CVE-2019-20554

An issue was discovered on Samsung mobile devices with O8.x software. Attackers can bypass Factory Reset Protection FRP via an external keyboard. The Samsung ID is SVE-2019-15164 October 2019...

CVE-2020-12750

An issue was discovered on Samsung mobile devices with Q10.0 software. Attackers can bypass Factory Reset Protection FRP via SPEN. The Samsung ID is SVE-2020-17019 May 2020...

CVE-2020-12318

Protection mechanism failure in some IntelR PROSet/Wireless WiFi products before version 21.110 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2020-12288

Protection mechanism failure in some IntelR ThunderboltTM controllers may allow an authenticated user to potentially enable denial of service via local access...

CVE-2020-12748

An issue was discovered on Samsung mobile devices with Q10.0 software. Attackers can bypass the locked-state protection mechanism and designate a different preferred SIM card. The Samsung ID is SVE-2020-16594 May 2020...

CVE-2020-10671

The Canon Oce Colorwave 500 4.0.0.0 printer's web application is missing any form of CSRF protections. This is a system-wide issue. An attacker could perform administrative actions by targeting a logged-in administrative user. NOTE: this is fixed in the latest version...

CVE-2020-10839

An issue was discovered on Samsung mobile devices with O8.x, P9.0, and Q10.0 software. Attackers can bypass Factory Reset Protection FRP via a SIM card. The Samsung ID is SVE-2019-16193 February 2020...

CVE-2020-10057

GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broken access control. This issue exists because of an incomplete fix for CVE-2015-2680, in which "token" is used as a CSRF protection mechanism, but without validation that "token" is associated with an administrative user...

CVE-2020-24658

Arm Compiler 5 through 5.06u6 has an error in a stack protection feature designed to help spot stack-based buffer overflows in local arrays. When this feature is enabled, a protected function writes a guard value to the stack prior to above any vulnerable arrays in the stack. The guard value is...

CVE-2020-24515

Protection mechanism failure in some IntelR RealSenseTM IDs may allow an unauthenticated user to potentially enable escalation of privilege via physical access...

CVE-2024-34882

Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send SMTP account passwords to an arbitrary server via HTTP POST request...

CVE-2024-34891

Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read Exchange account passwords via HTTP GET request...

CVE-2024-34524

In XLANG OpenAgents through fe73ac4, the allowedfile protection mechanism can be bypassed by using an incorrect file extension for the nature of the file content...

CVE-2024-34883

Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allow remote administrators to read proxy-server accounts passwords via HTTP GET request...

CVE-2024-34463

BPL Personal Weighing Scale PWS-01BT IND/09/18/599 devices send sensitive information in unencrypted BLE packets. The packet data also lacks authentication and integrity protection...

CVE-2024-39148

The service wmp-agent of KerOS prior 5.12 does not properly validate so-called ‘magic URLs’ allowing an unauthenticated remote attacker to execute arbitrary OS commands as root when the service is reachable over network. Typically, the service is protected via local firewall...

CVE-2023-25080

Protection mechanism failure in some IntelR Distribution of OpenVINO toolkit software before version 2023.0.0 may allow an authenticated user to potentially enable information disclosure via local access...

CVE-2023-29447

An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication...

CVE-2023-50738

A new feature to prevent Firmware downgrades was recently added to some Lexmark products. A method to override this downgrade protection has been identified...

CVE-2023-45149

Nextcloud talk is a chat module for the Nextcloud server platform. In affected versions brute force protection of public talk conversation passwords can be bypassed, as there was an endpoint validating the conversation password without registering bruteforce attempts. It is recommended that the...