Skip to main content
CVE-2019-14237 CRITICAL POC Act Now

On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Access Controls (FAC) (a software IP protection method for execute-only access) can be defeated by observing CPU registers and the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Kinetis Kv1X Firmware Kinetis Kv3X Firmware Kinetis K8X Firmware
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2019-14236 CRITICAL POC Act Now

On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated by observing CPU. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Stm32L0 Firmware Stm32L1 Firmware Stm32F4 Firmware Stm32L4 Firmware +2
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2019-16257 CRITICAL POC Act Now

Some Motorola devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Motorola Firmware
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2019-16256 CRITICAL POC KEV THREAT Act Now

Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Samsung S T Browser
NVD
CVSS 3.1
9.8
EPSS
4.9%
CVE-2019-16261 CRITICAL POC Act Now

Tripp Lite PDUMH15AT 12.04.0053 and SU750XL 12.04.0052 devices allow unauthenticated POST requests to the /Forms/ directory, as demonstrated by changing the manager or admin password, or shutting off. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Pdumh15At Firmware
NVD GitHub
CVSS 3.1
9.1
EPSS
2.8%
CVE-2019-11898 CRITICAL Act Now

Unauthorized APE administration privileges can be achieved by reverse engineering one of the APE service tools. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Access
NVD
CVSS 3.1
9.9
EPSS
1.1%
CVE-2019-8070 CRITICAL Act Now

Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Use after free vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Adobe RCE Memory Corruption Use After Free +2
NVD
CVSS 3.1
9.8
EPSS
6.1%
CVE-2019-8069 CRITICAL Act Now

Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Same Origin Method Execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Flash Player Desktop Runtime Flash Player
NVD
CVSS 3.1
9.8
EPSS
4.5%
CVE-2019-6005 CRITICAL Act Now

Smart TV Box firmware version prior to 1300 allows remote attackers to bypass access restriction to conduct arbitrary operations on the device without user's intent, such as installing arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Smart Tv Box Firmware
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2019-3638 CRITICAL Act Now

Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Web Gateway
NVD
CVSS 3.1
9.6
EPSS
1.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy