|
222101
|
6.7 |
MEDIUM
Local
|
google
|
android
|
In the Android kernel in the FingerTipS touchscreen driver there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System executio…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-9248
|
2024-11-21 13:51 |
2019-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222102
|
4.4 |
MEDIUM
Local
|
google
|
android
|
In the Android kernel in the f2fs driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed.…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-9245
|
2024-11-21 13:51 |
2019-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222103
|
7.8 |
HIGH
Local
|
google
|
android
|
In readArgumentList of zygote.java in Android 10, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution…
|
CWE-20
CWE-77
Improper Input Validation
Command Injection
|
CVE-2019-9254
|
2024-11-21 13:51 |
2019-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222104
|
9.8 |
CRITICAL
Network
|
deltacontrols
|
entelibus_firmware
|
Buffer Overflow in dactetra in Delta Controls enteliBUS Manager V3.40_B-571848 allows remote unauthenticated users to execute arbitrary code and possibly cause a denial of service via unspecified vec…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-9569
|
2024-11-21 13:51 |
2019-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222105
|
5.9 |
MEDIUM
Network
|
openpgpjs
|
openpgpjs
|
A cryptographic issue in OpenPGP.js <=4.2.0 allows an attacker who is able provide forged messages and gain feedback about whether decryption of these messages succeeded to conduct an invalid curve a…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2019-9155
|
2024-11-21 13:51 |
2019-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222106
|
7.5 |
HIGH
Network
|
openpgpjs
|
openpgpjs
|
Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to pass off unsigned data as signed.
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2019-9154
|
2024-11-21 13:51 |
2019-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222107
|
7.5 |
HIGH
Network
|
openpgpjs
|
openpgpjs
|
Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to forge signed messages by replacing its signatures with a "standalone" or "timestamp" signature.
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2019-9153
|
2024-11-21 13:51 |
2019-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222108
|
9.8 |
CRITICAL
Network
|
eq-3
|
homematic_ccu2_firmware
homematic_ccu3_firmware
|
eQ-3 Homematic CCU2 prior to 2.47.10 and CCU3 prior to 3.47.10 JSON API has Improper Access Control for Interface.***Metadata related operations, resulting in the ability to read, set and deletion of…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-9585
|
2024-11-21 13:51 |
2019-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222109
|
9.8 |
CRITICAL
Network
|
eq-3
|
homematic_ccu2_firmware
homematic_ccu3_firmware
|
eQ-3 Homematic AddOn 'CloudMatic' on CCU2 and CCU3 allows uncontrolled admin access, resulting in the ability to obtain VPN profile details, shutting down the VPN service and to delete the VPN servic…
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2019-9584
|
2024-11-21 13:51 |
2019-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222110
|
8.2 |
HIGH
Network
|
eq-3
|
homematic_ccu3_firmware
homematic_ccu2_firmware
|
eQ-3 Homematic CCU2 and CCU3 obtain session IDs without login. This allows a Denial of Service and is a starting point for other attacks. Affected versions for CCU2: 2.35.16, 2.41.5, 2.41.8, 2.41.9, …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2019-9583
|
2024-11-21 13:51 |
2019-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
