| CVE-2019-9408 | In libavc there is a possible information disclosure due to uninitialized data. This could lead to r... | | |
| CVE-2019-9409 | In libhevc there is a possible information disclosure due to uninitialized data. This could lead to ... | | |
| CVE-2019-9410 | In libavc there is a possible information disclosure due to uninitialized data. This could lead to r... | | |
| CVE-2019-9411 | In libavc there is a possible information disclosure due to uninitialized data. This could lead to r... | | |
| CVE-2019-9412 | In libSBRdec there is a possible out of bounds read due to incorrect bounds check. This could lead t... | | |
| CVE-2019-9413 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead ... | | |
| CVE-2019-9414 | In wpa_supplicant, there is a possible man in the middle vulnerability due to improper input validat... | | |
| CVE-2019-9415 | In libstagefright there is a possible information disclosure due to uninitialized data. This could l... | | |
| CVE-2019-9416 | In libstagefright there is a possible information disclosure due to uninitialized data. This could l... | | |
| CVE-2019-9417 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead ... | | |
| CVE-2019-9418 | In libstagefright, there is a possible resource exhaustion due to a missing bounds check. This could... | | |
| CVE-2019-9419 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead ... | | |
| CVE-2019-9420 | In libhevc, there is a possible out of bounds read due to an integer overflow. This could lead to re... | | |
| CVE-2019-9421 | In libandroidfw, there is a possible OOB read due to an integer overflow. This could lead to local i... | | |
| CVE-2019-9422 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead ... | | |
| CVE-2019-9423 | In opencv calls that use libpng, there is a possible out of bounds write due to a missing bounds che... | | |
| CVE-2019-9424 | In the Screen Lock, there is a possible information disclosure due to an unusual root cause. In cert... | | |
| CVE-2019-9425 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead ... | | |
| CVE-2019-9426 | In the Android kernel in Bluetooth there is a possible out of bounds write due to a missing bounds c... | | |
| CVE-2019-9427 | In Bluetooth, there is a possible information disclosure due to a use after free. This could lead to... | | |
| CVE-2019-9428 | In the Framework, it is possible to set up BROWSEABLE intents to take over certain URLs. This could ... | | |
| CVE-2019-9429 | In profman, there is a possible out of bounds write due to memory corruption. This could lead to loc... | | |
| CVE-2019-9430 | In Bluetooth, there is a possible null pointer dereference due to a missing null check. This could l... | | |
| CVE-2019-9431 | In Bluetooth, there is a possible out of bounds read due to a use after free. This could lead to rem... | | |
| CVE-2019-9432 | In Bluetooth, there is a possible out of bounds read due to improper input validation. This could le... | | |
| CVE-2019-9433 | In libvpx, there is a possible information disclosure due to improper input validation. This could l... | | |
| CVE-2019-9434 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead ... | | |
| CVE-2019-9435 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead ... | | |
| CVE-2019-9436 | In the Android kernel in the bootloader there is a possible secure boot bypass. This could lead to l... | | |
| CVE-2019-9438 | In the Package Manager service, there is a possible information disclosure due to a confused deputy.... | | |
| CVE-2019-9440 | In AOSP Email, there is a possible information disclosure due to a confused deputy. This could lead ... | | |
| CVE-2019-9441 | In the Android kernel in the mnh driver there is a possible out of bounds write due to improper inpu... | | |
| CVE-2019-9442 | In the Android kernel in the mnh driver there is possible memory corruption due to a use after free.... | | |
| CVE-2019-9443 | In the Android kernel in the vl53L0 driver there is a possible out of bounds write due to a permissi... | | |
| CVE-2019-9444 | In the Android kernel in sync debug fs driver there is a kernel pointer leak due to the usage of pri... | | |
| CVE-2019-9445 | In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds ... | | |
| CVE-2019-9446 | In the Android kernel in the FingerTipS touchscreen driver there is a possible out of bounds write d... | | |
| CVE-2019-9447 | In the Android kernel in the FingerTipS touchscreen driver there is a possible use-after-free due to... | | |
| CVE-2019-9448 | In the Android kernel in the FingerTipS touchscreen driver there is a possible out of bounds write d... | | |
| CVE-2019-9449 | In the Android kernel in FingerTipS touchscreen driver there is a possible out of bounds read due to... | | |
| CVE-2019-9450 | In the Android kernel in the FingerTipS touchscreen driver there is a possible memory corruption due... | S | |
| CVE-2019-9451 | In the Android kernel in the touchscreen driver there is a possible out of bounds write due to a mis... | | |
| CVE-2019-9452 | In the Android kernel in SEC_TS touch driver there is a possible out of bounds read due to a missing... | S | |
| CVE-2019-9453 | In the Android kernel in F2FS touch driver there is a possible out of bounds read due to improper in... | S | |
| CVE-2019-9454 | In the Android kernel in i2c driver there is a possible out of bounds write due to memory corruption... | S | |
| CVE-2019-9455 | In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement.... | | |
| CVE-2019-9456 | In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing b... | S | |
| CVE-2019-9457 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-14634. Reason: This candidat... | R | |
| CVE-2019-9458 | In the Android kernel in the video driver there is a use after free due to a race condition. This co... | S | |
| CVE-2019-9459 | In libttspico, there is a possible OOB write due to a heap buffer overflow. This could lead to remot... | | |
| CVE-2019-9460 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2019-9461 | In the Android kernel in VPN routing there is a possible information disclosure. This could lead to ... | E | |
| CVE-2019-9462 | In Bluetooth, there is a possible out of bounds read due to an incorrect bounds check. This could le... | | |
| CVE-2019-9463 | In Platform, there is a possible bypass of user interaction requirements due to background app inter... | | |
| CVE-2019-9464 | In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionSer... | S | |
| CVE-2019-9465 | In the Titan M handling of cryptographic operations, there is a possible information disclosure due ... | | |
| CVE-2019-9466 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-9503. Reason: This candidate... | R | |
| CVE-2019-9467 | In the Bootloader, there is a possible kernel command injection due to missing command sanitization.... | | |
| CVE-2019-9468 | In export_key_der of export_key.cpp, there is possible memory corruption due to a double free. This ... | | |
| CVE-2019-9469 | In km_compute_shared_hmac of km4.c, there is a possible out of bounds write due to improper input va... | | |
| CVE-2019-9470 | In dma_sblk_start of abc-pcie.c, there is a possible out of bounds write due to a missing bounds che... | | |
| CVE-2019-9471 | In set_outbound_iatu of abc-pcie.c, there is a possible out of bounds write due to a missing bounds ... | | |
| CVE-2019-9472 | In DCRYPTO_equals of compare.c, there is a possible timing attack due to improperly used crypto. Thi... | | |
| CVE-2019-9473 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead ... | | |
| CVE-2019-9474 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead ... | | |
| CVE-2019-9475 | In /proc/net of the kernel filesystem, there is a possible information leak due to a permissions byp... | | |
| CVE-2019-9482 | In MISP 2.4.102, an authenticated user can view sightings that they should not be eligible for. Expl... | S | |
| CVE-2019-9483 | Amazon Ring Doorbell before 3.4.7 mishandles encryption, which allows attackers to obtain audio and ... | | |
| CVE-2019-9484 | The Glen Dimplex Deutschland GmbH implementation of the Carel pCOWeb configuration tool allows remot... | | |
| CVE-2019-9485 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.... | | |
| CVE-2019-9486 | STRATO HiDrive Desktop Client 5.0.1.0 for Windows suffers from a SYSTEM privilege escalation vulnera... | E | |
| CVE-2019-9488 | Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0) are vulnerable to ... | S | |
| CVE-2019-9489 | A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and ... | S | |
| CVE-2019-9490 | A vulnerability in Trend Micro InterScan Web Security Virtual Appliance version 6.5 SP2 could allow ... | | |
| CVE-2019-9491 | Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may ... | E | |
| CVE-2019-9492 | A DLL side-loading vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow an authentica... | S | |
| CVE-2019-9493 | MyCar Controls uses hard-coded credentials | | |
| CVE-2019-9494 | The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side-channel attacks | S | |
| CVE-2019-9495 | The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns | S | |
| CVE-2019-9496 | An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps | S | |
| CVE-2019-9497 | The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit | S | |
| CVE-2019-9498 | The implementations of EAP-PWD in hostapd EAP Server do not validate the scalar and element values in EAP-pwd-Commit | S | |
| CVE-2019-9499 | The implementations of EAP-PWD in wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit | S | |
| CVE-2019-9500 | Broadcom brcmfmac driver is vulnerable to a heap buffer overflow | E S | |
| CVE-2019-9501 | Broadcom wl driver is vulnerable to heap buffer overflow | E | |
| CVE-2019-9502 | Broadcom wl driver is vulnerable to heap buffer overflow | | |
| CVE-2019-9503 | Broadcom brcmfmac driver is vulnerable to a frame validation bypass | S | |
| CVE-2019-9505 | PrinterLogic Print Management Software does not sanitize special characters | | |
| CVE-2019-9506 | Blutooth BR/EDR specification does not specify sufficient encryption key length and allows an attacker to influence key length negotiation | M | |
| CVE-2019-9507 | The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to arbitrary remote code execution | S | |
| CVE-2019-9508 | Vertiv Avocent UMG-4000 version 4.2.1.19 web interface is vulnerable to stored cross site scripting | S | |
| CVE-2019-9509 | The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to reflected cross site scripting | S | |
| CVE-2019-9510 | Microsoft Windows RDP can bypass the Windows lock screen | S | |
| CVE-2019-9511 | Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service | S | |
| CVE-2019-9512 | Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service | | |
| CVE-2019-9513 | Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service | | |
| CVE-2019-9514 | Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service | | |
| CVE-2019-9515 | Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service | | |
| CVE-2019-9516 | Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service | | |
| CVE-2019-9517 | Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service | S | |
| CVE-2019-9518 | Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service | | |
| CVE-2019-9529 | The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default | | |
| CVE-2019-9530 | The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files | | |
| CVE-2019-9531 | The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to a port that can run AT commands | | |
| CVE-2019-9532 | The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext | | |
| CVE-2019-9533 | The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08 | | |
| CVE-2019-9534 | The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image | | |
| CVE-2019-9535 | iTerm2, up to and including version 3.3.5, with tmux integration is vulnerable to remote command execution | E M | |
| CVE-2019-9536 | Apple iPhone 3GS bootrom malloc implementation returns a non-NULL pointer when unable to allocate me... | E | |
| CVE-2019-9537 | Telos Automated Message Handling System reflected XSS in uploaditem.asp | | |
| CVE-2019-9538 | Telos Automated Message Handling System reflected XSS in LDAP cbURL parameter | | |
| CVE-2019-9539 | Telos Automated Message Handling System reflected XSS in ModalWindowPopup.asp | | |
| CVE-2019-9540 | Telos Automated Message Handling System reflected XSS in prefs.asp | | |
| CVE-2019-9541 | Telos Automated Message Handling System information disclosure in itemlookup.asp | | |
| CVE-2019-9542 | Telos Automated Message Handling System reflected XSS in itemlookup.asp | | |
| CVE-2019-9543 | An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBit... | E | |
| CVE-2019-9544 | An issue was discovered in Bento4 1.5.1-628. An out of bounds write occurs in AP4_CttsTableEntry::AP... | E | |
| CVE-2019-9545 | An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion... | E | |
| CVE-2019-9546 | SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ se... | | |
| CVE-2019-9547 | In Storage Performance Development Kit (SPDK) before 19.01, a malicious vhost client (i.e., virtual ... | | |
| CVE-2019-9548 | Citrix Application Delivery Management (ADM) 12.1.x before 12.1.50.33 has Incorrect Access Control.... | M | |
| CVE-2019-9549 | An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-admin/route.php?mod=user&act=add... | E | |
| CVE-2019-9550 | DhCms through 2017-09-18 has admin.php?r=admin/Index/index XSS.... | E | |
| CVE-2019-9551 | An issue was discovered in DOYO (aka doyocms) 2.3 through 2015-05-06. It has admin.php XSS.... | E | |
| CVE-2019-9552 | Eloan V3.0 through 2018-09-20 allows remote attackers to list files via a direct request to the p2p/... | E | |
| CVE-2019-9553 | Bolt 3.6.4 has XSS via the slug, teaser, or title parameter to editcontent/pages, a related issue to... | E | |
| CVE-2019-9554 | In the 3.1.12 Pro version of Craft CMS, XSS has been discovered in the header insertion field when a... | E | |
| CVE-2019-9555 | Sagemcom F@st 5260 routers using firmware version 0.4.39, in WPA mode, default to using a PSK that i... | M | |
| CVE-2019-9556 | FiberHome an5506-04-f RP2669 devices have XSS.... | E | |
| CVE-2019-9557 | Ability Mail Server 4.2.6 has Persistent Cross Site Scripting (XSS) via the body e-mail body. To exp... | E | |
| CVE-2019-9558 | Mailtraq WebMail version 2.17.7.3550 has Persistent Cross Site Scripting (XSS) via the body of an e-... | E | |
| CVE-2019-9563 | In BlueMind 3.5.x before 3.5.11 Hotfix 7 and 4.x before 4.0-beta3, the contact application mishandle... | S | |
| CVE-2019-9564 | Authentication bypass in Wyze Cam Pan v2, Cam v2 and Cam v3 | S | |
| CVE-2019-9565 | Druide Antidote RX, HD, 8 before 8.05.2287, 9 before 9.5.3937 and 10 before 10.1.2147 allows remote ... | E | |
| CVE-2019-9566 | FlarumChina v0.1.0-beta.7C has SQL injection via a /?q= request.... | E | |
| CVE-2019-9567 | The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has XSS via a cus... | E | |
| CVE-2019-9568 | The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has SQL Injection... | E | |
| CVE-2019-9569 | Buffer Overflow in dactetra in Delta Controls enteliBUS Manager V3.40_B-571848 allows remote unauthe... | E | |
| CVE-2019-9570 | An issue was discovered in YzmCMS 5.2.0. It has XSS via the bottom text field to the admin/system_ma... | E | |
| CVE-2019-9572 | SchoolCMS version 2.3.1 allows file upload via the theme upload feature at admin.php?m=admin&c=theme... | E | |
| CVE-2019-9573 | The WP Human Resource Management plugin before 2.2.6 for WordPress mishandles leave applications.... | | |
| CVE-2019-9574 | The WP Human Resource Management plugin before 2.2.6 for WordPress does not ensure that a leave modi... | | |
| CVE-2019-9575 | The Quiz And Survey Master plugin 6.0.4 for WordPress allows wp-admin/admin.php?page=mlw_quiz_result... | E | |
| CVE-2019-9576 | The Blog2Social plugin before 5.0.3 for WordPress allows wp-admin/admin.php?page=blog2social-ship XS... | E | |
| CVE-2019-9578 | In devs.c in Yubico libu2f-host before 1.1.8, the response to init is misparsed, leaking uninitializ... | S | |
| CVE-2019-9579 | An issue was discovered in Illumos in Nexenta NexentaStor 4.0.5 and 5.1.2, and other products. The S... | S | |
| CVE-2019-9580 | In st2web in StackStorm Web UI before 2.9.3 and 2.10.x before 2.10.3, it is possible to bypass the C... | | |
| CVE-2019-9581 | phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file upload via the Favicon field, leading to ... | E S | |
| CVE-2019-9582 | eQ-3 Homematic CCU2 outdated base software packages allows Denial of Service. CCU2 affected versions... | E | |
| CVE-2019-9583 | eQ-3 Homematic CCU2 and CCU3 obtain session IDs without login. This allows a Denial of Service and i... | E | |
| CVE-2019-9584 | eQ-3 Homematic AddOn 'CloudMatic' on CCU2 and CCU3 allows uncontrolled admin access, resulting in th... | E | |
| CVE-2019-9585 | eQ-3 Homematic CCU2 prior to 2.47.10 and CCU3 prior to 3.47.10 JSON API has Improper Access Control ... | E | |
| CVE-2019-9587 | There is a stack consumption issue in md5Round1() located in Decrypt.cc in Xpdf 4.01. It can be trig... | E | |
| CVE-2019-9588 | There is an Invalid memory access in gAtomicIncrement() located at GMutex.h in Xpdf 4.01. It can be ... | E | |
| CVE-2019-9589 | There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources() located in PSOutp... | E | |
| CVE-2019-9590 | An issue was discovered on TENGCONTROL T-920 PLC v5.5 devices. It allows remote attackers to cause a... | E | |
| CVE-2019-9591 | A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE before 19.49.1500.0 ... | E | |
| CVE-2019-9592 | A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 19.45.1602.0 allows ... | E | |
| CVE-2019-9593 | A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 18.82.2000.0 allows ... | E | |
| CVE-2019-9594 | BlueCMS 1.6 allows SQL Injection via the user_id parameter in an uploads/admin/user.php?act=edit req... | E | |
| CVE-2019-9595 | AppCMS 2.0.101 allows XSS via the upload/callback.php params parameter.... | E | |
| CVE-2019-9596 | Darktrace Enterprise Immune System before 3.1 allows CSRF via the /whitelisteddomains endpoint.... | E | |
| CVE-2019-9597 | Darktrace Enterprise Immune System before 3.1 allows CSRF via the /config endpoint.... | E | |
| CVE-2019-9598 | An issue was discovered in Cscms 4.1.0. There is an admin.php/pay CSRF vulnerability that can change... | E | |
| CVE-2019-9599 | The AirDroid application through 4.2.1.6 for Android allows remote attackers to cause a denial of se... | E | |
| CVE-2019-9600 | The Olive Tree FTP Server (aka com.theolivetree.ftpserver) application through 1.32 for Android allo... | E | |
| CVE-2019-9601 | The ApowerManager application through 3.1.7 for Android allows remote attackers to cause a denial of... | E | |
| CVE-2019-9603 | MiniCMS 1.10 allows mc-admin/post.php?state=publish&delete= CSRF to delete articles, a different vul... | E | |
| CVE-2019-9604 | PHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Cross-Site Request Forgery (CSRF) for... | E | |
| CVE-2019-9605 | PHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Reflected Cross-site Scripting (XSS) ... | E | |
| CVE-2019-9606 | PHP Scripts Mall Personal Video Collection Script 4.0.4 has Stored XSS via the "Update profile" feat... | E | |
| CVE-2019-9607 | PHP Scripts Mall Medical Store Script 3.0.3 allows Path Traversal by navigating to the parent direct... | E | |
| CVE-2019-9608 | An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because b... | E | |
| CVE-2019-9609 | An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because b... | E | |
| CVE-2019-9610 | An issue was discovered in OFCMS before 1.1.3. It has admin/cms/template/getTemplates.html?res_path=... | E | |
| CVE-2019-9611 | An issue was discovered in OFCMS before 1.1.3. It allows admin/cms/template/getTemplates.html?res_pa... | E | |
| CVE-2019-9612 | An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because b... | E | |
| CVE-2019-9613 | An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because b... | E | |
| CVE-2019-9614 | An issue was discovered in OFCMS before 1.1.3. A command execution vulnerability exists via a templa... | E | |
| CVE-2019-9615 | An issue was discovered in OFCMS before 1.1.3. It allows admin/system/generate/create?sql= SQL injec... | E | |
| CVE-2019-9616 | An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because b... | E | |
| CVE-2019-9617 | An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because b... | E | |
| CVE-2019-9618 | The GraceMedia Media Player plugin 1.0 for WordPress allows Local File Inclusion via the "cfg" param... | E | |
| CVE-2019-9619 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2019-9621 | Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.1... | E | |
| CVE-2019-9622 | eBrigade through 4.5 allows Arbitrary File Download via ../ directory traversal in the showfile.php ... | E | |
| CVE-2019-9623 | Feng Office 3.7.0.5 allows remote attackers to execute arbitrary code via " |