Skip to main content
CVE-2019-14239 MEDIUM POC This Month

On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Access Controls (FAC) (a software IP protection method for execute-only access) can be defeated by leveraging a load instruction. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Kinetis Kv1X Firmware Kinetis Kv3X Firmware Kinetis K8X Firmware
NVD
CVSS 3.1
6.6
EPSS
0.4%
CVE-2019-14238 MEDIUM POC This Month

On STMicroelectronics STM32F7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated with a debug probe via the Instruction Tightly Coupled Memory. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Stm32L0 Firmware Stm32L1 Firmware Stm32F4 Firmware Stm32L4 Firmware +2
NVD
CVSS 3.1
6.6
EPSS
0.4%
CVE-2019-16751 MEDIUM POC PATCH This Month

An issue was discovered in Devise Token Auth through 1.1.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Devise Token Auth
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-16728 MEDIUM POC PATCH This Month

DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (mXSS) for an SVG element or a MATH element, as demonstrated by Chrome and Safari. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Apple Google Dompurify Debian Linux
NVD
CVSS 3.1
6.1
EPSS
1.7%
CVE-2019-3726 MEDIUM This Month

An Uncontrolled Search Path Vulnerability is applicable to the following: Dell Update Package (DUP) Framework file versions prior to 19.1.0.413, and Framework file versions prior to 103.4.6.69 used. Rated medium severity (CVSS 6.7). No vendor patch available.

Dell RCE Update Package Framework
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2019-14220 MEDIUM PATCH This Month

An issue was discovered in BlueStacks 4.110 and below on macOS and on 4.120 and below on Windows. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Microsoft Apple Google Bluestacks
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-4515 MEDIUM PATCH This Month

IBM Security Key Lifecycle Manager 3.0 and 3.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

IBM CSRF Security Key Lifecycle Manager
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2019-16725 MEDIUM PATCH This Month

In Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-4566 MEDIUM PATCH This Month

IBM Security Key Lifecycle Manager 3.0 and 3.0.1 stores user credentials in plain in clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Security Key Lifecycle Manager
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-13528 MEDIUM This Month

A specific utility may allow an attacker to gain read access to privileged files in the Niagara AX 3.8u4 (JACE 3e, JACE 6e, JACE 7, JACE-8000), Niagara 4.4u3 (JACE 3e, JACE 6e, JACE 7, JACE-8000),. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Niagara Ax Niagara4
NVD
CVSS 3.1
4.4
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy