Skip to main content
CVE-2019-12799 HIGH POC PATCH THREAT Act Now

In createInstanceFromNamedArguments in Shopware through 5.6.x, a crafted web request can trigger a PHP object instantiation vulnerability, which can result in an arbitrary deserialization if the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

PHP RCE Deserialization Shopware
NVD GitHub
CVSS 3.1
8.8
EPSS
54.7%
CVE-2019-12802 HIGH POC This Week

In radare2 through 3.5.1, the rcc_context function of libr/egg/egg_lang.c mishandles changing context. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free Memory Corruption Radare2 Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.6%
CVE-2019-11117 HIGH PATCH This Week

Improper permissions in the installer for Intel(R) Omni-Path Fabric Manager GUI before version 10.9.2.1.1 may allow an authenticated user to potentially enable escalation of privilege via local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Intel Omni Path Fabric Manager Gui
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-0128 HIGH PATCH This Week

Improper permissions in the installer for Intel(R) Chipset Device Software (INF Update Utility) before version 10.1.1.45 may allow an authenticated user to escalate privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Intel Chipset Device Software
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-0136 HIGH This Week

Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Intel Proset Wireless Wifi
NVD
CVSS 3.0
7.4
EPSS
4.1%
CVE-2019-0130 HIGH PATCH This Week

Reflected XSS in web interface for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an unauthenticated user to potentially enable denial of service via. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Denial Of Service Intel Rapid Storage Technology Enterprise Thinkstation P520 Firmware +3
NVD
CVSS 3.1
7.4
EPSS
1.9%
CVE-2019-0164 HIGH This Week

Improper permissions in the installer for Intel(R) Turbo Boost Max Technology 3.0 driver version 1.0.0.1035 and before may allow an authenticated user to potentially enable escalation of privilege. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Turbo Boost Max Technology 3 0 Thinkstation P410 Firmware Thinkstation P510 Firmware +2
NVD
CVSS 3.1
7.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy