Search Results (Refine Search)
- Results Type: Overview
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2019-17510 |
D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetWizardConfig with shell metacharacters to /squashfs-root/www/HNAP1/control/SetWizardConfig.php. Published: October 11, 2019; 4:15:17 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2019-17509 |
D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetMasterWLanSettings with shell metacharacters to /squashfs-root/www/HNAP1/control/SetMasterWLanSettings.php. Published: October 11, 2019; 4:15:17 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2019-17508 |
On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEVICE.TIME.php allows command injection via the $SERVER variable. Published: October 11, 2019; 4:15:17 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2019-17507 |
An issue was discovered on D-Link DIR-816 A1 1.06 devices. An attacker could access management pages of the router via a client that ignores the 'top.location.href = "/dir_login.asp"' line in a .asp file. This provides access to d_status.asp, version.asp, d_dhcptbl.asp, and d_acl.asp. Published: October 11, 2019; 4:15:17 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-17506 |
There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the router's username and password (and other information) via a DEVICE.ACCOUNT value for SERVICES in conjunction with AUTHORIZED_GROUP=1%0a to getcfg.php. This could be used to control the router remotely. Published: October 11, 2019; 4:15:17 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2019-17505 |
D-Link DAP-1320 A2-V1.21 routers have some web interfaces without authentication requirements, as demonstrated by uplink_info.xml. An attacker can remotely obtain a user's Wi-Fi SSID and password, which could be used to connect to Wi-Fi or perform a dictionary attack. Published: October 11, 2019; 4:15:16 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2018-21028 |
Boa through 0.94.14rc21 allows remote attackers to trigger a memory leak because of missing calls to the free function. Published: October 11, 2019; 4:15:16 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2018-21027 |
Boa through 0.94.14rc21 allows remote attackers to trigger an out-of-memory (OOM) condition because malloc is mishandled. Published: October 11, 2019; 4:15:16 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-20582 |
The GREE+ (aka com.gree.greeplus) application 1.4.0.8 for Android suffers from Cross Site Request Forgery. Published: October 11, 2019; 4:15:16 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-2215 |
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095 Published: October 11, 2019; 3:15:10 PM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2019-2187 |
In nfc_ncif_decode_rf_params of nfc_ncif.cc, there is a possible out of bounds read due to an integer underflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-124940143 Published: October 11, 2019; 3:15:10 PM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2019-2186 |
In GetMBheader of combined_decode.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-136175447 Published: October 11, 2019; 3:15:10 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 9.3 HIGH |
CVE-2019-2185 |
In VlcDequantH263IntraBlock_SH of vlc_dequant.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-136173699 Published: October 11, 2019; 3:15:10 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 9.3 HIGH |
CVE-2019-2184 |
In PV_DecodePredictedIntraDC of dec_pred_intra_dc.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-134578122 Published: October 11, 2019; 3:15:10 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 9.3 HIGH |
CVE-2019-2183 |
In generateServicesMap of RegisteredServicesCache.java, there is a possible account protection bypass due to a caching optimization. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-136261465 Published: October 11, 2019; 3:15:10 PM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2019-2173 |
In startActivityMayWait of ActivityStarter.java, there is a possible incorrect Activity launch due to an incorrect permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-123013720 Published: October 11, 2019; 3:15:10 PM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2019-2114 |
In the default privileges of NFC, there is a possible local bypass of user interaction requirements on package installation due to a default permission. This could lead to local escalation of privilege by installing an application with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-123700348 Published: October 11, 2019; 3:15:10 PM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 4.4 MEDIUM |
CVE-2019-2110 |
In ScreenRotationAnimation of ScreenRotationAnimation.java, there is a possible capture of a secure screen due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9Android ID: A-69703445 Published: October 11, 2019; 3:15:10 PM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2015-9492 |
The ThemeMakers SmartIT Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. Published: October 11, 2019; 3:15:09 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2015-9491 |
The ThemeMakers Blessing Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. Published: October 11, 2019; 3:15:09 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |