CVE-2019-14432

HIGH Year: 2019
CVSS v3 Score
8.8
High
CVSS v2 Score
6.8
Medium
Weakness Type
CWE-287
View all →

Vulnerability Description

Incorrect authentication of application WebSocket connections in Loom Desktop for Mac up to 0.16.0 allows remote code execution from either malicious JavaScript in a browser or hosts on the same network, during periods in which a user is recording a video with the application. The same attack vector can be used to crash the application at any time.

Related Vulnerabilities

CVE-2012-3462

HIGH
CVSS:8.8(High)

A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of...

CWE-2872012

CVE-2013-4863

HIGH
CVSS:8.8(High)

The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows (1) remote attackers to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 4...

CWE-2872013

CVE-2013-7051

HIGH
CVSS:8.8(High)

D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters

CWE-2872013

CVE-2015-2880

HIGH
CVSS:8.8(High)

TRENDnet WiFi Baby Cam TV-IP743SIC has a password of admin for the backdoor root account.

CWE-2872015

CVE-2015-6397

HIGH
CVSS:8.8(High)

Cisco RV110W, RV130W, and RV215W devices have an incorrect RBAC configuration for the default account, which allows remote authenticated users to obtain root access via a login session with that accou...

CWE-2872015

CVE-2015-8332

HIGH
CVSS:8.8(High)

Huawei Video Content Management (VCM) before V100R001C10SPC001 does not properly "authenticate online user identities and privileges," which allows remote authenticated users to gain privileges and pe...

CWE-2872015