Total
801 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-17532 | 1 Belkin | 2 Wemo Switch 28b, Wemo Switch 28b Firmware | 2021-07-21 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered on Belkin Wemo Switch 28B WW_2.00.11057.PVT-OWRT-SNS devices. They allow remote attackers to cause a denial of service (persistent rules-processing outage) via a crafted ruleDbBody element in a StoreRules request to the upnp/control/rules1 URI, because database corruption occurs. | |||||
| CVE-2019-20624 | 1 Google | 1 Android | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. S-Voice leaks keyboard learned words via the lock screen. The Samsung ID is SVE-2018-12981 (February 2019). | |||||
| CVE-2019-20598 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 2.4 LOW |
| An issue was discovered on Samsung mobile devices with O(8.x) software. Bixby leaks the keyboard's learned words, and the clipboard contents, via the lock screen. The Samsung IDs are SVE-2018-12896, SVE-2018-12897 (May 2019). | |||||
| CVE-2019-20579 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 2.4 LOW |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Gallery allows attackers to enable Location information sharing from the lock screen. The Samsung ID is SVE-2019-14462 (August 2019). | |||||
| CVE-2019-20550 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered on Samsung mobile devices with O(8.x) (released in China and India) software. The S Secure app can access the content of a locked app without a password. The Samsung ID is SVE-2019-13805 (October 2019). | |||||
| CVE-2019-20559 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 2.4 LOW |
| An issue was discovered on Samsung mobile devices with P(9.0) software. Gallery allows viewing of photos on the lock screen. The Samsung ID is SVE-2019-15055 (October 2019). | |||||
| CVE-2020-13856 | 1 Mofinetwork | 2 Mofi4500-4gxelte, Mofi4500-4gxelte Firmware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. Authentication is not required to download the support file that contains sensitive information such as cleartext credentials and password hashes. | |||||
| CVE-2019-20529 | 1 Frappe | 1 Frappe | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| In core/doctype/prepared_report/prepared_report.py in Frappe 11 and 12, data files generated with Prepared Report were being stored as public files (no authentication is required to access; having a link is sufficient) instead of private files. | |||||
| CVE-2020-23448 | 1 Newbee-mall Project | 1 Newbee-mall | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| newbee-mall all versions are affected by incorrect access control to remotely gain privileges through AdminLoginInterceptor.java. The authentication logic of the system's background /admin is in code AdminLoginInterceptor, which can be bypassed. | |||||
| CVE-2020-23512 | 1 Vr Cam | 2 P1, P1 Firmware | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| VR CAM P1 Model P1 v1 has an incorrect access control vulnerability where an attacker can obtain complete access of the device from web (remote) without authentication. | |||||
| CVE-2019-19800 | 1 Zohocorp | 1 Manageengine Applications Manager | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Zoho ManageEngine Applications Manager 14 before 14520 allows a remote unauthenticated attacker to disclose OS file names via FailOverHelperServlet. | |||||
| CVE-2020-24051 | 1 Moog | 4 Exvf5c-2, Exvf5c-2 Firmware, Exvp7c2-3 and 1 more | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| The Moog EXO Series EXVF5C-2 and EXVP7C2-3 units support the ONVIF interoperability IP-based physical security protocol, which requires authentication for some of its operations. It was found that the authentication check for those ONVIF operations can be bypassed. An attacker can abuse this issue to execute privileged operations without authentication, for instance, to create a new Administrator user. | |||||
| CVE-2020-25048 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 4.6 MEDIUM |
| An issue was discovered on Samsung mobile devices with Q(10.0) (with ONEUI 2.1) software. In the Lockscreen state, the Quick Share feature allows unauthenticated downloads, aka file injection. The Samsung ID is SVE-2020-17760 (August 2020). | |||||
| CVE-2019-18666 | 1 D-link | 2 Dap-1360 Revision F, Dap-1360 Revision F Firmware | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on D-Link DAP-1360 revision F devices. Remote attackers can start a telnet service without authorization via an undocumented HTTP request. Although this is the primary vulnerability, the impact depends on the firmware version. Versions 609EU through 613EUbeta were tested. Versions through 6.12b01 have weak root credentials, allowing an attacker to gain remote root access. After 6.12b01, the root credentials were changed but the telnet service can still be started without authorization. | |||||
| CVE-2019-18939 | 2 Eq-3, Hm-print Project | 5 Homematic Ccu2, Homematic Ccu2 Firmware, Homematic Ccu3 and 2 more | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the HM-Print AddOn through 1.2a installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the exec.cgi and exec1.cgi scripts, which execute TCL script content from an HTTP POST request. | |||||
| CVE-2019-18938 | 2 Eq-3, Hm Email Project | 5 Homematic Ccu2, Homematic Ccu2 Firmware, Homematic Ccu3 and 2 more | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the E-Mail AddOn through 1.6.8.c installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the save.cgi script for payload upload and the testtcl.cgi script for its execution. | |||||
| CVE-2019-18937 | 2 Eq-3, Scriptparser Project | 5 Homematic Ccu2, Homematic Ccu2 Firmware, Homematic Ccu3 and 2 more | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the Script Parser AddOn through 1.8 installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the exec.cgi script, which executes TCL script content from an HTTP POST request. | |||||
| CVE-2020-13838 | 1 Google | 1 Android | 2021-07-21 | 3.6 LOW | 3.5 LOW |
| An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. The DeX Lockscreen feature does not block access to Quick Panel and notifications. The Samsung ID is SVE-2020-17187 (June 2020). | |||||
| CVE-2020-25621 | 1 Solarwinds | 1 N-central | 2021-07-21 | 2.1 LOW | 8.4 HIGH |
| An issue was discovered in SolarWinds N-Central 12.3.0.670. The local database does not require authentication: security is only based on ability to access a network interface. The database has keys and passwords. | |||||
| CVE-2020-13837 | 1 Google | 1 Android | 2021-07-21 | 3.6 LOW | 3.5 LOW |
| An issue was discovered on Samsung mobile devices with Q(10.0) software. The Lockscreen feature does not block Quick Panel access to Music Share. The Samsung ID is SVE-2020-17145 (June 2020). | |||||