Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-12944

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-15 Oct, 2019 | 13:56
Updated At-04 Aug, 2024 | 23:32
Rejected At-
Credits

Glue Smart Lock 2.7.8 devices do not properly block guest access in certain situations where the network connection is unavailable.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:15 Oct, 2019 | 13:56
Updated At:04 Aug, 2024 | 23:32
Rejected At:
▼CVE Numbering Authority (CNA)

Glue Smart Lock 2.7.8 devices do not properly block guest access in certain situations where the network connection is unavailable.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.kth.se/polopoly_fs/1.931930.1571073241%21/Vulnerability_Report_Glue_State_Consistency.pdf
x_refsource_MISC
https://www.kth.se/polopoly_fs/1.914054.1561620889%21/Examensarbete%20Final.pdf
x_refsource_MISC
Hyperlink: https://www.kth.se/polopoly_fs/1.931930.1571073241%21/Vulnerability_Report_Glue_State_Consistency.pdf
Resource:
x_refsource_MISC
Hyperlink: https://www.kth.se/polopoly_fs/1.914054.1561620889%21/Examensarbete%20Final.pdf
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.kth.se/polopoly_fs/1.931930.1571073241%21/Vulnerability_Report_Glue_State_Consistency.pdf
x_refsource_MISC
x_transferred
https://www.kth.se/polopoly_fs/1.914054.1561620889%21/Examensarbete%20Final.pdf
x_refsource_MISC
x_transferred
Hyperlink: https://www.kth.se/polopoly_fs/1.931930.1571073241%21/Vulnerability_Report_Glue_State_Consistency.pdf
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.kth.se/polopoly_fs/1.914054.1561620889%21/Examensarbete%20Final.pdf
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:15 Oct, 2019 | 14:15
Updated At:07 Nov, 2023 | 03:03

Glue Smart Lock 2.7.8 devices do not properly block guest access in certain situations where the network connection is unavailable.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CPE Matches

gluehome
gluehome
>>glue_smart_lock_firmware>>2.7.8
cpe:2.3:o:gluehome:glue_smart_lock_firmware:2.7.8:*:*:*:*:*:*:*
gluehome
gluehome
>>glue_smart_lock>>-
cpe:2.3:h:gluehome:glue_smart_lock:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-862Primarynvd@nist.gov
CWE ID: CWE-862
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://www.kth.se/polopoly_fs/1.914054.1561620889%21/Examensarbete%20Final.pdfcve@mitre.org
N/A
https://www.kth.se/polopoly_fs/1.931930.1571073241%21/Vulnerability_Report_Glue_State_Consistency.pdfcve@mitre.org
N/A
Hyperlink: https://www.kth.se/polopoly_fs/1.914054.1561620889%21/Examensarbete%20Final.pdf
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.kth.se/polopoly_fs/1.931930.1571073241%21/Vulnerability_Report_Glue_State_Consistency.pdf
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

111Records found

CVE-2017-18677
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.54%
||
7 Day CHG~0.00%
Published-07 Apr, 2020 | 14:33
Updated-05 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. Because of an unprotected Intent, an attacker can reset the configuration of certain applications. The Samsung ID is SVE-2016-7142 (April 2017).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-862
Missing Authorization
CVE-2017-17433
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.7||LOW
EPSS-1.55% / 80.70%
||
7 Day CHG~0.00%
Published-06 Dec, 2017 | 03:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions.

Action-Not Available
Vendor-n/aSambaDebian GNU/Linux
Product-debian_linuxrsyncn/a
CWE ID-CWE-862
Missing Authorization
CVE-2021-30874
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.20% / 42.06%
||
7 Day CHG~0.00%
Published-24 Aug, 2021 | 18:49
Updated-03 Aug, 2024 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authorization issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. A VPN configuration may be installed by an app without user permission.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osmacosipadosiOS and iPadOS
CWE ID-CWE-862
Missing Authorization
CVE-2021-24146
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.5||HIGH
EPSS-85.04% / 99.30%
||
7 Day CHG~0.00%
Published-18 Mar, 2021 | 14:57
Updated-03 Aug, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Modern Events Calendar Lite < 5.16.5 - Unauthenticated Events Export

Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example.

Action-Not Available
Vendor-webnusUnknown
Product-modern_events_calendar_liteModern Events Calendar Lite
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-862
Missing Authorization
CVE-2021-23975
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.29% / 51.76%
||
7 Day CHG~0.00%
Published-26 Feb, 2021 | 01:49
Updated-03 Aug, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. When this function was invoked we incorrectly called the sizeof function, instead of using the API method that checks for invalid pointers. This vulnerability affects Firefox < 86.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-862
Missing Authorization
CVE-2024-53473
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.54%
||
7 Day CHG+0.02%
Published-07 Dec, 2024 | 00:00
Updated-03 Jan, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WeGIA 3.2.0 before 3998672 does not verify permission to change a password.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-862
Missing Authorization
CVE-2024-48645
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.13% / 32.80%
||
7 Day CHG~0.00%
Published-21 Oct, 2024 | 00:00
Updated-23 Oct, 2024 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Minecraft mod "Command Block IDE" up to and including version 0.4.9, a missing authorization (CWE-862) allows any user to modify "function" files used by the game when installed on a dedicated server.

Action-Not Available
Vendor-n/aarm32x
Product-n/acommand_block_ide
CWE ID-CWE-862
Missing Authorization
CVE-2024-44069
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.14% / 35.04%
||
7 Day CHG~0.00%
Published-19 Aug, 2024 | 00:00
Updated-29 Oct, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pi-hole before 6 allows unauthenticated admin/api.php?setTempUnit= calls to change the temperature units of the web dashboard. NOTE: the supplier reportedly does "not consider the bug a security issue" but the specific motivation for letting arbitrary persons change the value (Celsius, Fahrenheit, or Kelvin), seen by the device owner, is unclear.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-862
Missing Authorization
CVE-2021-24831
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.5||HIGH
EPSS-0.68% / 70.74%
||
7 Day CHG~0.00%
Published-03 Jan, 2022 | 12:49
Updated-03 Aug, 2024 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tab - Accordion, FAQ < 1.3.2 - Unauthenticated AJAX Calls

All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated and authenticated users, allowing unauthenticated attackers to modify various data in the plugin, such as add/edit/delete arbitrary tabs.

Action-Not Available
Vendor-rich-webUnknown
Product-tabTab – Accordion, FAQ
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-425
Direct Request ('Forced Browsing')
CVE-2021-25093
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.5||HIGH
EPSS-0.47% / 63.63%
||
7 Day CHG~0.00%
Published-01 Feb, 2022 | 12:21
Updated-10 Oct, 2024 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Link Library < 7.2.8 - Unauthenticated Arbitrary Links Deletion

The Link Library WordPress plugin before 7.2.8 does not have authorisation in place when deleting links, allowing unauthenticated users to delete arbitrary links via a crafted request

Action-Not Available
Vendor-ylefebvreUnknown
Product-link_libraryLink Library
CWE ID-CWE-862
Missing Authorization
CVE-2022-3322
Matching Score-4
Assigner-Cloudflare, Inc.
ShareView Details
Matching Score-4
Assigner-Cloudflare, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 2.64%
||
7 Day CHG~0.00%
Published-28 Oct, 2022 | 09:25
Updated-05 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Lock WARP switch bypass on WARP mobile client using iOS quick action

Lock Warp switch is a feature of Zero Trust platform which, when enabled, prevents users of enrolled devices from disabling WARP client. Due to insufficient policy verification by WARP iOS client, this feature could be bypassed by using the "Disable WARP" quick action.

Action-Not Available
Vendor-Cloudflare, Inc.
Product-warp_mobile_clientWARP
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found