Skip to main content
CVE-2019-12506 HIGH POC This Week

Due to unencrypted and unauthenticated data communication, the wireless presenter Logitech R700 Laser Presentation Remote R-R0010 is prone to keystroke injection attacks. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass R700 Laser Presentation Remote Firmware
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2019-12775 HIGH POC This Week

An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Datagate Mk2 Firmware Storm 24 Firmware Pixelator Firmware E Streamer Mk2 Firmware
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2019-12777 HIGH POC This Week

An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Datagate Mk2 Firmware Storm 24 Firmware Pixelator Firmware E Streamer Mk2 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2019-3955 HIGH POC THREAT This Week

Dameware Remote Mini Control version 12.1.0.34 and prior contains a unauthenticated remote heap overflow due to the server not properly validating RsaPubKeyLen during key negotiation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption Remote Mini Control
NVD
CVSS 3.0
7.5
EPSS
19.1%
CVE-2019-3957 HIGH POC THREAT This Week

Dameware Remote Mini Control version 12.1.0.34 and prior contains an unauthenticated remote buffer over-read due to the server not properly validating RsaSignatureLen during key negotiation, which. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service Dameware Mini Remote Control
NVD
CVSS 3.1
7.4
EPSS
25.6%
CVE-2019-3956 HIGH POC This Week

Dameware Remote Mini Control version 12.1.0.34 and prior contains an unauthenticated remote buffer over-read due to the server not properly validating CltDHPubKeyLen during key negotiation, which. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service Remote Mini Control
NVD
CVSS 3.0
7.4
EPSS
1.6%
CVE-2019-12779 HIGH POC This Week

libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames (under /dev/shm and /tmp) without O_EXCL. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libqb
NVD GitHub
CVSS 3.0
7.1
EPSS
0.7%
CVE-2019-12505 HIGH This Week

Due to unencrypted and unauthenticated data communication, the wireless presenter Inateck WP1001 v1.3C is prone to keystroke injection attacks. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wp1001 Firmware
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2019-12504 HIGH This Week

Due to unencrypted and unauthenticated data communication, the wireless presenter Inateck WP2002 is prone to keystroke injection attacks. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Wp2002 Firmware
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2019-2102 HIGH This Week

In the Bluetooth Low Energy (BLE) specification, there is a provided example Long Term Key (LTK). Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2019-2093 HIGH This Week

In huff_dec_1D of nlc_dec.cpp, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2019-4069 HIGH This Week

IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not properly validate file types, allowing an attacker to upload malicious content. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload IBM Intelligent Operations Center Intelligent Operations Center For Emergency Management Water Operations For Waternamics
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-4066 HIGH PATCH This Week

IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 could allow an authenciated user to create arbitrary users which could cause ID management issues and result in code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM RCE Intelligent Operations Center Intelligent Operations Center For Emergency Management Water Operations For Waternamics
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2019-2099 HIGH PATCH This Week

In nfa_rw_store_ndef_rx_buf of nfa_rw_act.cc, there is a possible out-of-bound write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Buffer Overflow Privilege Escalation Memory Corruption Android
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2019-2098 HIGH This Week

In areNotificationsEnabledForPackage of NotificationManagerService.java, there is a possible permissions bypass due to a missing permissions check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-2096 HIGH This Week

In EffectRelease of EffectBundle.cpp, there is a possible memory corruption due to a double free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-2094 HIGH This Week

In parseMPEGCCData of NuPlayerCCDecoder.cpp, there is a possible out of bounds write due to missing bounds checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2019-2092 HIGH This Week

In isSeparateProfileChallengeAllowed of DevicePolicyManagerService.java, there is a possible permissions bypass due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-2091 HIGH This Week

In GetPermittedAccessibilityServicesForUser of DevicePolicyManagerService.java, there is a possible permissions bypass due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-2090 HIGH This Week

In isPackageDeviceAdminOnAnyUser of PackageManagerService.java, there is a possible permissions bypass due to a missing permissions check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2019-6532 HIGH PATCH This Week

Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user triggering incompatible type errors because the resource does not have. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

RCE Memory Corruption Control Fpwin Pro
NVD
CVSS 3.1
7.8
EPSS
3.8%
CVE-2019-6530 HIGH This Week

Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user causing heap-based buffer overflows, which may lead to remote code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Control Fpwin Pro
NVD
CVSS 3.1
7.8
EPSS
6.9%
CVE-2019-4068 HIGH This Week

IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to user enumeration, allowing an attacker to brute force into the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Intelligent Operations Center Intelligent Operations Center For Emergency Management Water Operations For Waternamics
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-4067 HIGH This Week

IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Brute Force IBM Information Disclosure Intelligent Operations Center Intelligent Operations Center For Emergency Management +1
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-12763 HIGH This Week

The Security Camera CZ application through 1.6.8 for Android stores potentially sensitive recorded video in external data storage, which is readable by any application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Security Camera Cz
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-2095 HIGH This Week

In callGenIDChangeListeners and related functions of SkPixelRef.cpp, there is a possible use after free due to a race condition. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Race Condition Denial Of Service RCE Google Android
NVD
CVSS 3.0
7.0
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy