Search
Total
404 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4374 | 1 Redhat | 2 Jboss Operations Network, Rhq Mongo Db Drift Server | 2019-11-08 | 3.6 LOW | 7.1 HIGH |
| An insecurity temporary file vulnerability exists in RHQ Mongo DB Drift Server through 2013-09-25 when unpacking zipped files. | |||||
| CVE-2009-5042 | 2 Debian, Python-docutils Project | 2 Debian Linux, Python-docutils | 2019-11-06 | 6.4 MEDIUM | 9.1 CRITICAL |
| python-docutils allows insecure usage of temporary files | |||||
| CVE-2013-4280 | 1 Redhat | 3 Enterprise Virtualization, Storage, Virtual Desktop Server Manager | 2019-11-06 | 2.1 LOW | 5.5 MEDIUM |
| Insecure temporary file vulnerability in RedHat vsdm 4.9.6. | |||||
| CVE-2019-13546 | 1 Philips | 1 Intellispace Perinatal | 2019-10-30 | 7.2 HIGH | 6.8 MEDIUM |
| In IntelliSpace Perinatal, Versions K and prior, a vulnerability within the IntelliSpace Perinatal application environment could enable an unauthorized attacker with physical access to a locked application screen, or an authorized remote desktop session host application user to break-out from the containment of the application and access unauthorized resources from the Windows operating system as the limited-access Windows user. Due to potential Windows vulnerabilities, it may be possible for additional attack methods to be used to escalate privileges on the operating system. | |||||
| CVE-2019-4306 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2019-10-29 | 6.4 MEDIUM | 6.5 MEDIUM |
| IBM Security Guardium Big Data Intelligence (SonarG) 4.0 specifies permissions for a security-critical resource which could lead to the exposure of sensitive information or the modification of that resource by unintended parties. IBM X-Force ID: 160986. | |||||
| CVE-2019-1848 | 1 Cisco | 1 Digital Network Architecture Center | 2019-10-09 | 4.8 MEDIUM | 9.3 CRITICAL |
| A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, adjacent attacker to bypass authentication and access critical internal services. The vulnerability is due to insufficient access restriction to ports necessary for system operation. An attacker could exploit this vulnerability by connecting an unauthorized network device to the subnet designated for cluster services. A successful exploit could allow an attacker to reach internal services that are not hardened for external access. | |||||
| CVE-2018-1840 | 1 Ibm | 1 Websphere Application Server | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to gain elevated privileges on the system, caused when a security domain is configured to use a federated repository other than global federated repository and then migrated to a newer release of WebSphere Application Server. IBM X-Force ID: 150813. | |||||
| CVE-2017-6872 | 1 Siemens | 4 Ozw672, Ozw672 Firmware, Ozw772 and 1 more | 2019-10-09 | 6.4 MEDIUM | 6.5 MEDIUM |
| A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker with access to port 21/tcp to access or alter historical measurement data stored on the device. | |||||
| CVE-2017-16599 | 1 Netgain-systems | 1 Enterprise Manager | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.reports.templates.misc.sample_jsp servlet, which listens on TCP port 8081 by default. When parsing the type parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Was ZDI-CAN-5190. | |||||
| CVE-2017-16597 | 1 Netgain-systems | 1 Enterprise Manager | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of WRQ requests. When parsing the Filename field, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5137. | |||||
| CVE-2017-16593 | 1 Netgain-systems | 1 Enterprise Manager | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.restore.del_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filenames parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete any files accessible to the Administrator user. Was ZDI-CAN-5104. | |||||
| CVE-2017-16610 | 1 Netgain-systems | 1 Enterprise Manager | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within upload_save_do.jsp. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code under the context of the current user. Was ZDI-CAN-4751. | |||||
| CVE-2017-16606 | 1 Netgain-systems | 1 Enterprise Manager | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute code by creating arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp._3d.add_005f3d_005fview_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5197. | |||||
| CVE-2017-16605 | 1 Netgain-systems | 1 Enterprise Manager | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.db.save_005fattrs_jsp servlet, which listens on TCP port 8081 by default. When parsing the id parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to overwrite any files accessible to the Administrator. Was ZDI-CAN-5196. | |||||
| CVE-2017-16603 | 1 Netgain-systems | 1 Enterprise Manager | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute code by creating arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.settings.upload_005ffile_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate user-supplied data, which can allow for the upload of files. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5194. | |||||
| CVE-2017-16601 | 1 Netgain-systems | 1 Enterprise Manager | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.reports.templates.service.service_005ffailures_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to overwrite any files accessible to the Administrator. Was ZDI-CAN-5192. | |||||
| CVE-2017-16600 | 1 Netgain-systems | 1 Enterprise Manager | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to overwrite files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.reports.templates.network.traffic_005freport_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to overwrite any files accessible to the Administrator. Was ZDI-CAN-5191. | |||||
| CVE-2017-16598 | 1 Netgain-systems | 1 Enterprise Manager | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute code by overwriting arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.tools.snmpwalk.snmpwalk_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the ip parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5138. | |||||
| CVE-2017-16604 | 1 Netgain-systems | 1 Enterprise Manager | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.cnnic.asset.deviceReport.deviceReport_005fexport_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to overwrite any files accessible to the Administrator. Was ZDI-CAN-5195. | |||||
| CVE-2017-12363 | 1 Cisco | 1 Webex Meetings Server | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in Cisco WebEx Meeting Server could allow an unauthenticated, remote attacker to modify the welcome message of a meeting on an affected system. The vulnerability is due to insufficient security settings on meetings. An attacker could exploit this vulnerability by modifying the welcome message to a meeting. A successful exploit could allow the attacker to modify the welcome message of any known meeting. Cisco Bug IDs: CSCvf68695. | |||||
| CVE-2017-12249 | 1 Cisco | 1 Meeting Server | 2019-10-09 | 9.0 HIGH | 9.1 CRITICAL |
| A vulnerability in the Traversal Using Relay NAT (TURN) server included with Cisco Meeting Server (CMS) could allow an authenticated, remote attacker to gain unauthenticated or unauthorized access to components of or sensitive information in an affected system. The vulnerability is due to an incorrect default configuration of the TURN server, which could expose internal interfaces and ports on the external interface of an affected system. An attacker could exploit this vulnerability by using a TURN server to perform an unauthorized connection to a Call Bridge, a Web Bridge, or a database cluster in an affected system, depending on the deployment model and CMS services in use. A successful exploit could allow the attacker to gain unauthenticated access to a Call Bridge or database cluster in an affected system or gain unauthorized access to sensitive meeting information in an affected system. To exploit this vulnerability, the attacker must have valid credentials for the TURN server of the affected system. This vulnerability affects Cisco Meeting Server (CMS) deployments that are running a CMS Software release prior to Release 2.0.16, 2.1.11, or 2.2.6. Cisco Bug IDs: CSCvf51127. | |||||
| CVE-2017-12342 | 1 Cisco | 1 Nx-os | 2019-10-09 | 4.6 MEDIUM | 6.8 MEDIUM |
| A vulnerability in the Open Agent Container (OAC) feature of Cisco Nexus Series Switches could allow an unauthenticated, local attacker to read and send packets outside the scope of the OAC. The vulnerability is due to insufficient internal security measures in the OAC feature. An attacker could exploit this vulnerability by crafting specific packets for communication on the device-internal network. A successful exploit could allow the attacker to run code on the underlying host operating system. OAC is not enabled by default. For a device to be vulnerable, an administrator would need to install and activate this feature. This vulnerability affects the following Cisco Nexus Series Switches: Nexus 2000 Series Fabric Extenders, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches. Cisco Bug IDs: CSCve53542, CSCvf36621. | |||||
| CVE-2017-12351 | 1 Cisco | 1 Nx-os | 2019-10-09 | 4.6 MEDIUM | 5.7 MEDIUM |
| A vulnerability in the guest shell feature of Cisco NX-OS System Software could allow an authenticated, local attacker to read and send packets outside the scope of the guest shell container. An attacker would need valid administrator credentials to perform this attack. The vulnerability is due to insufficient internal security measures in the guest shell feature. An attacker could exploit this vulnerability by sending or receiving packets on the device-internal network outside of the guest shell container, aka "Unauthorized Internal Interface Access." This vulnerability affects the following products running Cisco NX-OS System Software: Nexus 3000 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCvf33038. | |||||
| CVE-2017-11382 | 1 Trendmicro | 1 Deep Discovery Email Inspector | 2019-10-03 | 6.4 MEDIUM | 7.5 HIGH |
| Denial of Service vulnerability in Trend Micro Deep Discovery Email Inspector 2.5.1 allows remote attackers to delete arbitrary files on vulnerable installations, thus disabling the service. Formerly ZDI-CAN-4350. | |||||
| CVE-2018-20321 | 1 Rancher | 1 Rancher | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in Rancher 2 through 2.1.5. Any project member with access to the default namespace can mount the netes-default service account in a pod, and then use that pod to execute administrative privileged commands against the k8s cluster. This could be mitigated by isolating the default namespace in a separate project, where only cluster admins can be given permissions to access. As of 2018-12-20, this bug affected ALL clusters created or imported by Rancher. | |||||
| CVE-2018-18068 | 1 Raspberrypi | 2 Raspberry Pi 3 Model B\+, Raspberry Pi 3 Model B\+ Firmware | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| The ARM-based hardware debugging feature on Raspberry Pi 3 module B+ and possibly other devices allows non-secure EL1 code to read/write any EL3 (the highest privilege level in ARMv8) memory/register via inter-processor debugging. With a debug host processor A running in non-secure EL1 and a debug target processor B running in any privilege level, the debugging feature allows A to halt B and promote B to any privilege level. As a debug host, A has full control of B even if B owns a higher privilege level than A. Accordingly, A can read/write any EL3 memory/register via B. Also, with this memory access, A can execute arbitrary code in EL3. | |||||
| CVE-2018-15591 | 1 Ivanti | 1 Workspace Control | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can bypass Application Whitelisting restrictions to execute arbitrary code by leveraging multiple unspecified attack vectors. | |||||
| CVE-2018-10361 | 1 Kde | 1 Ktexteditor | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in KTextEditor 5.34.0 through 5.45.0. Insecure handling of temporary files in the KTextEditor's kauth_ktexteditor_helper service (as utilized in the Kate text editor) can allow other unprivileged users on the local system to gain root privileges. The attack occurs when one user (who has an unprivileged account but is also able to authenticate as root) writes a text file using Kate into a directory owned by a another unprivileged user. The latter unprivileged user conducts a symlink attack to achieve privilege escalation. | |||||
| CVE-2017-8418 | 1 Rubocop Project | 1 Rubocop | 2019-10-03 | 2.1 LOW | 3.3 LOW |
| RuboCop 0.48.1 and earlier does not use /tmp in safe way, allowing local users to exploit this to tamper with cache files belonging to other users. | |||||
| CVE-2017-8185 | 1 Huawei | 2 Me906s-158, Me906s-158 Firmware | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| ME906s-158 earlier than ME906S_Installer_13.1805.10.3 versions has a privilege elevation vulnerability. An attacker could exploit this vulnerability to modify the configuration information containing malicious files and trick users into executing the files, resulting in the execution of arbitrary code. | |||||
| CVE-2017-8171 | 1 Huawei | 2 P10 Plus, P10 Plus Firmware | 2019-10-03 | 4.9 MEDIUM | 4.6 MEDIUM |
