Total
155 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-15420 | 1 Blackview | 2 Bv9000pro-f, Bv9000pro-f Firmware | 2024-02-28 | 2.1 LOW | 3.3 LOW |
The Blackview BV9000Pro-F Android device with a build fingerprint of Blackview/BV9000Pro-F/BV9000Pro-F:7.1.1/N4F26M/1514363110:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | |||||
CVE-2019-15468 | 1 Mi | 2 A2 Lite, A2 Lite Firmware | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/daisy/daisy_sprout:9/PKQ1.180917.001/V10.0.3.0.PDLMIXM:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=QL1715_201812071953) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | |||||
CVE-2019-15394 | 1 Asus | 2 Zenfone 5 Selfie, Zenfone 5 Selfie Firmware | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
The Asus ZenFone 5 Selfie Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_1:7.1.1/NMF26F/14.0400.1810.061-20181107:user/release-keys contains a pre-installed app with a package name of com.asus.atd.smmitest app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | |||||
CVE-2019-15427 | 1 Mi | 2 Mix, Mix Firmware | 2024-02-28 | 2.1 LOW | 3.3 LOW |
The Xiaomi Mi Mix Android device with a build fingerprint of Xiaomi/lithium/lithium:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app (versionCode=40000, versionName=4.0.00) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | |||||
CVE-2019-15466 | 1 Mi | 2 Redmi 6 Pro, Redmi 6 Pro Firmware | 2024-02-28 | 2.1 LOW | 3.3 LOW |
The Xiaomi Redmi 6 Pro Android device with a build fingerprint of xiaomi/sakura_india/sakura_india:8.1.0/OPM1.171019.019/V10.2.6.0.ODMMIXM:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=QL1715_201812191721) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | |||||
CVE-2019-15474 | 1 Mi | 2 Cepheus, Cepheus Firmware | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
The Xiaomi Cepheus Android device with a build fingerprint of Xiaomi/cepheus/cepheus:9/PKQ1.181121.001/V10.2.6.0.PFAMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record telephone calls to external storage. | |||||
CVE-2019-15393 | 1 Asus | 2 Zenfone Live \(l1\), Zenfone Live \(l1\) Firmware | 2024-02-28 | 2.1 LOW | 3.3 LOW |
The Asus ZenFone Live Android device with a build fingerprint of asus/WW_Phone/ASUS_X00LD_3:7.1.1/NMF26F/14.0400.1806.203-20180720:user/release-keys contains a pre-installed app with a package name of com.asus.atd.smmitest app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | |||||
CVE-2019-7290 | 1 Apple | 1 Shortcuts | 2024-02-28 | 7.5 HIGH | 10.0 CRITICAL |
An access issue was addressed with additional sandbox restrictions. This issue is fixed in Shortcuts 2.1.3 for iOS. A sandboxed process may be able to circumvent sandbox restrictions. | |||||
CVE-2019-15429 | 1 Panasonic | 2 Eluga I9, Eluga I9 Firmware | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
The Panasonic ELUGA_I9 Android device with a build fingerprint of Panasonic/ELUGA_I9/ELUGA_I9:7.0/NRD90M/1501740649:user/release-keys contains a pre-installed app with a package name of com.ovvi.modem app (versionCode=1, versionName=1) that allows unauthorized attacker-controlled at command via a confused deputy attack. This capability can be accessed by any app co-located on the device. | |||||
CVE-2018-7824 | 2 Microsoft, Schneider-electric | 3 Windows, Driver Suite, Modbus Serial Driver | 2024-02-28 | 6.8 MEDIUM | 4.9 MEDIUM |
An Externally Controlled Reference to a Resource (CWE-610) vulnerability exists in Schneider Electric Modbus Serial Driver (For 64-bit Windows OS:V3.17 IE 37 and prior , For 32-bit Windows OS:V2.17 IE 27 and prior, and as part of the Driver Suite version:V14.12 and prior) which could allow write access to system files available only to users with SYSTEM privilege or other important user files. | |||||
CVE-2017-18357 | 1 Shopware | 1 Shopware | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Shopware before 5.3.4 has a PHP Object Instantiation issue via the sort parameter to the loadPreviewAction() method of the Shopware_Controllers_Backend_ProductStream controller, with resultant XXE via instantiation of a SimpleXMLElement object. | |||||
CVE-2018-12381 | 2 Microsoft, Mozilla | 3 Windows, Firefox, Firefox Esr | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
Manually dragging and dropping an Outlook email message into the browser will trigger a page navigation when the message's mail columns are incorrectly interpreted as a URL. *Note: this issue only affects Windows operating systems with Outlook installed. Other operating systems are not affected.*. This vulnerability affects Firefox ESR < 60.2 and Firefox < 62. | |||||
CVE-2018-9582 | 1 Google | 1 Android | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
In package installer in Android-8.0, Android-8.1 and Android-9, there is a possible bypass of the unknown source warning due to a confused deputy scenario. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-112031362. | |||||
CVE-2017-15269 | 1 Psftp | 1 Psftpd | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans by default. These can be performed using "nmap -b" and allow performing scans via the FTP server. | |||||
CVE-2017-0211 | 1 Microsoft | 5 Windows 10, Windows 8.1, Windows Rt 8.1 and 2 more | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
An elevation of privilege vulnerability exists in Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 versions of Microsoft Windows OLE when it fails an integrity-level check, aka "Windows OLE Elevation of Privilege Vulnerability." |