Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9812 | 1 Mozilla | 2 Firefox, Firefox Esr | 2021-07-21 | 5.8 MEDIUM | 9.3 CRITICAL |
| Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the local machine and the compromised browser would restart without the sandbox if a crash is triggered. This vulnerability affects Firefox ESR < 60.9, Firefox ESR < 68.1, and Firefox < 69. | |||||
| CVE-2019-9831 | 1 Airmore | 1 Airmore | 2021-07-21 | 7.8 HIGH | 7.5 HIGH |
| The AirMore application through 1.6.1 for Android allows remote attackers to cause a denial of service (system hang) via many simultaneous /?Key=PhoneRequestAuthorization requests. | |||||
| CVE-2019-9832 | 1 Airdrop Project | 1 Airdrop | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| The AirDrop application through 2.0 for Android allows remote attackers to cause a denial of service via a client that makes many socket connections through a configured port. | |||||
| CVE-2019-9833 | 1 Screen Stream Project | 1 Screen Stream | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Screen Stream application through 3.0.15 for Android allows remote attackers to cause a denial of service via many simultaneous /start-stop requests. | |||||
| CVE-2019-9864 | 1 Amazon Affiliate Store Project | 1 Amazon Affiliate Store | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| PHP Scripts Mall Amazon Affiliate Store 2.1.6 allows Parameter Tampering of the payment amount. | |||||
| CVE-2019-9931 | 1 Lexmark | 142 6500e, 6500e Firmware, C734 and 139 more | 2021-07-21 | 7.8 HIGH | 7.5 HIGH |
| Various Lexmark printers contain a denial of service vulnerability in the SNMP service that can be exploited to crash the device. | |||||
| CVE-2019-9897 | 5 Debian, Fedoraproject, Netapp and 2 more | 5 Debian Linux, Fedora, Oncommand Unified Manager and 2 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71. | |||||
| CVE-2019-9927 | 1 Caret | 1 Caret | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Caret before 2019-02-22 allows Remote Code Execution. | |||||
| CVE-2019-9944 | 1 Openmicroscopy | 1 Omero.server | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Open Microscopy Environment OMERO.server 5.0.0 through 5.6.0, the reading of files from imported image filesets may circumvent OMERO permissions restrictions. This occurs because the Bio-Formats feature allows an image file to have embedded pathnames. | |||||
| CVE-2020-0001 | 1 Google | 1 Android | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| In getProcessRecordLocked of ActivityManagerService.java isolated apps are not handled correctly. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-140055304 | |||||
| CVE-2020-0017 | 1 Google | 1 Android | 2021-07-21 | 3.3 LOW | 4.4 MEDIUM |
| In multiple places, it was possible for the primary user’s dictionary to be visible to and modifiable by secondary users. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-123232892 | |||||
| CVE-2020-0061 | 1 Google | 1 Android | 2021-07-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| In Pixel Recorder, there is a possible permissions bypass allowing arbitrary apps to record audio. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-145504977 | |||||
| CVE-2020-0063 | 1 Google | 1 Android | 2021-07-21 | 4.4 MEDIUM | 7.3 HIGH |
| In SurfaceFlinger, it is possible to override UI confirmation screen protected by the TEE. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-143128911 | |||||
| CVE-2020-0064 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An improper authorization while processing the provisioning data.Product: AndroidVersions: Android SoCAndroid ID: A-149866855 | |||||
| CVE-2020-0065 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An improper authorization in the receiver component of the Android Suite Daemon.Product: AndroidVersions: Android SoCAndroid ID: A-149813448 | |||||
| CVE-2020-0080 | 1 Google | 1 Android | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| In onOpActiveChanged and related methods of AppOpsControllerImpl.java, there is a possible way to display an app overlaying other apps without the notification icon that it's overlaying. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-144092031 | |||||
| CVE-2020-0090 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An improper authorization in the receiver component of Email.Product: AndroidVersions: Android SoCAndroid ID: A-149813048 | |||||
| CVE-2020-0091 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In mnld, an incorrect configuration in driver_cfg of mnld for meta factory mode.Product: AndroidVersions: Android SoCAndroid ID: A-149808700 | |||||
| CVE-2020-0096 | 1 Google | 1 Android | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| In startActivities of ActivityStartController.java, there is a possible escalation of privilege due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-145669109 | |||||
| CVE-2020-0098 | 1 Google | 1 Android | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| In navigateUpToLocked of ActivityStack.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1 Android-9Android ID: A-144285917 | |||||