Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 216078 entries
IDDescriptionPriorityModified date
CVE-2019-15346 The Tecno Camon iClick 2 Android device with a build fingerprint of TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.service.FunctionService that allows any app co-located on the device to supply the file path to a Dalvik Executable (DEX) file which it will dynamically load within its own process and execute in with its own system privileges. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user\'s screen, factory reset the device, obtain the user\'s notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user\'s text messages, and more. Executing code as the system user can allow a third-party app to factory reset the device, obtain the user\'s Wi-Fi passwords, obtain the user\'s notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user\'s text messages, and more. HIGH Nov 14, 2019
CVE-2019-15345 The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). This app contains an exported service named com.lovelyfont.manager.service.FunctionService that allows any app co-located on the device to supply the file path to a Dalvik Executable (DEX) file which it will dynamically load within its own process and execute in with its own system privileges. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user\'s screen, factory reset the device, obtain the user\'s notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user\'s text messages, and more. Executing code as the system user can allow a third-party app to factory reset the device, obtain the user\'s Wi-Fi passwords, obtain the user\'s notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user\'s text messages, and more. HIGH Nov 14, 2019
CVE-2019-15344 The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands to be executed as the system user. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. In addition to the local attack surface, its accompanying app with a package name of com.ekesoo.lovelyhifonts makes network requests using HTTP and an attacker can perform a Man-in-the-Middle (MITM) attack on the connection to inject a command in a network response that will be executed as the system user by the com.lovelyfont.defcontainer app. Executing commands as the system user can allow a third-party app to video record the user\'s screen, factory reset the device, obtain the user\'s notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user\'s text messages, and more. Executing commands as the system user can allow a third-party app to factory reset the device, obtain the user\'s notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user\'s text messages, and more. HIGH Nov 14, 2019
CVE-2019-15343 The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands via shell script to be executed as the system user that are triggered by writing an attacker-selected message to the logcat log. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user\'s screen, factory reset the device, obtain the user\'s notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user\'s text messages, and more. Executing commands as the system user can allow a third-party app to factory reset the device, obtain the user\'s notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user\'s text messages, and more. HIGH Nov 14, 2019
CVE-2019-15342 The Tecno Camon iAir 2 Plus Android device with a build fingerprint of TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands via shell script to be executed as the system user that are triggered by writing an attacker-selected message to the logcat log. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user\'s screen, factory reset the device, obtain the user\'s notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user\'s text messages, and more. Executing commands as the system user can allow a third-party app to factory reset the device, obtain the user\'s notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user\'s text messages, and more. HIGH Nov 14, 2019
CVE-2019-15341 The Tecno Camon iAir 2 Plus Android device with a build fingerprint of TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.service.FunctionService that allows any app co-located on the device to supply the file path to a Dalvik Executable (DEX) file which it will dynamically load within its own process and execute in with its own system privileges. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user\'s screen, factory reset the device, obtain the user\'s notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user\'s text messages, and more. Executing code as the system user can allow a third-party app to factory reset the device, obtain the user\'s Wi-Fi passwords, obtain the user\'s notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user\'s text messages, and more. HIGH Nov 14, 2019
