How severe is CVE-2019-14355?

This vulnerability has a severity rating of LOW with a CVSS score of 2.4 out of 10.

What type of vulnerability is CVE-2019-14355?

This is classified as CWE-203, which is a common weakness in software security.

CVE-2019-14355

LOW Year: 2019

CVSS v3 Score

2.4

Low

CVSS v2 Score

1.9

Low

Weakness Type

CWE-203

View all →

Vulnerability Description

On ShapeShift KeepKey devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover secret data shown on the display. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. NOTE: the vendor's position is that there is "insignificant risk.

CVE-2019-14354

LOW

CVSS:2.4(Low)

On Ledger Nano S and Nano X devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowin...

CWE-2032019

CVE-2019-14357

LOW

CVSS:2.4(Low)

On Mooltipass Mini devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a parti...

CWE-2032019

CVE-2019-14359

LOW

CVSS:2.4(Low)

On BC Vault devices, a side channel for the row-based SSD1309 OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a part...

CWE-2032019

CVE-2022-46724

LOW

CVSS:2.4(Low)

This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 16.4 and iPadOS 16.4. A person with physical access to an iOS device may be able to view the last...

CWE-2032022

CVE-2019-2818

LOW

CVSS:3.1(Low)

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 11.0.3 and 12.0.1. Difficult to exploit vulnerability allows unauth...

CWE-2032019

CVE-2024-21251

LOW

CVSS:3.1(Low)

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.24, 21.3-21.15 and 23.4-23.5. Difficult to exploit vulnerability allows low privilege...

CWE-2032024

CVE-2019-14355

Vulnerability Description

Related Vulnerabilities

CVE-2019-14354

CVE-2019-14357

CVE-2019-14359

CVE-2022-46724

CVE-2019-2818

CVE-2024-21251