CVE-2019-10886

MEDIUM Year: 2019
CVSS v3 Score
5.9
Medium
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-306
View all →

Vulnerability Description

An incorrect access control exists in the Sony Photo Sharing Plus application in the firmware before PKG6.5629 version (for the X7500D TV and other applicable TVs). This vulnerability allows an attacker to read arbitrary files without authentication over HTTP when Photo Sharing Plus application is running. This may allow an attacker to browse a particular directory (e.g. images) inside the private network.

Related Vulnerabilities

CVE-2018-16758

MEDIUM
CVSS:5.9(Medium)

Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets.

CWE-3062018

CVE-2019-5163

MEDIUM
CVSS:5.9(Medium)

An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a local_address, arbitrary UDP packets can cause a FA...

CWE-3062019

CVE-2020-13920

MEDIUM
CVSS:5.9(Medium)

Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and cal...

CWE-3062020

CVE-2021-28124

MEDIUM
CVSS:5.9(Medium)

A man-in-the-middle vulnerability in Cohesity DataPlatform support channel in version 6.3 up to 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. Missing server authentication in impacted versions ca...

CWE-3062021

CVE-2022-3738

MEDIUM
CVSS:5.9(Medium)

The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A...

CWE-3062022