How severe is CVE-2019-14359?

This vulnerability has a severity rating of LOW with a CVSS score of 2.4 out of 10.

What type of vulnerability is CVE-2019-14359?

This is classified as CWE-203, which is a common weakness in software security.

CVE-2019-14359

LOW Year: 2019

CVSS v3 Score

2.4

Low

CVSS v2 Score

2.1

Low

Weakness Type

CWE-203

View all →

Vulnerability Description

On BC Vault devices, a side channel for the row-based SSD1309 OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover a data value. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. NOTE: the vendor's position is that there is no security impact: the only potentially leaked information is the number of characters in the PIN

CVE-2019-14354

LOW

CVSS:2.4(Low)

On Ledger Nano S and Nano X devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowin...

CWE-2032019

CVE-2019-14355

LOW

CVSS:2.4(Low)

On ShapeShift KeepKey devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a pa...

CWE-2032019

CVE-2019-14357

LOW

CVSS:2.4(Low)

On Mooltipass Mini devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a parti...

CWE-2032019

CVE-2022-46724

LOW

CVSS:2.4(Low)

This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 16.4 and iPadOS 16.4. A person with physical access to an iOS device may be able to view the last...

CWE-2032022

CVE-2019-2818

LOW

CVSS:3.1(Low)

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 11.0.3 and 12.0.1. Difficult to exploit vulnerability allows unauth...

CWE-2032019

CVE-2024-21251

LOW

CVSS:3.1(Low)

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.24, 21.3-21.15 and 23.4-23.5. Difficult to exploit vulnerability allows low privilege...

CWE-2032024

CVE-2019-14359

Vulnerability Description

Related Vulnerabilities

CVE-2019-14354

CVE-2019-14355

CVE-2019-14357

CVE-2022-46724

CVE-2019-2818

CVE-2024-21251