| Huawei smart phones with software earlier than Vicky-AL00AC00B172D versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the Talkback mode and can perform some operations to bypass the Google account verification. As a result, the FRP function is bypassed. | |||||
| CVE-2017-8161 | 1 Huawei | 1 Eva-l09 | 2019-10-03 | 4.9 MEDIUM | 4.6 MEDIUM |
| EVA-L09 smartphones with software Earlier than EVA-L09C25B150CUSTC25D003 versions,Earlier than EVA-L09C440B140 versions,Earlier than EVA-L09C464B361 versions,Earlier than EVA-L09C675B320CUSTC675D004 versions have Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the Swype and can perform some operations to update the Google account. As a result, the FRP function is bypassed. | |||||
| CVE-2017-7490 | 1 Moodle | 1 Moodle | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing. | |||||
| CVE-2017-6100 | 1 Tcpdf Project | 1 Tcpdf | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP. | |||||
| CVE-2017-5634 | 1 Norwegian-air | 1 Norwegian Air Kiosk | 2019-10-03 | 7.2 HIGH | 6.6 MEDIUM |
| The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows physically proximate attackers to bypass the intended "Please select booking identification" UI step, and obtain administrative privileges and network access on the underlying Windows OS, by accessing a touch-screen print icon to manipulate the print dialog. | |||||
| CVE-2017-18129 | 1 Qualcomm | 10 Mdm9206, Mdm9206 Firmware, Mdm9607 and 7 more | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9206, MDM9607, SD 845, MSM8996, MSM8998, it is possible for IPA (internet protocol accelerator) channels owned by one security domain to be controlled from other domains. | |||||
| CVE-2017-18073 | 1 Qualcomm | 18 Mdm9206, Mdm9206 Firmware, Mdm9607 and 15 more | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, the HLOS can gain access to unauthorized memory. | |||||
| CVE-2017-16660 | 1 Cacti | 1 Cacti | 2019-10-03 | 9.0 HIGH | 7.2 HIGH |
| Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header. | |||||
| CVE-2017-15592 | 1 Xen | 1 Xen | 2019-10-03 | 7.2 HIGH | 8.8 HIGH |
| An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because self-linear shadow mappings are mishandled for translated guests. | |||||
| CVE-2017-15393 | 2 Debian, Google | 2 Debian Linux, Chrome | 2019-10-03 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak. | |||||
| CVE-2017-12576 | 1 Planex | 2 Cs-qr20, Cs-qr20 Firmware | 2019-10-03 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page directly (/admin/system_command.asp), you can execute any command. | |||||
| CVE-2017-0367 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure. | |||||
| CVE-2017-0215 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2019-10-03 | 4.6 MEDIUM | 5.3 MEDIUM |
| Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0173, CVE-2017-0216, CVE-2017-0218, and CVE-2017-0219. | |||||
| CVE-2018-7072 | 1 Hp | 1 Moonshot Provisioning Manager | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| A remote bypass of security restrictions vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24. | |||||
| CVE-2018-7073 | 2 Canonical, Hp | 2 Ubuntu Linux, Moonshot Provisioning Manager | 2019-10-03 | 2.1 LOW | 5.5 MEDIUM |
| A local arbitrary file modification vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24. | |||||
| CVE-2018-8040 | 2 Apache, Debian | 2 Traffic Server, Debian Linux | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| Pages that are rendered using the ESI plugin can have access to the cookie header when the plugin is configured not to allow access. This affects Apache Traffic Server (ATS) versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions. | |||||
| CVE-2019-16518 | 1 Vandyvape | 2 Swell Kit Mod, Swell Kit Mod Firmware | 2019-09-23 | 3.3 LOW | 4.3 MEDIUM |
| An issue was discovered on Swell Kit Mod devices that use the Vandy Vape platform. An attacker may be able to trigger an unintended temperature in the victim's mouth and throat via Bluetooth Low Energy (BLE) packets that specify large power or voltage values. | |||||
| CVE-2016-11010 | 1 Usabilitydynamics | 1 Wp-invoice | 2019-09-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates. | |||||
| CVE-2016-11009 | 1 Usabilitydynamics | 1 Wp-invoice | 2019-09-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates. | |||||
| CVE-2016-11007 | 1 Usabilitydynamics | 1 Wp-invoice | 2019-09-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval. | |||||