Security Vulnerabilities - CVEs Published In August 2019
Cognitoys Dino devices allow XSS via the SSID.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-08
Cognitoys Dino devices allow profiles_add.html CSRF.
CVSS Score
5.4
EPSS Score
0.001
Published
2019-08-08
The "Security and Privacy" Encryption feature in Mailpile before 1.0.0rc4 does not exclude disabled, revoked, and expired keys.
CVSS Score
7.5
EPSS Score
0.002
Published
2019-08-08
Swann SWWHD-INTCAM-HD devices have the twipc root password, leading to FTP access as root. NOTE: all affected customers were migrated by 2020-08-31.
CVSS Score
9.8
EPSS Score
0.01
Published
2019-08-08
Swann SWWHD-INTCAM-HD devices leave the PSK in logs after a factory reset. NOTE: all affected customers were migrated by 2020-08-31.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-08-08
The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 allows replay attacks.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-08-08
Nespresso Prodigio devices lack Bluetooth connection security.
CVSS Score
8.1
EPSS Score
0.001
Published
2019-08-08
6kbbs 7.1 and 8.0 allows CSRF via portalchannel_ajax.php (id or code parameter) or admin.php (fileids parameter).
CVSS Score
8.8
EPSS Score
0.001
Published
2019-08-08
The acf-better-search (aka ACF: Better Search) plugin before 3.3.1 for WordPress allows wp-admin/options-general.php?page=acfbs_admin_page CSRF.
CVSS Score
4.3
EPSS Score
0.001
Published
2019-08-08
The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF.
CVSS Score
5.7
EPSS Score
0.001
Published
2019-08-08