Search Results (Refine Search)
- Results Type: Overview
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2019-6241 |
In Bevywise MQTTRoute 1.1 build 1018-002, a connect packet combined with a malformed unsubscribe request packet can be used to cause a Denial of Service attack against the broker. Published: June 10, 2019; 1:29:03 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-11877 |
XSS on the PIX-Link Repeater/Router LV-WR09 with firmware v28K.MiniRouter.20180616 allows attackers to steal credentials without being connected to the network. The attack vector is a crafted ESSID. Published: June 10, 2019; 1:29:03 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-20356 |
An invalid read of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution. Published: June 10, 2019; 1:29:02 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-20355 |
An invalid write of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution. Published: June 10, 2019; 1:29:02 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-20354 |
An invalid read of 8 bytes due to a use-after-free vulnerability during a "return" in the mg_http_get_proto_data function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution. Published: June 10, 2019; 1:29:02 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-20353 |
An invalid read of 8 bytes due to a use-after-free vulnerability during a "NULL test" in the mg_http_get_proto_data function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution. Published: June 10, 2019; 1:29:02 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-20352 |
Use-after-free vulnerability in the mg_cgi_ev_handler function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution. Published: June 10, 2019; 1:29:02 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-12780 |
The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo UPnP API via the SmartDevURL argument to the SetSmartDevInfo action. A simple POST request to /upnp/control/basicevent1 can allow an attacker to execute commands without authentication. Published: June 10, 2019; 12:29:00 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2019-5243 |
There is a Clickjacking vulnerability in Huawei HG255s product. An attacker may trick user to click a link and affect the integrity of a device by exploiting this vulnerability. Published: June 10, 2019; 11:29:01 AM -0400 |
V4.0:(not available) V3.0: 4.3 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-12387 |
In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF. Published: June 10, 2019; 8:29:00 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-9087 |
HotelDruid before v2.3.1 has SQL Injection via the /tab_tariffe.php numtariffa1 parameter. Published: June 07, 2019; 5:29:03 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2019-9086 |
HotelDruid before v2.3.1 has SQL Injection via the /visualizza_tabelle.php anno parameter. Published: June 07, 2019; 5:29:02 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2019-9084 |
In Hoteldruid before 2.3.1, a division by zero was discovered in $num_tabelle in tab_tariffe.php (aka the numtariffa1 parameter) due to the mishandling of non-numeric values, as demonstrated by the /tab_tariffe.php?anno=[YEAR]&numtariffa1=1a URI. It could allow an administrator to conduct remote denial of service (disrupting certain business functions of the product). Published: June 07, 2019; 5:29:02 PM -0400 |
V4.0:(not available) V3.0: 4.9 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2019-3957 |
Dameware Remote Mini Control version 12.1.0.34 and prior contains an unauthenticated remote buffer over-read due to the server not properly validating RsaSignatureLen during key negotiation, which could crash the application or leak sensitive information. Published: June 07, 2019; 5:29:02 PM -0400 |
V4.0:(not available) V3.1: 7.4 HIGH V2.0: 5.8 MEDIUM |
CVE-2019-3956 |
Dameware Remote Mini Control version 12.1.0.34 and prior contains an unauthenticated remote buffer over-read due to the server not properly validating CltDHPubKeyLen during key negotiation, which could crash the application or leak sensitive information. Published: June 07, 2019; 5:29:02 PM -0400 |
V4.0:(not available) V3.0: 7.4 HIGH V2.0: 5.8 MEDIUM |
CVE-2019-12506 |
Due to unencrypted and unauthenticated data communication, the wireless presenter Logitech R700 Laser Presentation Remote R-R0010 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device. Published: June 07, 2019; 5:29:02 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 8.3 HIGH |
CVE-2019-12505 |
Due to unencrypted and unauthenticated data communication, the wireless presenter Inateck WP1001 v1.3C is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device. Published: June 07, 2019; 5:29:02 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 8.3 HIGH |
CVE-2019-12504 |
Due to unencrypted and unauthenticated data communication, the wireless presenter Inateck WP2002 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device. Published: June 07, 2019; 5:29:02 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 8.3 HIGH |
CVE-2019-3955 |
Dameware Remote Mini Control version 12.1.0.34 and prior contains a unauthenticated remote heap overflow due to the server not properly validating RsaPubKeyLen during key negotiation. An unauthenticated remote attacker can cause a heap buffer overflow by specifying a large RsaPubKeyLen, which could cause a denial of service. Published: June 07, 2019; 4:29:01 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-2102 |
In the Bluetooth Low Energy (BLE) specification, there is a provided example Long Term Key (LTK). If a BLE device were to use this as a hardcoded LTK, it is theoretically possible for a proximate attacker to remotely inject keystrokes on a paired Android host due to improperly used crypto. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-128843052. Published: June 07, 2019; 4:29:01 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 8.3 HIGH |