Export limit exceeded: 362962 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (362962 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-15340 | 1 Mi | 2 Redmi 6, Redmi 6 Firmware | 2024-11-21 | 3.3 Low |
| The Xiaomi Redmi 6 Pro Android device with a build fingerprint of xiaomi/sakura_india/sakura_india:8.1.0/OPM1.171019.019/V9.6.4.0.ODMMIFD:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=QL1715_201805292006) that allows any app co-located on the device to programmatically disable and enable Wi-Fi, Bluetooth, and GPS without the corresponding access permission through an exported interface. | ||||
| CVE-2019-15339 | 1 Lavamobiles | 2 Z60s, Z60s Firmware | 2024-11-21 | 3.3 Low |
| The Lava Z60s Android device with a build fingerprint of LAVA/Z60s/Z60s:8.1.0/O11019/1530331229:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | ||||
| CVE-2019-15338 | 1 Lavamobiles | 2 Iris 88, Iris 88 Firmware | 2024-11-21 | 3.3 Low |
| The Lava Iris 88 Lite Android device with a build fingerprint of LAVA/iris88_lite/iris88_lite:8.1.0/O11019/1536323070:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | ||||
| CVE-2019-15337 | 1 Lavamobiles | 2 Z81, Z81 Firmware | 2024-11-21 | 3.3 Low |
| The Lava Z81 Android device with a build fingerprint of LAVA/Z81/Z81:8.1.0/O11019/1532317309:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.31) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | ||||
| CVE-2019-15336 | 1 Lavamobiles | 2 Z61, Z61 Firmware | 2024-11-21 | 3.3 Low |
| The Lava Z61 Turbo Android device with a build fingerprint of LAVA/Z61_Turbo/Z61_Turbo:8.1.0/O11019/1536917928:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.31) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | ||||
| CVE-2019-15335 | 1 Lavamobiles | 2 Z92, Z92 Firmware | 2024-11-21 | 3.3 Low |
| The Lava Z92 Android device with a build fingerprint of LAVA/Z92/Z92:8.1.0/O11019/1535088037:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | ||||
| CVE-2019-15334 | 1 Lavamobiles | 2 Iris 88, Iris 88 Firmware | 2024-11-21 | 3.3 Low |
| The Lava Iris 88 Go Android device with a build fingerprint of LAVA/iris88_go/iris88_go:8.1.0/O11019/1538188945:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | ||||
| CVE-2019-15333 | 1 Lavamobiles | 2 Flair Z1, Flair Z1 Firmware | 2024-11-21 | 3.3 Low |
| The Lava Flair Z1 Android device with a build fingerprint of LAVA/Z1/Z1:8.1.0/O11019/1536680131:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | ||||
| CVE-2019-15332 | 1 Lavamobiles | 2 Z61, Z61 Firmware | 2024-11-21 | 3.3 Low |
| The Lava Z61 Android device with a build fingerprint of LAVA/Z61_2GB/Z61_2GB:8.1.0/O11019/1533889281:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | ||||
| CVE-2019-15331 | 1 Wpsupportplus | 1 Wp Support Plus Responsive Ticket System | 2024-11-21 | N/A |
| The wp-support-plus-responsive-ticket-system plugin before 9.1.2 for WordPress has HTML injection. | ||||
| CVE-2019-15330 | 1 Webp Express Project | 1 Webp Express | 2024-11-21 | N/A |
| The webp-express plugin before 0.14.11 for WordPress has insufficient protection against arbitrary file reading. | ||||
| CVE-2019-15329 | 1 Codection | 1 Import Users From Csv With Meta | 2024-11-21 | N/A |
| The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF. | ||||
| CVE-2019-15328 | 1 Codection | 1 Import Users From Csv With Meta | 2024-11-21 | N/A |
| The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS. | ||||
| CVE-2019-15327 | 1 Codection | 1 Import Users From Csv With Meta | 2024-11-21 | N/A |
| The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data. | ||||
| CVE-2019-15326 | 1 Codection | 1 Import Users From Csv With Meta | 2024-11-21 | N/A |
| The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal. | ||||
| CVE-2019-15325 | 1 Galliumos | 1 Galliumos | 2024-11-21 | N/A |
| In GalliumOS 3.0, CONFIG_SECURITY_YAMA is disabled but /etc/sysctl.d/10-ptrace.conf tries to set /proc/sys/kernel/yama/ptrace_scope to 1, which might increase risk because of the appearance that a protection mechanism is present when actually it is not. | ||||
| CVE-2019-15324 | 1 Ad Inserter Project | 1 Ad Inserter | 2024-11-21 | N/A |
| The ad-inserter plugin before 2.4.22 for WordPress has remote code execution. | ||||
| CVE-2019-15323 | 1 Ad Inserter Project | 1 Ad Inserter | 2024-11-21 | 7.5 High |
| The ad-inserter plugin before 2.4.20 for WordPress has path traversal. | ||||
| CVE-2019-15322 | 1 Wpmadeasy | 1 Shortcode Factory | 2024-11-21 | N/A |
| The shortcode-factory plugin before 2.8 for WordPress has Local File Inclusion. | ||||
| CVE-2019-15321 | 1 Optiontree Project | 1 Optiontree | 2024-11-21 | N/A |
| The option-tree plugin before 2.7.3 for WordPress has Object Injection because serialized classes are mishandled. | ||||