Export limit exceeded: 348219 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 25209 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25209 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-14010 | 1 Qualcomm | 22 Mdm9607, Mdm9607 Firmware, Nicobar and 19 more | 2024-11-21 | 7.5 High |
| The device may enter into error state when some tool or application gets failure at 1st buffer map all and performs 2nd buffer map which happens to be at same physical address in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, Nicobar, Rennell, SA6155P, SDM660, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 | ||||
| CVE-2019-14007 | 1 Qualcomm | 98 Apq8009, Apq8009 Firmware, Apq8017 and 95 more | 2024-11-21 | 5.5 Medium |
| Due to the use of non-time-constant comparison functions there is issue in timing side channels which can be used as a potential side channel for SUI corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS404, QCS405, QCS605, QM215, Rennell, SA6155P, SC7180, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130, SXR2130 | ||||
| CVE-2019-13932 | 1 Siemens | 1 Xhq | 2024-11-21 | 9.1 Critical |
| A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web application requests could be manipulated, causing the the application to behave in unexpected ways for legitimate users. Successful exploitation does not require for an attacker to be authenticated. A successful attack could allow the import of scripts or generation of malicious links. This could allow the attacker to read or modify contents of the web application. At the time of advisory publication no public exploitation of this security vulnerability was known. | ||||
| CVE-2019-13917 | 2 Debian, Exim | 2 Debian Linux, Exim | 2024-11-21 | N/A |
| Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain). | ||||
| CVE-2019-13750 | 5 Canonical, Debian, Fedoraproject and 2 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2024-11-21 | 6.5 Medium |
| Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page. | ||||
| CVE-2019-13744 | 4 Debian, Fedoraproject, Google and 1 more | 8 Debian Linux, Fedora, Chrome and 5 more | 2024-11-21 | 6.5 Medium |
| Insufficient policy enforcement in cookies in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2019-13737 | 4 Debian, Fedoraproject, Google and 1 more | 8 Debian Linux, Fedora, Chrome and 5 more | 2024-11-21 | 6.5 Medium |
| Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | ||||
| CVE-2019-13707 | 3 Google, Opensuse, Redhat | 3 Chrome, Backports, Rhel Extras | 2024-11-21 | 5.5 Medium |
| Insufficient validation of untrusted input in intents in Google Chrome on Android prior to 78.0.3904.70 allowed a local attacker to leak files via a crafted application. | ||||
| CVE-2019-13697 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 6.5 Medium |
| Insufficient policy enforcement in performance APIs in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2019-13692 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 8.8 High |
| Insufficient policy enforcement in reader mode in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page. | ||||
| CVE-2019-13684 | 1 Google | 1 Chrome | 2024-11-21 | 5.3 Medium |
| Inappropriate implementation in JavaScript in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2019-13675 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 4.3 Medium |
| Insufficient data validation in extensions in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to disable extensions via a crafted HTML page. | ||||
| CVE-2019-13666 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 7.4 High |
| Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2019-13629 | 1 Matrixssl | 1 Matrixssl | 2024-11-21 | 5.9 Medium |
| MatrixSSL 4.2.1 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or a remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because crypto/pubkey/ecc_math.c scalar multiplication leaks the bit length of the scalar. | ||||
| CVE-2019-13628 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 4.7 Medium |
| wolfSSL and wolfCrypt 4.0.0 and earlier (when configured without --enable-fpecc, --enable-sp, or --enable-sp-math) contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to precisely measure the duration of signature operations, to infer information about the nonces used and potentially mount a lattice attack to recover the private key used. The issue occurs because ecc.c scalar multiplication might leak the bit length. | ||||
| CVE-2019-13627 | 5 Canonical, Debian, Libgcrypt20 Project and 2 more | 5 Ubuntu Linux, Debian Linux, Libgcrypt20 and 2 more | 2024-11-21 | 6.3 Medium |
| It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7. | ||||
| CVE-2019-13612 | 1 Altn | 1 Mdaemon Email Server | 2024-11-21 | N/A |
| MDaemon Email Server 19 through 20.0.1 skips SpamAssassin checks by default for e-mail messages larger than 2 MB (and limits checks to 10 MB even with special configuration), which is arguably inconsistent with currently popular message sizes. This might interfere with risk management for malicious e-mail, if a customer deploys a server with sufficient resources to scan large messages. | ||||
| CVE-2019-13599 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 5.3 Medium |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.848, the Login process allows attackers to check whether a username is valid by comparing response times. | ||||
| CVE-2019-13557 | 1 Philips | 2 Tasy Emr, Tasy Webportal | 2024-11-21 | 5.3 Medium |
| In Tasy EMR, Tasy WebPortal Versions 3.02.1757 and prior, there is an information exposure vulnerability which may allow a remote attacker to access system and configuration information. | ||||
| CVE-2019-13541 | 1 Hornerautomation | 1 Cscape | 2024-11-21 | 7.8 High |
| In Horner Automation Cscape 9.90 and prior, an improper input validation vulnerability has been identified that may be exploited by processing files lacking user input validation. This may allow an attacker to access information and remotely execute arbitrary code. | ||||