1071 matches found
CVE-2019-15332
CVE-2019-15332 affects the Lava Z61 Android device. A pre-installed app (package name com.android.lava.powersave, versionCode 400, versionName v4.0.27) exposes an exported interface that allows any co-located app to programmatically toggle Wi-Fi without the proper access permission. This creates ...
CVE-2019-15332
The Lava Z61 Android device with a build fingerprint of LAVA/Z612GB/Z612GB:8.1.0/O11019/1533889281:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app versionCode=400, versionName=v4.0.27 that allows any app co-located on the device to...
CVE-2019-9854
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice...
The vulnerability of Wago industrial-controlled switches is related to the presence of pre-installed authentication data, which allows a intruder to gain access to the device.
The vulnerability of Wago industrial-controlled switches lies in the presence of pre-installed authentication data SSH keys. Exploiting this vulnerability allows a remote attacker to gain access to the device via the SSH protocol...
The vulnerability of Wago industrial-controlled switches is related to the presence of pre-installed authentication data, which allows a intruder to gain access to the device.
The vulnerability of Wago industrial-controlled switches lies in the presence of pre-installed authentication data root account credentials. Exploiting this vulnerability allows a malicious actor to gain access to the device via SSH and TELNET protocols from a remote location...
The vulnerability of the ZingBox Inspector, a network traffic handler, arises from the use of pre-installed credentials. This allows attackers to gain unauthorized access to the system.
The vulnerability of the ZingBox Inspector network traffic processor is related to the use of pre-set credentials. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to the system...
The vulnerability of the ZingBox Inspector, a network traffic handler, arises from the use of pre-installed credentials. This allows a malicious actor to gain unauthorized access to the SSH service under the username “root”.
The vulnerability of the ZingBox Inspector network traffic processor is related to the use of pre-installed credentials. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to the SSH service under the identity of the root user...
Debian DLA-1947-1 : libreoffice security update
Several vulnerabilities were discovered in LibreOffice, the office productivity suite. CVE-2019-9848 Nils Emmerich discovered that malicious documents could execute arbitrary Python code via LibreLogo. CVE-2019-9849 Matei Badanoiu discovered that the stealth mode did not apply to bullet graphics...
CVE-2019-9852
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice...
DEBIAN-CVE-2019-9851
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers...
UBUNTU-CVE-2019-9851
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers...
The vulnerabilities of Cisco FindIT Network Management and Cisco FindIT Network Probe, which are used for configuring and controlling wired and wireless networks, allow attackers to increase their privileges.
The vulnerability of virtual machine systems for Cisco FindIT Network Management and Cisco FindIT Network Probe involves the use of pre-installed credentials. Exploiting this vulnerability can allow attackers to gain increased privileges...
The vulnerability of the BARS.Web-Sudy platform, related to the use of pre-installed user accounts, allows a hacker to gain access to the protected information.
The vulnerability of the BARS.Web-Sudy platform is related to the use of pre-installed user accounts. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to protected information...
Security Flaw in Pre-Installed Dell Support Software Affects Million of Computers
Dell's SupportAssist utility that comes pre-installed on millions of Dell laptops and PCs contains a security vulnerability that could allow malicious software or rogue logged-in users to escalate their privileges to administrator-level and access sensitive information. Discovered by security...
CVE-2018-14999
The Leagoo P1 device with a build fingerprint of sp7731c1h1032v4bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed platform app with a package name of com.wtk.factory versionCode=1, versionName=1.0 that contains an exported broadcast receiver named...
CVE-2018-15003
The Coolpad Defiant Coolpad/cp3632a/cp3632a:7.1.1/NMF26F/099480857:user/release-keys and the T-Mobile Revvl Plus Coolpad/alchemy/alchemy:7.1.1/143.14.171129.3701A-TMO/buildfnj02-206:user/release-keys Android devices contain a pre-installed platform app with a package name of...
CVE-2018-14994
The Essential Phone Android device with a build fingerprint of essential/mata/mata:8.1.0/OPM1.180104.166/297:user/release-keys contains a pre-installed platform app with a package name of com.ts.android.hiddenmenu versionName=1.0, platformBuildVersionName=8.1.0 that contains an exported activity...
CVE-2018-14989
The Plum Compass Android device with a build fingerprint of PLUM/c179hwf221/c179hwf221:6.0/MRA58K/W16.51.5-22:user/release-keys contains a pre-installed platform app with a package name of com.android.settings versionCode=23, versionName=6.0-eng.root.20161223.224055 that contains an exported...
Design/Logic Flaw
The Coolpad Defiant Coolpad/cp3632a/cp3632a:7.1.1/NMF26F/099480857:user/release-keys and the T-Mobile Revvl Plus Coolpad/alchemy/alchemy:7.1.1/143.14.171129.3701A-TMO/buildfnj02-206:user/release-keys Android devices contain a pre-installed platform app with a package name of...
Design/Logic Flaw
The Plum Compass Android device with a build fingerprint of PLUM/c179hwf221/c179hwf221:6.0/MRA58K/W16.51.5-22:user/release-keys contains a pre-installed platform app with a package name of com.android.settings versionCode=23, versionName=6.0-eng.root.20161223.224055 that contains an exported...