Skip to main content
CVE-2019-15225 HIGH POC This Week

In Envoy through 1.11.1, users may configure a route to match incoming path headers via the libstdc++ regular expression implementation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Envoy
NVD GitHub
CVSS 3.0
7.5
EPSS
3.4%
CVE-2019-15160 HIGH POC This Week

The SweetXml (aka sweet_xml) package through 0.6.6 for Erlang and Elixir allows attackers to cause a denial of service (resource consumption) via an XML entity expansion attack with an inline DTD. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Sweet Xml
NVD GitHub
CVSS 3.0
7.5
EPSS
1.7%
CVE-2019-15150 HIGH PATCH This Week

In the OAuth2 Client extension before 0.4 for MediaWiki, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Mw Oauth2Client
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-11163 HIGH PATCH This Week

Insufficient access control in a hardware abstraction driver for Intel(R) Processor Identification Utility for Windows before version 6.1.0731 may allow an authenticated user to potentially enable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Information Disclosure Privilege Escalation Microsoft Intel +1
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2019-11162 HIGH PATCH This Week

Insufficient access control in hardware abstraction in SEMA driver for Intel(R) Computing Improvement Program before version 2.4.0.04733 may allow an authenticated user to potentially enable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Intel Information Disclosure Computing Improvement Program
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2019-11148 HIGH PATCH This Week

Improper permissions in the installer for Intel(R) Remote Displays SDK before version 2.0.1 R2 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Intel Remote Displays Sdk
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2019-11146 HIGH PATCH This Week

Improper file verification in Intel® Driver & Support Assistant before 19.7.30.2 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Intel Driver Support Assistant
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2019-11145 HIGH PATCH This Week

Improper file verification in Intel® Driver & Support Assistant before 19.7.30.2 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Intel Driver Support Assistant
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-6165 HIGH This Week

A DLL search path vulnerability was reported in PaperDisplay Hotkey Service version 1.2.0.8 that could allow privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Microsoft Yoga 700 11Isk Firmware Yoga 700 14Isk Firmware
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-5631 HIGH This Week

The Rapid7 InsightAppSec broker suffers from a DLL injection vulnerability in the 'prunsrv.exe' component of the product. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Insightappsec
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2019-0173 HIGH PATCH This Week

Authentication bypass in the web console for Intel(R) Raid Web Console 2 all versions may allow an unauthenticated attacker to potentially enable disclosure of information via network access. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Intel Raid Web Console 2
NVD
CVSS 3.0
7.6
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy