Skip to main content
CVE-2019-0119 MEDIUM This Month

Buffer overflow vulnerability in system firmware for Intel(R) Xeon(R) Processor D Family, Intel(R) Xeon(R) Scalable Processor, Intel(R) Server Board, Intel(R) Server System and Intel(R) Compute. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Intel Denial Of Service Xeon D 1649N Firmware +91
NVD
CVSS 3.0
6.7
EPSS
0.4%
CVE-2019-0089 MEDIUM This Month

Improper data sanitization vulnerability in subsystem in Intel(R) SPS before versions SPS_E5_04.00.04.381.0, SPS_E3_04.01.04.054.0, SPS_SoC-A_04.00.04.181.0, and SPS_SoC-X_04.00.04.086.0 may allow a. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Server Platform Services
NVD
CVSS 3.0
6.7
EPSS
0.4%
CVE-2019-6787 MEDIUM This Month

An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2019-5946 MEDIUM This Month

Open redirect vulnerability in Cybozu Garoon 4.2.4 to 4.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the Login Screen. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Garoon
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2019-5940 MEDIUM This Month

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Scheduler'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Garoon
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-5939 MEDIUM This Month

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Portal'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Garoon
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-5938 MEDIUM This Month

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Mail'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Garoon
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-5929 MEDIUM This Month

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the application 'Memo'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Garoon
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-5928 MEDIUM This Month

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via Customize Item function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Garoon
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2019-0115 MEDIUM This Month

Insufficient input validation in KMD module for Intel(R) Graphics Driver before version 10.18.14.5067 (aka 15.36.x.5067) and 10.18.10.5069 (aka 15.33.x.5069) may allow an authenticated user to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel Graphics Driver
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2019-0113 MEDIUM This Month

Insufficient bounds checking in Intel(R) Graphics Drivers before version 10.18.14.5067 (aka 15.36.x.5067) and 10.18.10.5069 (aka 15.33.x.5069) may allow an authenticated user to potentially enable a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Intel Graphics Driver
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2019-5955 MEDIUM This Month

CREATE SD official App for Android version 1.0.2 and earlier allows remote attackers to bypass access restriction to lead a user to access an arbitrary website via vulnerable application and conduct. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Create Sd
NVD
CVSS 3.0
5.4
EPSS
1.1%
CVE-2019-5947 MEDIUM This Month

Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the application 'Cabinet'. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Garoon
NVD
CVSS 3.0
5.4
EPSS
0.8%
CVE-2019-5937 MEDIUM This Month

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the user information. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Garoon
NVD
CVSS 3.0
5.4
EPSS
0.8%
CVE-2019-5936 MEDIUM This Month

Directory traversal vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to obtain files without access privileges via the application 'Work Flow'. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Garoon
NVD
CVSS 3.0
5.4
EPSS
1.6%
CVE-2019-4119 MEDIUM PATCH This Month

IBM Cloud Private Kubernetes API server 2.1.0, 3.1.0, 3.1.1, and 3.1.2 can be used as an HTTP proxy to not only cluster internal but also external target IP addresses. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Kubernetes Cloud Private
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2019-0097 MEDIUM This Month

Insufficient input validation vulnerability in subsystem for Intel(R) AMT before version 12.0.35 may allow a privileged user to potentially enable denial of service via network access. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Intel Active Management Technology Firmware
NVD
CVSS 3.0
4.9
EPSS
1.2%
CVE-2019-5932 MEDIUM This Month

Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows remote authenticated attackers to inject arbitrary web script or HTML via the application 'Portal'. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Garoon
NVD
CVSS 3.0
4.8
EPSS
0.8%
CVE-2019-0114 MEDIUM This Month

A race condition in Intel(R) Graphics Drivers before version 10.18.14.5067 (aka 15.36.x.5067) and 10.18.10.5069 (aka 15.33.x.5069) may allow an authenticated user to potentially enable a denial of. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Denial Of Service Intel Graphics Driver
NVD
CVSS 3.0
4.7
EPSS
0.2%
CVE-2019-11114 MEDIUM This Month

Insufficient input validation in Intel(R) Driver & Support Assistant version 19.3.12.3 and before may allow a privileged user to potentially enable denial of service via local access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel Driver Support Assistant
NVD
CVSS 3.0
4.4
EPSS
0.3%
CVE-2019-11095 MEDIUM This Month

Insufficient access control in Intel(R) Driver & Support Assistant version 19.3.12.3 and before may allow a privileged user to potentially enable information disclosure via local access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Driver Support Assistant
NVD
CVSS 3.0
4.4
EPSS
0.4%
CVE-2019-0120 MEDIUM This Month

Insufficient key protection vulnerability in silicon reference firmware for Intel(R) Pentium(R) Processor J Series, Intel(R) Pentium(R) Processor N Series, Intel(R) Celeron(R) J Series, Intel(R). Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel J5005 Firmware J4205 Firmware J3710 Firmware +25
NVD
CVSS 3.0
4.4
EPSS
0.4%
CVE-2019-0116 MEDIUM This Month

An out of bound read in KMD module for Intel(R) Graphics Driver before version 10.18.14.5067 (aka 15.36.x.5067) and 10.18.10.5069 (aka 15.33.x.5069) may allow a privileged user to potentially enable. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Intel Information Disclosure Graphics Driver
NVD
CVSS 3.0
4.4
EPSS
0.3%
CVE-2019-0093 MEDIUM This Month

Insufficient data sanitization vulnerability in HECI subsystem for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow a. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Converged Security And Management Engine
NVD
CVSS 3.0
4.4
EPSS
0.4%
CVE-2019-6790 MEDIUM This Month

An Incorrect Access Control (issue 2 of 3) issue was discovered in GitLab Community and Enterprise Edition 8.14 and later but before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.0
4.3
EPSS
0.8%
CVE-2019-5944 MEDIUM This Month

Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the contents of application 'Address' without modify privileges via the application 'Address'. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.0
4.3
EPSS
1.1%
CVE-2019-5943 MEDIUM This Month

Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to view the information without view privileges via the application 'Bulletin' and the application. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.0
4.3
EPSS
1.3%
CVE-2019-5942 MEDIUM This Month

Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges via the Multiple Files Download function of application. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.0
4.3
EPSS
1.3%
CVE-2019-5941 MEDIUM This Month

Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the Report without access privileges via the application 'Multi Report'. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.0
4.3
EPSS
1.1%
CVE-2019-5935 MEDIUM This Month

Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to change user information without access privileges via the Item function of User Information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.0
4.3
EPSS
1.1%
CVE-2019-5933 MEDIUM This Month

Cybozu Garoon 4.0.0 to 4.10.0 allows remote authenticated attackers to bypass access restriction to view the Bulletin Board without view privileges via the application 'Bulletin'. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.0
4.3
EPSS
1.3%
CVE-2019-5930 MEDIUM This Month

Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to bypass access restriction to browse unauthorized pages via the application 'Management of Basic System'. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.0
4.3
EPSS
1.3%
CVE-2019-0094 MEDIUM This Month

Insufficient input validation vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an unauthenticated user to potentially enable denial of. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Intel Active Management Technology Firmware
NVD
CVSS 3.1
4.3
EPSS
0.5%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy