|
225041
|
6.5 |
MEDIUM
Network
|
mongodb
|
mongodb
|
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use the $mod operator to overflow negative values. This issue affects: MongoDB …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2019-2392
|
2024-11-21 13:40 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225042
|
7.8 |
HIGH
Local
|
google
|
android
|
In SurfaceFlinger::createLayer of SurfaceFlinger.cpp, there is a possible arbitrary code execution due to improper casting. This could lead to local escalation of privilege with no additional executi…
|
CWE-704
Incorrect Type Conversion or Cast
|
CVE-2019-2194
|
2024-11-21 13:40 |
2020-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225043
|
5.3 |
MEDIUM
Network
|
mongodb
|
ops_manager
|
In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc.…
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2019-2388
|
2024-11-21 13:40 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225044
|
5.5 |
MEDIUM
Local
|
google
|
android
|
There is a possible disclosure of RAM using a shared crypto key due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User int…
|
NVD-CWE-noinfo
|
CVE-2019-2056
|
2024-11-21 13:40 |
2020-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225045
|
5.4 |
MEDIUM
Network
|
mongodb
|
js-bson
|
Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. This may cause unexpected application behaviour including data disclosure. This issue affects: MongoDB In…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-2391
|
2024-11-21 13:40 |
2020-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225046
|
7.3 |
HIGH
Local
|
google
|
android
|
In overlay notifications, there is a possible hidden notification due to improper input validation. This could lead to a local escalation of privilege because the user is not notified of an overlayin…
|
CWE-20
Improper Input Validation
|
CVE-2019-2216
|
2024-11-21 13:40 |
2020-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225047
|
7.8 |
HIGH
Local
|
google
|
android
|
In app uninstallation, there is a possible set of permissions that may not be removed from a shared app ID. This could lead to a local escalation of privilege with no additional execution privileges …
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-2089
|
2024-11-21 13:40 |
2020-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225048
|
5.5 |
MEDIUM
Local
|
google
|
android
|
In StatsService, there is a possible out of bounds read. This could lead to local information disclosure if UBSAN were not enabled, with no additional execution privileges needed. User interaction is…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-2088
|
2024-11-21 13:40 |
2020-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225049
|
6.5 |
MEDIUM
Network
|
google
|
android
|
In libAACdec, there is a possible out of bounds read. This could lead to remote information disclosure, with no additional execution privileges needed. User interaction is needed for exploitation.Pro…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-2058
|
2024-11-21 13:40 |
2020-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225050
|
9.8 |
CRITICAL
Network
|
qualcomm
|
msm8905_firmware
msm8909_firmware
msm8917_firmware
msm8920_firmware
msm8937_firmware
msm8940_firmware
msm8953_firmware
nicobar_firmware
qcm2150_firmware
qm215_firmware
s…
|
The secret key used to make the Initial Sequence Number in the TCP SYN packet could be brute forced and therefore can be predicted in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Sna…
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2019-2317
|
2024-11-21 13:40 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
