Search
Total
6056 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-1460 | 1 Microsoft | 1 Outlook | 2020-08-24 | 3.5 LOW | 4.6 MEDIUM |
| A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages, aka 'Outlook for Android Spoofing Vulnerability'. | |||||
| CVE-2019-1461 | 1 Microsoft | 3 Office, Office 365 Proplus, Word | 2020-08-24 | 7.1 HIGH | 6.5 MEDIUM |
| A denial of service vulnerability exists in Microsoft Word software when the software fails to properly handle objects in memory, aka 'Microsoft Word Denial of Service Vulnerability'. | |||||
| CVE-2019-14722 | 1 Centos-webpanel | 1 Centos Web Panel | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete an e-mail forwarding destination from a victim's account via an attacker account. | |||||
| CVE-2019-14723 | 1 Centos-webpanel | 1 Centos Web Panel | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a victim's e-mail account via an attacker account. | |||||
| CVE-2019-14726 | 1 Centos-webpanel | 1 Centos Web Panel | 2020-08-24 | 6.5 MEDIUM | 5.4 MEDIUM |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to access and delete DNS records of a victim's account via an attacker account. | |||||
| CVE-2019-14727 | 1 Centos-webpanel | 1 Centos Web Panel | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail password of a victim account via an attacker account. | |||||
| CVE-2019-14728 | 1 Centos-webpanel | 1 Centos Web Panel | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to add an e-mail forwarding destination to a victim's account via an attacker account. | |||||
| CVE-2019-14729 | 1 Centos-webpanel | 1 Centos Web Panel | 2020-08-24 | 5.5 MEDIUM | 4.3 MEDIUM |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a sub-domain from a victim's account via an attacker account. | |||||
| CVE-2019-14730 | 1 Centos-webpanel | 1 Centos Web Panel | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a domain from a victim's account via an attacker account. | |||||
| CVE-2019-14783 | 1 Google | 1 Android | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| On Samsung mobile devices with N(7.x), and O(8.x), P(9.0) software, FotaAgent allows a malicious application to create privileged files. The Samsung ID is SVE-2019-14764. | |||||
| CVE-2019-14940 | 1 Spdk | 1 Storage Performance Development Kit | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Storage Performance Development Kit (SPDK) before 19.07, a user of a vhost can cause a crash if the target is sent invalid input. | |||||
| CVE-2019-15009 | 1 Atlassian | 2 Crucible, Fisheye | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and Crucible before version 4.8.0 allows remote attackers to remove another user's favourite setting for a project via an improper authorization vulnerability. | |||||
| CVE-2019-15024 | 1 Yandex | 1 Clickhouse | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| In all versions of ClickHouse before 19.14.3, an attacker having write access to ZooKeeper and who is able to run a custom server available from the network where ClickHouse runs, can create a custom-built malicious server that will act as a ClickHouse replica and register it in ZooKeeper. When another replica will fetch data part from the malicious replica, it can force clickhouse-server to write to arbitrary path on filesystem. | |||||
| CVE-2019-15028 | 1 Joomla | 1 Joomla\! | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Joomla! before 3.9.11, inadequate checks in com_contact could allow mail submission in disabled forms. | |||||
| CVE-2019-15361 | 1 Infinixmobility | 2 Note 5, Note 5 Firmware | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| The Infinix Note 5 Android device with a build fingerprint of Infinix/H632C/Infinix-X605_sprout:8.1.0/O11019/CE-180914V59:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | |||||
| CVE-2019-15362 | 1 Lavamobiles | 2 Iris 88, Iris 88 Firmware | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| The Lava Iris 88 Go Android device with a build fingerprint of LAVA/iris88_go/iris88_go:8.1.0/O11019/1538188945:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | |||||
| CVE-2019-15352 | 1 Coolpad | 2 Mega 5, Mega 5 Firmware | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | |||||
| CVE-2019-15353 | 1 Coolpad | 2 N3c, N3c Firmware | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| The Coolpad N3C Android device with a build fingerprint of Coolpad/N3C/N3C:8.1.0/O11019/1538236809:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | |||||
| CVE-2019-15354 | 1 Ulefone | 2 Armor 5, Armor 5 Firmware | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| The Ulefone Armor 5 Android device with a build fingerprint of Ulefone/Ulefone_Armor_5/Ulefone_Armor_5:8.1.0/O11019/1528806701:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | |||||
| CVE-2019-15355 | 1 Tecno-mobile | 2 Camon Iclick, Camon Iclick Firmware | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | |||||
| CVE-2019-15356 | 1 Lavamobiles | 2 Flair Z1, Flair Z1 Firmware | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| The Lava Flair Z1 Android device with a build fingerprint of LAVA/Z1/Z1:8.1.0/O11019/1536680131:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | |||||
| CVE-2019-15357 | 1 Advandigital | 2 I6a, I6a Firmware | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| The Advan i6A Android device with a build fingerprint of ADVAN/i6A/i6A:8.1.0/O11019/1523602705:userdebug/test-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | |||||
| CVE-2019-15358 | 1 Dexp | 2 Z250, Z250 Firmware | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| The Dexp Z250 Android device with a build fingerprint of DEXP/Z250/Z250:8.1.0/O11019/1531130719:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | |||||
| CVE-2019-15359 | 1 Haier | 2 A6, A6 Firmware | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| The Haier A6 Android device with a build fingerprint of Haier/A6/A6:8.1.0/O11019/1534219877:userdebug/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | |||||
| CVE-2019-15360 | 1 Hisense | 2 Infinity U965, Infinity U965 Firmware | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| The Hisense U965 Android device with a build fingerprint of Hisense/U965_4G_10/HS6739MT:8.1.0/O11019/Hisense_U965_4G_10_S01:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | |||||
| CVE-2019-15364 | 1 Dexp | 2 Bl250, Bl250 Firmware | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| The Dexp BL250 Android device with a build fingerprint of DEXP/BL250/BL250:8.1.0/O11019/1530858027:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | |||||
| CVE-2019-15365 | 1 Lavamobiles | 2 Z92, Z92 Firmware | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| The Lava Z92 Android device with a build fingerprint of LAVA/Z92/Z92:8.1.0/O11019/1535088037:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | |||||
| CVE-2019-15366 | 1 Infinixmobility | 2 Note 5, Note 5 Firmware | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| The Infinix Note 5 Android device with a build fingerprint of Infinix/H633IJL/Infinix-X604_sprout:8.1.0/O11019/IJL-180531V181:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | |||||
| CVE-2019-15368 | 1 Coolpad | 2 Mega 5, Mega 5 Firmware | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | |||||
| CVE-2019-15369 | 1 Lavamobiles | 2 Z61 Turbo, Z61 Turbo Firmware | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| The Lava Z61 Turbo Android device with a build fingerprint of LAVA/Z61_Turbo/Z61_Turbo:8.1.0/O11019/1536917928:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | |||||
| CVE-2019-15370 | 1 Haier G8 Project | 2 Haier G8, Haier G8 Firmware | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| The Haier G8 Android device with a build fingerprint of Haier/HM-G559-FL/G8:8.1.0/O11019/1526527761:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | |||||
| CVE-2019-15371 | 1 Symphony-mobile | 2 G100, G100 Firmware | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| The Symphony G100 Android device with a build fingerprint of Symphony/G100/G100:8.1.0/O11019/1530618779:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | |||||
| CVE-2019-15372 | 1 Hisense | 2 Infinity F17, Infinity F17 Firmware | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| The Hisense F17 Android device with a build fingerprint of Hisense/F17_4G/HS6739MT:8.1.0/O11019/Hisense_F17_4G_00_S01:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | |||||
| CVE-2019-15373 | 1 Symphony-mobile | 2 I95 Lite, I95 Lite Firmware | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| The Symphony i95 Lite Android device with a build fingerprint of LAVA/iris88_lite/iris88_lite:8.1.0/O11019/1536323070:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | |||||
| CVE-2019-15374 | 1 Lavamobiles | 2 Iris 88 Lite, Iris 88 Lite Firmware | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| The Lava Iris 88 Lite Android device with a build fingerprint of LAVA/iris88_lite/iris88_lite:8.1.0/O11019/1536323070:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | |||||
| CVE-2019-15375 | 1 Haier | 2 G8, G8 Firmware | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| The Haier G8 Android device with a build fingerprint of Haier/HM-G559-FL/G8:8.1.0/O11019/1522294799:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | |||||
| CVE-2019-15376 | 1 Panasonic | 2 Eluga Ray 530, Eluga Ray 530 Firmware | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| The Panasonic Eluga Ray 530 Android device with a build fingerprint of Panasonic/ELUGA_Ray_530/ELUGA_Ray_530:8.1.0/O11019/1531828974:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | |||||
| CVE-2019-15377 | 1 Cherrymobile | 2 Flare S7, Flare S7 Firmware | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| The Cherry Flare S7 Android device with a build fingerprint of Cherry_Mobile/Flare_S7_Deluxe/Flare_S7_Deluxe:8.1.0/O11019/1533920920:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | |||||
| CVE-2019-15378 | 1 Panasonic | 2 Eluga Ray 600, Eluga Ray 600 Firmware | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| The Panasonic Eluga Ray 600 Android device with a build fingerprint of Panasonic/ELUGA_Ray_600/ELUGA_Ray_600:8.1.0/O11019/1532692680:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | |||||
| CVE-2019-15379 | 1 Waltonbd | 2 Primo G3, Primo G3 Firmware | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| The Walton Primo G3 Android device with a build fingerprint of WALTON/Primo_GM3/Primo_GM3:8.1.0/O11019/1522737198:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | |||||
| CVE-2019-15380 | 1 Fly-phone | 2 Photo Pro, Photo Pro Firmware | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| The Fly Photo Pro Android device with a build fingerprint of Fly/PhotoPro/Photo_Pro:8.1.0/O11019/1528117003:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | |||||
| CVE-2019-15381 | 1 Bq | 2 5515l, 5515l Firmware | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| The BQ 5515L Android device with a build fingerprint of BQru/BQru-5515L/BQru-5515L:8.1.0/O11019/20180409.195525:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | |||||
| CVE-2019-15382 | 1 Cubot | 2 Nova, Nova Firmware | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| The Cubot Nova Android device with a build fingerprint of CUBOT/CUBOT_NOVA/CUBOT_NOVA:8.1.0/O11019/1527060122:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | |||||
| CVE-2019-15383 | 1 Allviewmobile | 2 Soul X5, Soul X5 Firmware | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| The Allview X5 Android device with a build fingerprint of ALLVIEW/X5_Soul_Mini/X5_Soul_Mini:8.1.0/O11019/1522468763:userdebug/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | |||||
| CVE-2019-15384 | 1 Elephone | 2 A4, A4 Firmware | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| The Elephone A4 Android device with a build fingerprint of Elephone/A4/A4:8.1.0/O11019/20180530.143559:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | |||||
| CVE-2019-15385 | 1 Infinixmobility | 2 Note 5, Note 5 Firmware | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| The Infinix Note 5 Android device with a build fingerprint of Infinix/H633B/Infinix-X604_sprout:8.1.0/O11019/L-IN-180206V64:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | |||||
| CVE-2019-15390 | 1 Haier G8 Project | 2 Haier G8, Haier G8 Firmware | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| The Haier G8 Android device with a build fingerprint of Haier/HM-G559-FL/G8:8.1.0/O11019/1522294799:user/release-keys contains a pre-installed app with a package name of com.qiku.service.container app (versionCode=5, versionName=1.03.00_VER_32525983298984) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | |||||
| CVE-2019-15391 | 1 Asus | 2 Zenfone 4 Selfie, Zenfone 4 Selfie Firmware | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| The Asus ZenFone 4 Selfie Android device with a build fingerprint of asus/WW_Phone/ASUS_X00LD_1:8.1.0/OPM1.171019.011/15.0400.1809.405-0:user/release-keys contains a pre-installed app with a package name of com.log.logservice app (versionCode=1, versionName=1) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | |||||
| CVE-2019-15392 | 1 Asus | 2 Zenfone 4 Selfie, Zenfone 4 Selfie Firmware | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| The Asus ZenFone 4 Selfie Android device with a build fingerprint of Android/sdm660_64/sdm660_64:8.1.0/OPM1/14.2016.1802.247-20180419:user/release-keys contains a pre-installed app with a package name of com.log.logservice app (versionCode=1, versionName=1) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | |||||
| CVE-2019-15430 | 1 Bluboo D3 Pro Project | 2 Bluboo D3 Pro, Bluboo D3 Pro Firmware | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| The Bluboo D3 Pro Android device with a build fingerprint of BLUBOO/Bluboo_D2_Pro/Bluboo_D2_Pro:7.0/NRD90M/1510370501:user/release-keys contains a pre-installed app with a package name of com.qiku.cleaner app (versionCode=2, versionName=2.0.0_VER_32516508295515) that allows other pre-installed apps to perform system properties modification via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | |||||