Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2019
In findAvailSpellCheckerLocked of TextServicesManagerService.java, there is a possible way to bypass the warning dialog when selecting an untrusted spell checker due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0Android ID: A-118694079
CVSS Score
7.8
EPSS Score
0.0
Published
2019-06-19
The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices allows Shell Metacharacter Injection.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-06-19
The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices allows Directory Traversal.
CVSS Score
8.1
EPSS Score
0.002
Published
2019-06-19
The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices has a Buffer Overflow.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-06-19
RedwoodHQ 2.5.5 does not require any authentication for database operations, which allows remote attackers to create admin users via a con.automationframework users insert_one call.
CVSS Score
9.8
EPSS Score
0.529
Published
2019-06-19
An issue was discovered in Openfind Mail2000 6.0 and 7.0 Webmail. XSS can occur via an '<object data="data:text/html' substring in an e-mail message (The vendor subsequently patched this).
CVSS Score
6.1
EPSS Score
0.004
Published
2019-06-19
A cross-site scripting vulnerability exists in Nagios XI before 5.5.4 via the 'name' parameter within the Account Information page. Exploitation of this vulnerability allows an attacker to execute arbitrary JavaScript code within the auto login admin management page.
CVSS Score
5.4
EPSS Score
0.064
Published
2019-06-19
An Insufficient Access Control vulnerability (leading to credential disclosure) in coreconfigsnapshot.php (aka configuration snapshot page) in Nagios XI before 5.5.4 allows remote attackers to gain access to configuration files containing confidential credentials.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-06-19
SQL Injection exists in the Auction Factory 4.5.5 component for Joomla! via the filter_order_Dir or filter_order parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-06-19
SQL Injection exists in the Dutch Auction Factory 2.0.2 component for Joomla! via the filter_order_Dir or filter_order parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-06-19


Contact Us

Shodan ® - All rights reserved