Skip to main content
CVE-2019-12799 HIGH POC PATCH THREAT Act Now

In createInstanceFromNamedArguments in Shopware through 5.6.x, a crafted web request can trigger a PHP object instantiation vulnerability, which can result in an arbitrary deserialization if the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

PHP RCE Deserialization Shopware
NVD GitHub
CVSS 3.1
8.8
EPSS
54.7%
CVE-2019-12802 HIGH POC This Week

In radare2 through 3.5.1, the rcc_context function of libr/egg/egg_lang.c mishandles changing context. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free Memory Corruption Radare2 Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.6%
CVE-2019-10959 CRITICAL Act Now

BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build 11, 1.2 Build 15, 1.3.0 Build 14, 1.3.1 Build 13, This does not impact the latest firmware Versions 1.3.2 and 1.6.1,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Alaris Gateway Workstation Firmware Alaris Gs Syringe Pump Firmware Alaris Gh Syringe Pump Firmware Alaris Cc Syringe Pump Firmware +1
NVD
CVSS 3.0
10.0
EPSS
2.5%
CVE-2019-12813 MEDIUM POC This Month

An issue was discovered in Digital Persona U.are.U 4500 Fingerprint Reader v24. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Digital Persona U Are U 4500 Firmware
NVD GitHub
CVSS 3.0
5.9
EPSS
1.1%
CVE-2019-7321 CRITICAL PATCH Act Now

Usage of an uninitialized variable in the function fz_load_jpeg in Artifex MuPDF 1.14 can result in a heap overflow vulnerability that allows an attacker to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Mupdf
NVD GitHub
CVSS 3.0
9.8
EPSS
3.2%
CVE-2019-12798 CRITICAL Act Now

An issue was discovered in Artifex MuJS 1.0.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mujs
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-11119 CRITICAL PATCH Act Now

Insufficient session validation in the service API for Intel(R) RWC3 version 4.186 and before may allow an unauthenticated user to potentially enable escalation of privilege via network access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Intel Raid Web Console 3
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2019-11117 HIGH PATCH This Week

Improper permissions in the installer for Intel(R) Omni-Path Fabric Manager GUI before version 10.9.2.1.1 may allow an authenticated user to potentially enable escalation of privilege via local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Intel Omni Path Fabric Manager Gui
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-0128 HIGH PATCH This Week

Improper permissions in the installer for Intel(R) Chipset Device Software (INF Update Utility) before version 10.1.1.45 may allow an authenticated user to escalate privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Intel Chipset Device Software
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-0136 HIGH This Week

Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Intel Proset Wireless Wifi
NVD
CVSS 3.0
7.4
EPSS
4.1%
CVE-2019-0130 HIGH PATCH This Week

Reflected XSS in web interface for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an unauthenticated user to potentially enable denial of service via. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Denial Of Service Intel Rapid Storage Technology Enterprise Thinkstation P520 Firmware +3
NVD
CVSS 3.1
7.4
EPSS
1.9%
CVE-2019-0164 HIGH This Week

Improper permissions in the installer for Intel(R) Turbo Boost Max Technology 3.0 driver version 1.0.0.1035 and before may allow an authenticated user to potentially enable escalation of privilege. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Turbo Boost Max Technology 3 0 Thinkstation P410 Firmware Thinkstation P510 Firmware +2
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2019-11129 MEDIUM PATCH This Month

Out of bound read/write in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Denial Of Service Information Disclosure Privilege Escalation Buffer Overflow Intel +3
NVD
CVSS 3.0
6.7
EPSS
0.4%
CVE-2019-11128 MEDIUM PATCH This Month

Insufficient input validation in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Intel Information Disclosure Nuc Kit Firmware +2
NVD
CVSS 3.0
6.7
EPSS
0.4%
CVE-2019-11127 MEDIUM PATCH This Month

Buffer overflow in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Denial Of Service Information Disclosure Privilege Escalation Buffer Overflow Intel +3
NVD
CVSS 3.0
6.7
EPSS
0.4%
CVE-2019-11126 MEDIUM PATCH This Month

Pointer corruption in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Information Disclosure Privilege Escalation Buffer Overflow Intel +3
NVD
CVSS 3.0
6.7
EPSS
0.4%
CVE-2019-11125 MEDIUM PATCH This Month

Insufficient input validation in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Intel Information Disclosure Nuc Kit Firmware +2
NVD
CVSS 3.0
6.7
EPSS
0.4%
CVE-2019-11124 MEDIUM PATCH This Month

Out of bound read/write in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Denial Of Service Information Disclosure Privilege Escalation Buffer Overflow Intel +3
NVD
CVSS 3.0
6.7
EPSS
0.4%
CVE-2019-11123 MEDIUM PATCH This Month

Insufficient session validation in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Intel Information Disclosure Nuc Kit Firmware +2
NVD
CVSS 3.0
6.7
EPSS
0.4%
CVE-2019-0181 MEDIUM This Month

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Open Cloud Integrity Tehnology Openattestation
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2019-5439 MEDIUM This Month

A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Vlc Media Player
NVD
CVSS 3.0
6.5
EPSS
5.3%
CVE-2019-5286 MEDIUM This Month

There is a reflection XSS vulnerability in the HedEx products. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Hedex Lite
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2019-0157 MEDIUM This Month

Insufficient input validation in the Intel(R) SGX driver for Linux may allow an authenticated user to potentially enable a denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel Software Guard Extensions Software Guard Extensions Data Center Attestation Primitives
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2019-10962 MEDIUM This Month

BD Alaris Gateway versions, 1.0.13,1.1.3 Build 10,1.1.3 MR Build 11,1.1.5, and 1.1.6, The web browser user interface on the Alaris Gateway Workstation does not prevent an attacker with knowledge of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Alaris Gateway Workstation Firmware
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2019-5245 MEDIUM This Month

HiSuite 9.1.0.300 versions and earlier contains a DLL hijacking vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Hisuite
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2019-11092 MEDIUM This Month

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Open Cloud Integrity Tehnology Openattestation
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2019-0180 MEDIUM This Month

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Open Cloud Integrity Tehnology Openattestation
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2019-0179 MEDIUM This Month

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Open Cloud Integrity Tehnology Openattestation
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2019-0177 MEDIUM This Month

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Open Cloud Integrity Tehnology Openattestation
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2019-0175 MEDIUM This Month

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Open Cloud Integrity Tehnology Openattestation
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2019-0178 LOW Monitor

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. Rated low severity (CVSS 3.6). No vendor patch available.

Information Disclosure Open Cloud Integrity Tehnology Openattestation
NVD
CVSS 3.1
3.6
EPSS
0.2%
CVE-2019-0183 LOW Monitor

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Open Cloud Integrity Tehnology Openattestation
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2019-0182 LOW Monitor

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Open Cloud Integrity Tehnology Openattestation
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2019-0174 LOW Monitor

Logic condition in specific microprocessors may allow an authenticated user to potentially enable partial physical address information disclosure via local access. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure I9 9900X Firmware I9 9920X Firmware I9 9960X Firmware I9 9980Xe Firmware +184
NVD
CVSS 3.0
3.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy