Skip to main content
CVE-2019-5684 CRITICAL POC PATCH Act Now

NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access of an input texture array, which. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Nvidia Buffer Overflow Microsoft RCE +2
NVD
CVSS 3.0
10.0
EPSS
5.4%
CVE-2019-5685 CRITICAL POC Act Now

NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access to a shader local temporary array,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Nvidia Buffer Overflow Microsoft RCE +2
NVD
CVSS 3.0
9.8
EPSS
5.0%
CVE-2019-13143 CRITICAL POC Act Now

An HTTP parameter pollution issue was discovered on Shenzhen Dragon Brothers Fingerprint Bluetooth Round Padlock FB50 2.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Apple Information Disclosure Fb50 Firmware
NVD
CVSS 3.0
9.8
EPSS
3.1%
CVE-2019-14697 CRITICAL POC Act Now

musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Musl
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-6000 HIGH POC This Week

Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Eos 1D X Firmware Eos 1D X Mkii Firmware +64
NVD
CVSS 3.0
8.8
EPSS
2.4%
CVE-2019-5999 HIGH POC This Week

Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Eos 1D X Firmware Eos 1D X Mkii Firmware +64
NVD
CVSS 3.0
8.8
EPSS
2.5%
CVE-2019-5998 HIGH POC This Week

Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Eos 1D X Firmware Eos 1D X Mkii Firmware +64
NVD
CVSS 3.0
8.8
EPSS
2.6%
CVE-2019-5994 HIGH POC This Week

Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Eos 1D X Firmware Eos 1D X Mkii Firmware Eos 1D C Firmware +63
NVD
CVSS 3.0
8.8
EPSS
2.5%
CVE-2019-14473 HIGH POC This Week

eQ-3 Homematic CCU2 and CCU3 use session IDs for authentication but lack authorization checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ccu2 Firmware Ccu3 Firmware
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2019-14347 HIGH POC This Week

Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users (editor or developer) to create an administrator account via admin/user/add, as demonstrated by a Python PoC script. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Python Information Disclosure Adive
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
9.3%
CVE-2019-14346 HIGH POC This Week

Internal/Views/config.php in Schben Adive 2.0.7 allows admin/config CSRF to change a user password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Adive
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
2.7%
CVE-2019-14692 HIGH POC This Week

AdPlug 2.3.1 has a heap-based buffer overflow in CmkjPlayer::load() in mkj.cpp. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Adplug Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2019-14691 HIGH POC This Week

AdPlug 2.3.1 has a heap-based buffer overflow in CdtmLoader::load() in dtm.cpp. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Adplug Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2019-14690 HIGH POC This Week

AdPlug 2.3.1 has a heap-based buffer overflow in CxadbmfPlayer::__bmf_convert_stream() in bmf.cpp. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Adplug Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2019-2386 HIGH POC This Week

After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user's session to persist and become conflated with new accounts, if those accounts. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Authentication Bypass MongoDB
NVD
CVSS 3.1
7.1
EPSS
1.2%
CVE-2019-6001 MEDIUM POC This Month

Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Eos 1D X Firmware Eos 1D X Mkii Firmware Eos 1D C Firmware +63
NVD
CVSS 3.0
6.8
EPSS
0.8%
CVE-2019-5995 MEDIUM POC This Month

Missing authorization vulnerability exists in EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Eos 1D X Firmware Eos 1D X Mkii Firmware Eos 1D C Firmware Eos 5D Mark Iii Firmware +62
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2019-14696 MEDIUM POC THREAT This Month

Open-School 3.0, and Community Edition 2.3, allows XSS via the osv/index.php?r=students/guardians/create id parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Open School
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
15.7%
CVE-2019-13106 HIGH PATCH CISA Act Now

Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow RCE U Boot Leap
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2019-13104 HIGH PATCH CISA Act Now

In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Information Disclosure U Boot Leap
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-14709 CRITICAL Act Now

A cleartext password storage issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mdc N4090 Firmware Mdc N4090W Firmware Mdc N2190V Firmware
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2019-14708 CRITICAL Act Now

An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mdc N4090 Firmware Mdc N4090W Firmware Mdc N2190V Firmware
NVD
CVSS 3.0
9.8
EPSS
4.5%
CVE-2019-14704 CRITICAL Act Now

An SSRF issue was discovered in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 via FTP commands following a newline character in the uploadfile field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Mdc N4090 Firmware Mdc N4090W Firmware Mdc N2190V Firmware
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2019-14702 CRITICAL Act Now

An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Mdc N4090 Firmware Mdc N4090W Firmware Mdc N2190V Firmware
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-14699 CRITICAL Act Now

An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Mdc N4090 Firmware Mdc N4090W Firmware Mdc N2190V Firmware
NVD
CVSS 3.0
9.8
EPSS
6.0%
CVE-2019-14698 CRITICAL Act Now

An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mdc N4090 Firmware Mdc N4090W Firmware Mdc N2190V Firmware
NVD
CVSS 3.0
9.8
EPSS
4.5%
CVE-2019-14695 CRITICAL Act Now

A SQL injection vulnerability exists in the Sygnoos Popup Builder plugin before 3.45 for WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi WordPress PHP Popup Builder
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-12950 MEDIUM POC This Month

An issue was discovered in TeamPass 2.1.27.35. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Teampass
NVD GitHub
CVSS 3.0
5.4
EPSS
0.8%
CVE-2019-14703 HIGH This Week

A CSRF issue was discovered in webparam?user&action=set&param=add in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 to create an admin account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Mdc N4090 Firmware Mdc N4090W Firmware Mdc N2190V Firmware
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-5683 HIGH This Week

NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the user mode video driver trace logger component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Denial Of Service Microsoft RCE Gpu Driver
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2019-5682 HIGH This Week

NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in the NVIDIA Games App where it improperly exports an Activity but does not properly restrict which applications can launch the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Denial Of Service RCE Shield Experience
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2019-5679 HIGH This Week

NVIDIA Shield TV Experience prior to v8.0, NVIDIA Tegra bootloader contains a vulnerability in nvtboot where the Trusted OS image is improperly authenticated, which may lead to code execution, denial. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Nvidia RCE Authentication Bypass +1
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2019-13105 HIGH PATCH This Week

Das U-Boot versions 2019.07-rc1 through 2019.07-rc4 can double-free a cached block of data when listing files in a crafted ext4 filesystem. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure U Boot
NVD GitHub
CVSS 3.0
7.8
EPSS
1.3%
CVE-2019-14706 HIGH This Week

A denial of service issue in HTTPD was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Buffer Overflow Denial Of Service Mdc N4090 Firmware Mdc N4090W Firmware +1
NVD
CVSS 3.0
7.5
EPSS
2.1%
CVE-2019-14701 HIGH This Week

An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Path Traversal Mdc N4090 Firmware Mdc N4090W Firmware Mdc N2190V Firmware
NVD
CVSS 3.0
7.5
EPSS
2.3%
CVE-2019-14700 HIGH This Week

An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Mdc N4090 Firmware Mdc N4090W Firmware Mdc N2190V Firmware
NVD
CVSS 3.0
7.5
EPSS
2.1%
CVE-2019-14707 HIGH This Week

An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Mdc N4090 Firmware Mdc N4090W Firmware Mdc N2190V Firmware
NVD
CVSS 3.0
7.2
EPSS
3.0%
CVE-2019-14705 HIGH This Week

An Incorrect Access Control issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5 because any valid cookie can be used to make requests as an admin. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mdc N4090 Firmware Mdc N4090W Firmware Mdc N2190V Firmware
NVD
CVSS 3.0
7.2
EPSS
1.6%
CVE-2019-5687 HIGH This Week

NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which an incorrect use of default permissions for an. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Nvidia Microsoft Gpu Driver
NVD
CVSS 3.0
7.1
EPSS
0.3%
CVE-2019-5686 MEDIUM This Month

NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software uses an API function or data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Denial Of Service Microsoft Gpu Driver
NVD
CVSS 3.0
5.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy