CWE:
 

Topic
Date
Author
Med.
R&D Visions CMS - SQL Injection Vulnerability
17.11.2019
FreeBuzz Team
Med.
Maintained By Web Smile India - SQL Injection Vulnerability
17.11.2019
FreeBuzz Team
Med.
Design By Julyinfo. - SQL Injection Vulnerability
17.11.2019
FreeBuzz Team


CVEMAP Search Results

CVE
Details
Description
2019-11-29
Low
CVE-2019-5308

Updating...
 

 
Mate 20 RS smartphones with versions earlier than 9.1.0.135(C786E133R3P1) have an improper authorization vulnerability. The software does not properly restrict certain operation in ADB mode, successful exploit could allow the attacker to switch to third desktop after a series of operation.

 
Medium
CVE-2019-5269

Updating...
 

 
Some Huawei home routers have an improper authorization vulnerability. Due to improper authorization of certain programs, an attacker can exploit this vulnerability to execute uploaded malicious files and escalate privilege.

 
2019-11-26
Medium
CVE-2019-16241

Updating...
 

 
On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, PIN authentication can be bypassed by creating a special file within the /data/local/tmp/ directory. The System application that implements the lock screen checks for the existence of a specific file and disables PIN authentication if it exists. This file would typically be created via Android Debug Bridge (adb) over USB.

 
Medium
CVE-2019-15956

Vendor: Cisco
Software: Asyncos
 

 
A vulnerability in the web management interface of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform an unauthorized system reset on an affected device. The vulnerability is due to improper authorization controls for a specific URL in the web management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could have a twofold impact: the attacker could either change the administrator password, gaining privileged access, or reset the network configuration details, causing a denial of service (DoS) condition. In both scenarios, manual intervention is required to restore normal operations.

 
Low
CVE-2016-3131

Vendor: Cloudera
Software: CDH
 

 
Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls.

 
Medium
CVE-2016-4572

Vendor: Cloudera
Software: CDH
 

 
In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges.

 
2019-11-25
Low
CVE-2019-13716

Vendor: Google
Software: Chrome
 

 
Insufficient policy enforcement in service workers in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

 
Low
CVE-2019-14822

Vendor: Ibus project
Software: IBUS
 

 
A flaw was discovered in ibus that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is using the graphical interface, change the input method engine, or modify other input related configurations of the victim user.

 
Low
CVE-2019-15684

Vendor: Google
Software: Chrome
 

 
Kaspersky Protection extension for web browser Google Chrome prior to 30.112.62.0 was vulnerable to unauthorized access to its features remotely that could lead to removing other installed extensions.

 
2019-11-22
Low
CVE-2015-1780

Vendor: Redhat
Software: Ovirt-engine
 

 
oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center

 

 


Copyright 2019, cxsecurity.com

 

Back to Top