CVE-2019-15340 The Xiaomi Redmi 6 Pro Android device with a build fingerprint of xiaomi/sakura_india/sakura_india:8.1.0/OPM1.171019.019/V9.6.4.0.ODMMIFD:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=QL1715_201805292006) that allows any app co-located on the device to programmatically disable and enable Wi-Fi, Bluetooth, and GPS without the corresponding access permission through an exported interface. LOW Nov 14, 2019
CVE-2019-15339 The Lava Z60s Android device with a build fingerprint of LAVA/Z60s/Z60s:8.1.0/O11019/1530331229:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. LOW Nov 14, 2019
CVE-2019-15338 The Lava Iris 88 Lite Android device with a build fingerprint of LAVA/iris88_lite/iris88_lite:8.1.0/O11019/1536323070:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. LOW Nov 14, 2019
CVE-2019-15337 The Lava Z81 Android device with a build fingerprint of LAVA/Z81/Z81:8.1.0/O11019/1532317309:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.31) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. LOW Nov 14, 2019
CVE-2019-15336 The Lava Z61 Turbo Android device with a build fingerprint of LAVA/Z61_Turbo/Z61_Turbo:8.1.0/O11019/1536917928:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.31) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. LOW Nov 14, 2019
CVE-2019-15335 The Lava Z92 Android device with a build fingerprint of LAVA/Z92/Z92:8.1.0/O11019/1535088037:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. LOW Nov 14, 2019
CVE-2019-15334 The Lava Iris 88 Go Android device with a build fingerprint of LAVA/iris88_go/iris88_go:8.1.0/O11019/1538188945:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. LOW Nov 14, 2019
CVE-2019-15333 The Lava Flair Z1 Android device with a build fingerprint of LAVA/Z1/Z1:8.1.0/O11019/1536680131:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. LOW Nov 14, 2019
CVE-2019-15332 The Lava Z61 Android device with a build fingerprint of LAVA/Z61_2GB/Z61_2GB:8.1.0/O11019/1533889281:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. LOW Nov 14, 2019
CVE-2019-15331 The wp-support-plus-responsive-ticket-system plugin before 9.1.2 for WordPress has HTML injection. MEDIUM Aug 29, 2019
CVE-2019-15330 The webp-express plugin before 0.14.11 for WordPress has insufficient protection against arbitrary file reading. MEDIUM Aug 29, 2019
CVE-2019-15329 The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF. MEDIUM Aug 23, 2019
CVE-2019-15328 The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS. MEDIUM Aug 23, 2019
CVE-2019-15327 The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data. MEDIUM Aug 23, 2019
CVE-2019-15326 The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal. MEDIUM Aug 23, 2019
CVE-2019-15325 In GalliumOS 3.0, CONFIG_SECURITY_YAMA is disabled but /etc/sysctl.d/10-ptrace.conf tries to set /proc/sys/kernel/yama/ptrace_scope to 1, which might increase risk because of the appearance that a protection mechanism is present when actually it is not. MEDIUM Aug 30, 2019
CVE-2019-15324 The ad-inserter plugin before 2.4.22 for WordPress has remote code execution. MEDIUM Aug 26, 2019
CVE-2019-15323 The ad-inserter plugin before 2.4.20 for WordPress has path traversal. MEDIUM Aug 26, 2019
CVE-2019-15322 The shortcode-factory plugin before 2.8 for WordPress has Local File Inclusion. HIGH Aug 26, 2019
CVE-2019-15321 The option-tree plugin before 2.7.3 for WordPress has Object Injection because serialized classes are mishandled. HIGH Aug 26, 2019
CVE-2019-15320 The option-tree plugin before 2.7.3 for WordPress has Object Injection because the + character is mishandled. HIGH Aug 26, 2019
CVE-2019-15319 The option-tree plugin before 2.7.0 for WordPress has Object Injection by leveraging a valid nonce. HIGH Aug 26, 2019
CVE-2019-15318 The yikes-inc-easy-mailchimp-extender plugin before 6.5.3 for WordPress has code injection via the admin input field. HIGH Aug 26, 2019
CVE-2019-15317 The give plugin before 2.4.7 for WordPress has XSS via a donor name. LOW Aug 26, 2019
CVE-2019-15316 Valve Steam Client for Windows through2019-08-20 has weak folder permissions, leading to privilege escalation (to NT AUTHORITY\\SYSTEM) via crafted use of CreateMountPoint.exe and SetOpLock.exe to leverage a TOCTOU race condition. MEDIUM Aug 30, 2019
CVE-2019-15315 Valve Steam Client for Windows through2019-08-16 allows privilege escalation (to NT AUTHORITY\\SYSTEM) because local users can replace the current versions of SteamService.exe and SteamService.dll with older versions that lack the CVE-2019-14743 patch. HIGH Aug 30, 2019
CVE-2019-15314 tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-download_file.php?display&fileId= URI. LOW Aug 28, 2019
CVE-2019-15313 In Zimbra Collaboration before 8.8.15 Patch 1, there is a non-persistent XSS vulnerability. MEDIUM Jan 29, 2020
CVE-2019-15312 An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is a Zolo Halo DNS rebinding attack. The device was found to be vulnerable to DNS rebinding. Combined with one of the many /httpapi.asp endpoint command-execution security issues, the DNS rebinding attack could allow an attacker to compromise the victim device from the Internet. HIGH Jul 1, 2020
CVE-2019-15311 An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is Zolo Halo LAN remote code execution. The Zolo Halo Bluetooth speaker had a GoAhead web server listening on the port 80. The /httpapi.asp endpoint of the GoAhead web server was also vulnerable to multiple command execution vulnerabilities. HIGH Jul 1, 2020
CVE-2019-15310 An issue was discovered on various devices via the Linkplay firmware. There is WAN remote code execution without user interaction. An attacker could retrieve the AWS key from the firmware and obtain full control over Linkplay\'s AWS estate, including S3 buckets containing device firmware. When combined with an OS command injection vulnerability within the XML Parsing logic of the firmware update process, an attacker would be able to gain code execution on any device that attempted to update. Note that by default all devices tested had automatic updates enabled. HIGH Jul 1, 2020
CVE-2019-15304 Lierda Grill Temperature Monitor V1.00_50006 has a default password of admin for the admin account, which allows an attacker to cause a Denial of Service or Information Disclosure via the undocumented access-point configuration page located on the device. This wifi thermometer app requests and requires excessive permissions to operate such as Fine GPS location, camera, applists, Serial number, IMEI. In addition to the backdoor login access for admin purposes, this accompanying app also establishes connections with several china based URLs to include Alibaba cloud computing. NOTE: this device also ships with ProGrade branding. MEDIUM Aug 26, 2019
CVE-2019-15302 The pad management logic in XWiki labs CryptPad before 3.0.0 allows a remote attacker (who has access to a Rich Text pad with editing rights for the URL) to corrupt it (i.e., cause data loss) via a trivial URL modification. MEDIUM Sep 13, 2019
CVE-2019-15301 A SQL injection vulnerability in the method Terrasoft.Core.DB.Column.Const() in Terrasoft Bpm\'online CRM-System SDK 7.13 allows attackers to execute arbitrary SQL commands via the value parameter. HIGH Sep 19, 2019
CVE-2019-15300 A problem was found in Centreon Web through 19.04.3. An authenticated SQL injection is present in the page include/Administration/parameters/ldap/xml/ldap_host.php. The arId parameter is not properly filtered before being passed to the SQL query. MEDIUM Nov 27, 2019
CVE-2019-15299 An issue was discovered in Centreon Web through 19.04.3. When a user changes his password on his profile page, the contact_autologin_key field in the database becomes blank when it should be NULL. This makes it possible to partially bypass authentication. MEDIUM Feb 28, 2020
CVE-2019-15298 A problem was found in Centreon Web through 19.04.3. An authenticated command injection is present in the page include/configuration/configObject/traps-mibs/formMibs.php. This page is called from the Centreon administration interface. This is the mibs management feature that contains a file filing form. At the time of submission of a file, the mnftr parameter is sent to the page and is not filtered properly. This allows one to inject Linux commands directly. MEDIUM Nov 27, 2019
CVE-2019-15297 res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference. Medium Sep 11, 2019
CVE-2019-15296 An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The faad_resetbits function in libfaad/bits.c is affected by a buffer overflow vulnerability. The number of bits to be read is determined by ld->buffer_size - words*4, cast to uint32. If ld->buffer_size - words*4 is negative, a buffer overflow is later performed via getdword_n(&ld->start[words], ld->bytes_left). Medium Aug 29, 2019
CVE-2019-15295 An Untrusted Search Path vulnerability in the ServiceInstance.dll library versions 1.0.15.119 and lower, as used in Bitdefender Antivirus Free 2020 versions prior to 1.0.15.138, allows an attacker to load an arbitrary DLL file from the search path. HIGH Aug 28, 2019
CVE-2019-15294 An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1092(MR2). Upon an upgrade, if a custom service account is in use and the visitor management service is installed, the Windows username and password for this service are logged in cleartext to the Command_centre.log file. MEDIUM Sep 4, 2019
CVE-2019-15293 An issue was discovered in ACDSee Photo Studio Standard 22.1 Build 1159. There is a User Mode Write AV starting at IDE_ACDStd!IEP_ShowPlugInDialog+0x000000000023d060. MEDIUM Aug 30, 2019
CVE-2019-15292 An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c. High Aug 26, 2019
CVE-2019-15291 An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver. Medium Aug 23, 2019
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online