Search
Total
20 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5297 | 1 Octobercms | 1 October | 2022-06-30 | 4.0 MEDIUM | 2.7 LOW |
| In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to upload jpg, jpeg, bmp, png, webp, gif, ico, css, js, woff, woff2, svg, ttf, eot, json, md, less, sass, scss, xml files to any directory of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the `cms.manage_assets` permission. Issue has been patched in Build 466 (v1.0.466). | |||||
| CVE-2021-25740 | 1 Kubernetes | 1 Kubernetes | 2021-11-06 | 3.5 LOW | 3.1 LOW |
| A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack. | |||||
| CVE-2019-9438 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 3.3 LOW |
| In the Package Manager service, there is a possible information disclosure due to a confused deputy. This could lead to local disclosure of information about installed packages for other users with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-77821568 | |||||
| CVE-2019-9292 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 3.3 LOW |
| In the Activity Manager service, there is a possible information disclosure due to a confused deputy. This could lead to local disclosure of current foreground process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115384617 | |||||
| CVE-2019-9440 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 3.3 LOW |
| In AOSP Email, there is a possible information disclosure due to a confused deputy. This could lead to local disclosure of the Email app's protected files with User execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-37637796 | |||||
| CVE-2021-1306 | 1 Cisco | 3 Evolved Programmable Network Manager, Identity Services Engine, Prime Infrastructure | 2021-05-27 | 3.6 LOW | 3.4 LOW |
| A vulnerability in the restricted shell of Cisco Evolved Programmable Network (EPN) Manager, Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to identify directories and write arbitrary files to the file system. This vulnerability is due to improper validation of parameters that are sent to a CLI command within the restricted shell. An attacker could exploit this vulnerability by logging in to the device and issuing certain CLI commands. A successful exploit could allow the attacker to identify file directories on the affected device and write arbitrary files to the file system on the affected device. To exploit this vulnerability, the attacker must be an authenticated shell user. | |||||
| CVE-2019-15393 | 1 Asus | 2 Zenfone Live \(l1\), Zenfone Live \(l1\) Firmware | 2019-11-27 | 2.1 LOW | 3.3 LOW |
| The Asus ZenFone Live Android device with a build fingerprint of asus/WW_Phone/ASUS_X00LD_3:7.1.1/NMF26F/14.0400.1806.203-20180720:user/release-keys contains a pre-installed app with a package name of com.asus.atd.smmitest app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | |||||
| CVE-2019-15421 | 1 Blackview | 2 Bv7000 Pro, Bv7000 Pro Firmware | 2019-11-27 | 2.1 LOW | 3.3 LOW |
| The Blackview BV7000_Pro Android device with a build fingerprint of Blackview/BV7000_Pro/BV7000_Pro:7.0/NRD90M/1493011204:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | |||||
| CVE-2019-15422 | 1 Doogee | 2 Mix, Mix Firmware | 2019-11-27 | 2.1 LOW | 3.3 LOW |
| The Doogee Mix Android device with a build fingerprint of DOOGEE/MIX/MIX:7.0/NRD90M/1495809471:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | |||||
| CVE-2019-15423 | 1 Bluboo S1 Project | 2 Blueboo S1, Blueboo S1 Firmware | 2019-11-27 | 2.1 LOW | 3.3 LOW |
| The Bluboo Bluboo_S1 Android device with a build fingerprint of BLUBOO/Bluboo_S1/Bluboo_S1:7.0/NRD90M/1495809471:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | |||||
| CVE-2019-15424 | 1 Doogee | 2 Bl5000, Bl5000 Firmware | 2019-11-27 | 2.1 LOW | 3.3 LOW |
| The Doogee BL5000 Android device with a build fingerprint of DOOGEE/BL5000/BL5000:7.0/NRD90M/1497072355:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | |||||
| CVE-2019-15420 | 1 Blackview | 2 Bv9000pro-f, Bv9000pro-f Firmware | 2019-11-26 | 2.1 LOW | 3.3 LOW |
| The Blackview BV9000Pro-F Android device with a build fingerprint of Blackview/BV9000Pro-F/BV9000Pro-F:7.1.1/N4F26M/1514363110:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | |||||
| CVE-2019-15415 | 1 Mi | 2 Redmi 5, Redmi 5 Firmware | 2019-11-25 | 2.1 LOW | 3.3 LOW |
| The Xiaomi Redmi 5 Android device with a build fingerprint of xiaomi/vince/vince:7.1.2/N2G47H/V9.5.4.0.NEGMIFA:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=QL1711_201803291645) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | |||||
| CVE-2019-15425 | 1 Katadigital | 2 M4s, M4s Firmware | 2019-11-25 | 2.1 LOW | 3.3 LOW |
| The Kata M4s Android device with a build fingerprint of alps/full_hct6750_66_n/hct6750_66_n:7.0/NRD90M/1495624556:user/test-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | |||||
| CVE-2019-15426 | 1 Mi | 2 5s Plus, 5s Plus Firmware | 2019-11-25 | 2.1 LOW | 3.3 LOW |
| The Xiaomi 5S Plus Android device with a build fingerprint of Xiaomi/natrium/natrium:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app (versionCode=40000, versionName=4.0.00) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | |||||
| CVE-2019-15427 | 1 Mi | 2 Mix, Mix Firmware | 2019-11-25 | 2.1 LOW | 3.3 LOW |
| The Xiaomi Mi Mix Android device with a build fingerprint of Xiaomi/lithium/lithium:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app (versionCode=40000, versionName=4.0.00) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | |||||
| CVE-2019-15428 | 1 Mi | 2 Note 2, Note 2 Firmware | 2019-11-25 | 2.1 LOW | 3.3 LOW |
| The Xiaomi Mi Note 2 Android device with a build fingerprint of Xiaomi/scorpio/scorpio:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app (versionCode=40000, versionName=4.0.00) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | |||||
| CVE-2019-15466 | 1 Mi | 2 Redmi 6 Pro, Redmi 6 Pro Firmware | 2019-11-20 | 2.1 LOW | 3.3 LOW |
| The Xiaomi Redmi 6 Pro Android device with a build fingerprint of xiaomi/sakura_india/sakura_india:8.1.0/OPM1.171019.019/V10.2.6.0.ODMMIXM:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=QL1715_201812191721) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | |||||
| CVE-2019-15467 | 1 Mi | 2 Mix 2s, Mix 2s Firmware | 2019-11-20 | 2.1 LOW | 3.3 LOW |
| The Xiaomi Mi Mix 2S Android device with a build fingerprint of Xiaomi/polaris/polaris:8.0.0/OPR1.170623.032/V9.5.19.0.ODGMIFA:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=A2060_201801032053) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | |||||
| CVE-2019-15744 | 1 Sony | 2 Xperia Xzs, Xperia Xzs Firmware | 2019-11-19 | 2.1 LOW | 3.3 LOW |
| The Sony Xperia Xperia XZs Android device with a build fingerprint of Sony/keyaki_softbank/keyaki_softbank:7.1.1/TONE3-3.0.0-SOFTBANK-170517-0323/1:user/dev-keys contains a pre-installed app with a package name of jp.softbank.mb.tdrl app (versionCode=1413005, versionName=1.3.0) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | |||||