Skip to main content
CVE-2019-15225 HIGH POC This Week

In Envoy through 1.11.1, users may configure a route to match incoming path headers via the libstdc++ regular expression implementation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Envoy
NVD GitHub
CVSS 3.0
7.5
EPSS
3.4%
CVE-2019-15160 HIGH POC This Week

The SweetXml (aka sweet_xml) package through 0.6.6 for Erlang and Elixir allows attackers to cause a denial of service (resource consumption) via an XML entity expansion attack with an inline DTD. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Sweet Xml
NVD GitHub
CVSS 3.0
7.5
EPSS
1.7%
CVE-2019-15214 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.0.10. Rated medium severity (CVSS 6.4). Public exploit code available.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +2
NVD
CVSS 3.1
6.4
EPSS
0.6%
CVE-2019-15224 CRITICAL PATCH Act Now

The rest-client gem 1.6.10 through 1.6.13 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Rest Client
NVD GitHub
CVSS 3.0
9.8
EPSS
3.5%
CVE-2019-15150 HIGH PATCH This Week

In the OAuth2 Client extension before 0.4 for MediaWiki, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Mw Oauth2Client
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-15213 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.2.3. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +6
NVD VulDB
CVSS 3.1
4.6
EPSS
0.2%
CVE-2019-15223 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.1.8. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel H410c Firmware +5
NVD
CVSS 3.1
4.6
EPSS
0.6%
CVE-2019-15222 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.2.8. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel H410c Firmware +5
NVD
CVSS 3.1
4.6
EPSS
0.6%
CVE-2019-15221 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.1.17. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel H410c Firmware +7
NVD
CVSS 3.1
4.6
EPSS
0.7%
CVE-2019-15220 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.2.1. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +8
NVD
CVSS 3.1
4.6
EPSS
0.8%
CVE-2019-15219 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.1.8. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel H410c Firmware +7
NVD
CVSS 3.1
4.6
EPSS
0.7%
CVE-2019-15218 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.1.8. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel H410c Firmware +8
NVD
CVSS 3.1
4.6
EPSS
0.8%
CVE-2019-15217 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.2.3. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel H410c Firmware +7
NVD
CVSS 3.1
4.6
EPSS
0.7%
CVE-2019-15216 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.0.14. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel H410c Firmware +7
NVD
CVSS 3.1
4.6
EPSS
0.7%
CVE-2019-15215 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.2.6. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +8
NVD
CVSS 3.1
4.6
EPSS
0.8%
CVE-2019-15212 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.1.8. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel H410c Firmware Active Iq Unified Manager +6
NVD
CVSS 3.1
4.6
EPSS
0.8%
CVE-2019-15211 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.2.6. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +8
NVD
CVSS 3.1
4.6
EPSS
0.8%
CVE-2019-11163 HIGH PATCH This Week

Insufficient access control in a hardware abstraction driver for Intel(R) Processor Identification Utility for Windows before version 6.1.0731 may allow an authenticated user to potentially enable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Information Disclosure Privilege Escalation Microsoft Intel +1
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2019-11162 HIGH PATCH This Week

Insufficient access control in hardware abstraction in SEMA driver for Intel(R) Computing Improvement Program before version 2.4.0.04733 may allow an authenticated user to potentially enable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Intel Information Disclosure Computing Improvement Program
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2019-11148 HIGH PATCH This Week

Improper permissions in the installer for Intel(R) Remote Displays SDK before version 2.0.1 R2 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Intel Remote Displays Sdk
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2019-11146 HIGH PATCH This Week

Improper file verification in Intel® Driver & Support Assistant before 19.7.30.2 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Intel Driver Support Assistant
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2019-11145 HIGH PATCH This Week

Improper file verification in Intel® Driver & Support Assistant before 19.7.30.2 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Intel Driver Support Assistant
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-6165 HIGH This Week

A DLL search path vulnerability was reported in PaperDisplay Hotkey Service version 1.2.0.8 that could allow privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Microsoft Yoga 700 11Isk Firmware Yoga 700 14Isk Firmware
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-5631 HIGH This Week

The Rapid7 InsightAppSec broker suffers from a DLL injection vulnerability in the 'prunsrv.exe' component of the product. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Insightappsec
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2019-0173 HIGH PATCH This Week

Authentication bypass in the web console for Intel(R) Raid Web Console 2 all versions may allow an unauthenticated attacker to potentially enable disclosure of information via network access. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Intel Raid Web Console 2
NVD
CVSS 3.0
7.6
EPSS
0.8%
CVE-2019-6171 MEDIUM This Month

A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 20F1 Firmware 20F2 Firmware 20Jq Firmware 20Jr Firmware +144
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2019-11143 MEDIUM PATCH This Month

Improper permissions in the software installer for Intel(R) Authenticate before 3.8 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Intel Authenticate
NVD
CVSS 3.0
6.7
EPSS
0.4%
CVE-2019-11140 MEDIUM PATCH This Month

Insufficient session validation in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Intel Information Disclosure Nuc Kit Firmware +2
NVD
CVSS 3.0
6.7
EPSS
0.4%
CVE-2019-6159 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability exists in various firmware versions of the legacy IBM System x IMM (IMM v1) embedded Baseboard Management Controller (BMC). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Bladecenter Hs22 Firmware Bladecenter Hs22V Firmware Bladecenter Hx5 Firmware +12
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-11276 MEDIUM This Month

Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.16, 2.4.x prior to 2.4.12, 2.5.x prior to 2.5.8, and 2.6.x prior to 2.6.3, makes a request to the. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Application Service
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2019-6178 MEDIUM This Month

An information leakage vulnerability in Iomega and LenovoEMC NAS products could allow disclosure of some device details such as Share names through the device API when Personal Cloud is enabled. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Px12 350R Firmware Ix12 300R Firmware Home Media Network Hard Drive Firmware Storecenter Ix2 200 Firmware +2
NVD
CVSS 3.1
5.3
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy