|
219921
|
6.5 |
MEDIUM
Network
|
mongodb
|
mongodb
|
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use $lookup and collations. This issue affects MongoDB Server v4.2 versions pri…
|
CWE-416
Use After Free
|
CVE-2019-2393
|
2024-11-21 13:40 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219922
|
6.5 |
MEDIUM
Network
|
mongodb
|
mongodb
|
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use the $mod operator to overflow negative values. This issue affects: MongoDB …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2019-2392
|
2024-11-21 13:40 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219923
|
7.8 |
HIGH
Local
|
google
|
android
|
In SurfaceFlinger::createLayer of SurfaceFlinger.cpp, there is a possible arbitrary code execution due to improper casting. This could lead to local escalation of privilege with no additional executi…
|
CWE-704
Incorrect Type Conversion or Cast
|
CVE-2019-2194
|
2024-11-21 13:40 |
2020-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219924
|
5.3 |
MEDIUM
Network
|
mongodb
|
ops_manager
|
In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc.…
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2019-2388
|
2024-11-21 13:40 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219925
|
5.5 |
MEDIUM
Local
|
google
|
android
|
There is a possible disclosure of RAM using a shared crypto key due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User int…
|
NVD-CWE-noinfo
|
CVE-2019-2056
|
2024-11-21 13:40 |
2020-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219926
|
5.4 |
MEDIUM
Network
|
mongodb
|
js-bson
|
Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. This may cause unexpected application behaviour including data disclosure. This issue affects: MongoDB In…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-2391
|
2024-11-21 13:40 |
2020-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219927
|
7.3 |
HIGH
Local
|
google
|
android
|
In overlay notifications, there is a possible hidden notification due to improper input validation. This could lead to a local escalation of privilege because the user is not notified of an overlayin…
|
CWE-20
Improper Input Validation
|
CVE-2019-2216
|
2024-11-21 13:40 |
2020-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219928
|
7.8 |
HIGH
Local
|
google
|
android
|
In app uninstallation, there is a possible set of permissions that may not be removed from a shared app ID. This could lead to a local escalation of privilege with no additional execution privileges …
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-2089
|
2024-11-21 13:40 |
2020-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219929
|
5.5 |
MEDIUM
Local
|
google
|
android
|
In StatsService, there is a possible out of bounds read. This could lead to local information disclosure if UBSAN were not enabled, with no additional execution privileges needed. User interaction is…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-2088
|
2024-11-21 13:40 |
2020-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219930
|
6.5 |
MEDIUM
Network
|
google
|
android
|
In libAACdec, there is a possible out of bounds read. This could lead to remote information disclosure, with no additional execution privileges needed. User interaction is needed for exploitation.Pro…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-2058
|
2024-11-21 13:40 |
2020-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
