| Month | Quarter | Year |
|---|---|---|
| #4 | #5 | #N/A |
| CVE-ID | CWE-ID | Type | Score |
|---|---|---|---|
| CVE-2019-5773 | CWE-20 | Input Validation | 6.5 |
|
Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.
|
|||
| CVE-2019-2010 | CWE-787 | Out-of-bounds Write | 7.8 |
|
In phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-118152591
|
|||
| CVE-2019-2003 | CWE-264 | Permissions, Privileges, and Access Control | 8.8 |
|
In addLinks of Linkify.java, there is a possible phishing vector due to an unusual root cause. This could lead to remote code execution or misdirection of clicks with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-116321860
|
|||
| CVE-2019-1996 | CWE-125 | Out-of-bounds Read | 6.5 |
|
In avrc_pars_browse_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-111451066.
|
|||
| CVE-2019-1024 | CWE-119 | Buffer Errors | 7.5 |
|
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0989, CVE-2019-0991, CVE-2019-0992, CVE-2019-0993, CVE-2019-1002, CVE-2019-1003, CVE-2019-1051, CVE-2019-1052.
|
|||
| CVE-2019-1003 | CWE-119 | Buffer Errors | 7.5 |
|
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0989, CVE-2019-0991, CVE-2019-0992, CVE-2019-0993, CVE-2019-1002, CVE-2019-1024, CVE-2019-1051, CVE-2019-1052.
|
|||
| CVE-2019-0990 | CWE-200 | Information Leak / Disclosure | 6.5 |
|
An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka 'Scripting Engine Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1023.
|
|||
| CVE-2019-0985 | CWE-119 | Buffer Errors | 7.8 |
|
A remote code execution vulnerability exists when the Microsoft Speech API (SAPI) improperly handles text-to-speech (TTS) input, aka 'Microsoft Speech API Remote Code Execution Vulnerability'.
|
|||
| CVE-2019-0921 | CWE-20 | Input Validation | 6.5 |
|
An spoofing vulnerability exists when Internet Explorer improperly handles URLs, aka 'Internet Explorer Spoofing Vulnerability'.
|
|||
| CVE-2019-0810 | CWE-119 | Buffer Errors | 7.5 |
|
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0812, CVE-2019-0829, CVE-2019-0860, CVE-2019-0861.
|
|||