CVE-2019-19463
The Anhui Huami Mi Fit application before 4.0.11 for Android has an Unencrypted Update Check.
Source: CVE-2019-19463
[월:] 2019년 11월
CVE-2013-7484
CVE-2013-7484
Zabbix before 5.0 represents passwords in the users table with unsalted MD5.
Source: CVE-2013-7484
CVE-2019-19464
CVE-2019-19464
The CBC Gem application before 9.24.1 for Android and before 9.26.0 for iOS has Unencrypted Analytics.
Source: CVE-2019-19464
CVE-2019-19462
CVE-2019-19462
relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result.
Source: CVE-2019-19462
CVE-2019-19451
CVE-2019-19451
When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system’s logging facility (potentially with elevated privileges), thus filling up the disk and eventually rendering the system unusable. (The filename can be for a nonexistent file.) NOTE: this does not affect an upstream release, but affects certain Linux distribution packages with version numbers such as 0.97.3.
Source: CVE-2019-19451
CVE-2019-19396
CVE-2019-19396
illumos, as used in OmniOS Community Edition before r151030y, allows a kernel crash via an application with multiple threads calling sendmsg concurrently over a single socket, because uts/common/inet/ip/ip_attr.c mishandles conn_ixa dereferences.
Source: CVE-2019-19396
CVE-2014-3591
CVE-2014-3591
Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server’s private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.
Source: CVE-2014-3591
CVE-2015-0837
CVE-2015-0837
The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."
Source: CVE-2015-0837
CVE-2019-5309
CVE-2019-5309
Honor play smartphones with versions earlier than 9.1.0.333(C00E333R1P1T8) have an information disclosure vulnerability in certain Huawei . An attacker could view certain information after a series of operation without unlock the screen lock. Successful exploit could cause an information disclosure condition.
Source: CVE-2019-5309
CVE-2019-5308
CVE-2019-5308
Mate 20 RS smartphones with versions earlier than 9.1.0.135(C786E133R3P1) have an improper authorization vulnerability. The software does not properly restrict certain operation in ADB mode, successful exploit could allow the attacker to switch to third desktop after a series of operation.
Source: CVE-2019-5308