Total
81 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-9227 | 1 Huawei | 2 Moana-al00b, Moana-al00b Firmware | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| Huawei Smart Phones Moana-AL00B with versions earlier than 10.1.0.166 have a missing initialization of resource vulnerability. An attacker tricks the user into installing then running a crafted application. Due to improper initialization of specific parameters, successful exploit of this vulnerability may cause device exceptions. | |||||
| CVE-2020-0321 | 1 Google | 1 Android | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| In the mp3 extractor, there is a possible out of bounds write due to uninitialized data. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155171907 | |||||
| CVE-2020-11741 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-02-04 | 6.9 MEDIUM | 8.8 HIGH |
| An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which "active" profiling was enabled by the administrator, the xenoprof code uses the standard Xen shared ring structure. Unfortunately, this code did not treat the guest as a potential adversary: it trusts the guest not to modify buffer size information or modify head / tail pointers in unexpected ways. This can crash the host (DoS). Privilege escalation cannot be ruled out. | |||||
| CVE-2019-9315 | 1 Google | 1 Android | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libhevc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112326216 | |||||
| CVE-2019-19536 | 3 Debian, Linux, Opensuse | 3 Debian Linux, Linux Kernel, Leap | 2024-02-04 | 2.1 LOW | 4.6 MEDIUM |
| In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0. | |||||
| CVE-2019-9316 | 1 Google | 1 Android | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libstagefright, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112052432 | |||||
| CVE-2019-9317 | 1 Google | 1 Android | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libstagefright, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112052258 | |||||
| CVE-2019-9318 | 1 Google | 1 Android | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libhevc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111764725 | |||||
| CVE-2019-9247 | 1 Google | 1 Android | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| In AAC Codec, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120426166 | |||||
| CVE-2019-9313 | 1 Google | 1 Android | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libstagefright, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112005441 | |||||
| CVE-2019-19535 | 4 Debian, Linux, Opensuse and 1 more | 4 Debian Linux, Linux Kernel, Leap and 1 more | 2024-02-04 | 2.1 LOW | 4.6 MEDIUM |
| In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042. | |||||
| CVE-2019-12410 | 1 Apache | 1 Arrow | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory could potentially be shared if are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats. | |||||
| CVE-2019-12408 | 1 Apache | 1 Arrow | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. This can lead to uninitialized memory being unintentionally shared if Arrow Arrays are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats. | |||||
| CVE-2019-9320 | 1 Google | 1 Android | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libavc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111761624 | |||||
| CVE-2019-19534 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-02-04 | 2.1 LOW | 2.4 LOW |
| In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29. | |||||
| CVE-2019-16714 | 3 Canonical, F5, Linux | 3 Ubuntu Linux, Traffix Signaling Delivery Controller, Linux Kernel | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized. | |||||
| CVE-2019-9314 | 1 Google | 1 Android | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libavc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112329563 | |||||
| CVE-2019-9321 | 1 Google | 1 Android | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libavc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111208713 | |||||
| CVE-2019-9319 | 1 Google | 1 Android | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libavc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111762100 | |||||
| CVE-2019-19553 | 4 Debian, Opensuse, Oracle and 1 more | 5 Debian Linux, Leap, Solaris and 2 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. This was addressed in epan/dissectors/asn1/cms/packet-cms-template.c by ensuring that an object identifier is set to NULL after a ContentInfo dissection. | |||||