In smsSelected of AnswerFragment.java, there is a way to send an SMS from the lock screen due to a permissions bypass. This could lead to local escalation of privilege on the lock screen with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-137102479
CWE-306
CVE-2019-9974
diag_tool.cgi on DASAN H660RM GPON routers with firmware 1.03-0022 lacks any authorization check, which allows remote attackers to run a ping command via a GET request to enumerate LAN devices or crash the router with a DoS attack.
CVE-2019-9934
Various Lexmark products have Incorrect Access Control (issue 1 of 2).
CVE-2019-9935
Various Lexmark products have Incorrect Access Control (issue 2 of 2).
CVE-2019-9871
Jector Smart TV FM-K75 devices allow remote code execution because there is an adb open port with root permission.
CVE-2019-9879
The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. This is related to the registerUser mutation.