Lucene search
K

1071 matches found

CVE
CVE
added 2019/11/14 4:15 p.m.38 views

CVE-2019-15332

CVE-2019-15332 affects the Lava Z61 Android device. A pre-installed app (package name com.android.lava.powersave, versionCode 400, versionName v4.0.27) exposes an exported interface that allows any co-located app to programmatically toggle Wi-Fi without the proper access permission. This creates ...

3.3CVSS4AI score0.00248EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/11/14 4:15 p.m.19 views

CVE-2019-15332

The Lava Z61 Android device with a build fingerprint of LAVA/Z612GB/Z612GB:8.1.0/O11019/1533889281:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app versionCode=400, versionName=v4.0.27 that allows any app co-located on the device to...

3.8AI score0.00248EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2019/11/07 5:25 p.m.45 views

CVE-2019-9854

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice...

7.8CVSS1.9AI score0.0193EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2019/10/29 12:0 a.m.4 views

The vulnerability of Wago industrial-controlled switches is related to the presence of pre-installed authentication data, which allows a intruder to gain access to the device.

The vulnerability of Wago industrial-controlled switches lies in the presence of pre-installed authentication data SSH keys. Exploiting this vulnerability allows a remote attacker to gain access to the device via the SSH protocol...

10CVSS5.6AI score0.03261EPSS
Exploits1References4Affected Software3
BDU FSTEC
BDU FSTEC
added 2019/10/29 12:0 a.m.5 views

The vulnerability of Wago industrial-controlled switches is related to the presence of pre-installed authentication data, which allows a intruder to gain access to the device.

The vulnerability of Wago industrial-controlled switches lies in the presence of pre-installed authentication data root account credentials. Exploiting this vulnerability allows a malicious actor to gain access to the device via SSH and TELNET protocols from a remote location...

10CVSS5.6AI score0.0266EPSS
Exploits1References4Affected Software3
BDU FSTEC
BDU FSTEC
added 2019/10/24 12:0 a.m.8 views

The vulnerability of the ZingBox Inspector, a network traffic handler, arises from the use of pre-installed credentials. This allows attackers to gain unauthorized access to the system.

The vulnerability of the ZingBox Inspector network traffic processor is related to the use of pre-set credentials. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to the system...

8.8CVSS5.5AI score0.00356EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/10/24 12:0 a.m.6 views

The vulnerability of the ZingBox Inspector, a network traffic handler, arises from the use of pre-installed credentials. This allows a malicious actor to gain unauthorized access to the SSH service under the username “root”.

The vulnerability of the ZingBox Inspector network traffic processor is related to the use of pre-installed credentials. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to the SSH service under the identity of the root user...

8.8CVSS5.5AI score0.00356EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/10/07 12:0 a.m.43 views

Debian DLA-1947-1 : libreoffice security update

Several vulnerabilities were discovered in LibreOffice, the office productivity suite. CVE-2019-9848 Nils Emmerich discovered that malicious documents could execute arbitrary Python code via LibreLogo. CVE-2019-9849 Matei Badanoiu discovered that the stealth mode did not apply to bullet graphics...

9.8CVSS7.8AI score0.78347EPSS
Exploits12References9
RedhatCVE
RedhatCVE
added 2019/08/23 4:52 a.m.47 views

CVE-2019-9852

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice...

9.8CVSS3.3AI score0.67321EPSS
Exploits10References4
OSV
OSV
added 2019/08/15 10:15 p.m.2 views

DEBIAN-CVE-2019-9851

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers...

9.8CVSS8.2AI score0.78347EPSS
Exploits4References1
OSV
OSV
added 2019/08/15 12:0 a.m.7 views

UBUNTU-CVE-2019-9851

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers...

9.8CVSS7.3AI score0.78347EPSS
Exploits4References6
BDU FSTEC
BDU FSTEC
added 2019/07/30 12:0 a.m.5 views

The vulnerabilities of Cisco FindIT Network Management and Cisco FindIT Network Probe, which are used for configuring and controlling wired and wireless networks, allow attackers to increase their privileges.

The vulnerability of virtual machine systems for Cisco FindIT Network Management and Cisco FindIT Network Probe involves the use of pre-installed credentials. Exploiting this vulnerability can allow attackers to gain increased privileges...

8.4CVSS5.5AI score0.00322EPSS
Exploits0References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2019/07/04 12:0 a.m.3 views

The vulnerability of the BARS.Web-Sudy platform, related to the use of pre-installed user accounts, allows a hacker to gain access to the protected information.

The vulnerability of the BARS.Web-Sudy platform is related to the use of pre-installed user accounts. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to protected information...

8.3CVSS5.5AI score
Exploits0Affected Software1
The Hacker News
The Hacker News
added 2019/06/21 9:11 a.m.165 views

Security Flaw in Pre-Installed Dell Support Software Affects Million of Computers

Dell's SupportAssist utility that comes pre-installed on millions of Dell laptops and PCs contains a security vulnerability that could allow malicious software or rogue logged-in users to escalate their privileges to administrator-level and access sensitive information. Discovered by security...

7.8CVSS1.4AI score0.02088EPSS
Exploits0
NVD
NVD
added 2019/04/25 8:29 p.m.17 views

CVE-2018-14999

The Leagoo P1 device with a build fingerprint of sp7731c1h1032v4bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed platform app with a package name of com.wtk.factory versionCode=1, versionName=1.0 that contains an exported broadcast receiver named...

9.4CVSS9.1AI score0.02341EPSS
Exploits0References3
NVD
NVD
added 2019/04/25 8:29 p.m.18 views

CVE-2018-15003

The Coolpad Defiant Coolpad/cp3632a/cp3632a:7.1.1/NMF26F/099480857:user/release-keys and the T-Mobile Revvl Plus Coolpad/alchemy/alchemy:7.1.1/143.14.171129.3701A-TMO/buildfnj02-206:user/release-keys Android devices contain a pre-installed platform app with a package name of...

7.5CVSS7.4AI score0.01829EPSS
Exploits1References3
NVD
NVD
added 2019/04/25 8:29 p.m.22 views

CVE-2018-14994

The Essential Phone Android device with a build fingerprint of essential/mata/mata:8.1.0/OPM1.180104.166/297:user/release-keys contains a pre-installed platform app with a package name of com.ts.android.hiddenmenu versionName=1.0, platformBuildVersionName=8.1.0 that contains an exported activity...

9.4CVSS7.3AI score0.02016EPSS
Exploits1References3
NVD
NVD
added 2019/04/25 8:29 p.m.21 views

CVE-2018-14989

The Plum Compass Android device with a build fingerprint of PLUM/c179hwf221/c179hwf221:6.0/MRA58K/W16.51.5-22:user/release-keys contains a pre-installed platform app with a package name of com.android.settings versionCode=23, versionName=6.0-eng.root.20161223.224055 that contains an exported...

9.4CVSS7.3AI score0.02016EPSS
Exploits1References3
Prion
Prion
added 2019/04/25 8:29 p.m.19 views

Design/Logic Flaw

The Coolpad Defiant Coolpad/cp3632a/cp3632a:7.1.1/NMF26F/099480857:user/release-keys and the T-Mobile Revvl Plus Coolpad/alchemy/alchemy:7.1.1/143.14.171129.3701A-TMO/buildfnj02-206:user/release-keys Android devices contain a pre-installed platform app with a package name of...

5CVSS7.3AI score0.01829EPSS
Exploits1References3
Prion
Prion
added 2019/04/25 8:29 p.m.11 views

Design/Logic Flaw

The Plum Compass Android device with a build fingerprint of PLUM/c179hwf221/c179hwf221:6.0/MRA58K/W16.51.5-22:user/release-keys contains a pre-installed platform app with a package name of com.android.settings versionCode=23, versionName=6.0-eng.root.20161223.224055 that contains an exported...

9.4CVSS7.3AI score0.02016EPSS
Exploits1References3
Rows per page
Query Builder