Skip to main content
CVE-2019-9467 MEDIUM This Month

In the Bootloader, there is a possible kernel command injection due to missing command sanitization. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Google Command Injection Android
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2019-2199 MEDIUM This Month

In createSessionInternal of PackageInstallerService.java, there is a possible permissions bypass. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2019-3648 MEDIUM This Month

A Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0.R22 and earlier allows administrators to execute arbitrary code via carefully placing malicious. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft RCE Anti Virus Plus Internet Security +1
NVD
CVSS 3.1
6.7
EPSS
0.7%
CVE-2019-3650 MEDIUM This Month

Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to the atduser credentials via carefully constructed GET. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Advanced Threat Defense
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-3649 MEDIUM This Month

Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attackers to gain access to hashed credentials via carefully constructed POST. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Advanced Threat Defense
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-3420 MEDIUM This Month

All versions up to V2.5.0_EG1T5_TED of ZTE ZXHN H108N product are impacted by an information leak vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Zte Information Disclosure Zxhn H108N Firmware
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2019-0385 MEDIUM This Month

SAP Enable Now, before version 1908, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Enable Now
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2019-5293 MEDIUM This Month

Some Huawei products have a memory leak vulnerability when handling some messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Huawei Information Disclosure Ar120 S Firmware Ar1200 Firmware Ar1200 S Firmware +13
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-0386 MEDIUM This Month

Order processing in SAP ERP Sales (corrected in SAP_APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18) and S4HANA Sales (corrected in S4CORE 1.0, 1.01, 1.02, 1.03, 1.04) does not execute the. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Erp Sales S4Hana Sales
NVD
CVSS 3.1
6.3
EPSS
0.7%
CVE-2019-5246 MEDIUM This Month

Smartphones with software of ELLE-AL00B 9.1.0.109(C00E106R1P21), 9.1.0.113(C00E110R1P21), 9.1.0.125(C00E120R1P21), 9.1.0.135(C00E130R1P21), 9.1.0.153(C00E150R1P21), 9.1.0.155(C00E150R1P21),. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Elle Al00B Firmware
NVD
CVSS 3.1
6.2
EPSS
0.2%
CVE-2019-17550 MEDIUM PATCH This Month

The Blog2Social plugin before 5.9.0 for WordPress is affected by: Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress PHP Blog2Social
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2019-17515 MEDIUM PATCH This Month

The CleanTalk cleantalk-spam-protect plugin before 5.127.4 for WordPress is affected by: Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress PHP Spam Protection Antispam Firewall
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2019-13555 MEDIUM This Month

In Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial number 21081 and prior, Q04/06/13/26UDPVCPU: serial number 21081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU:. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Q03 04 06 13 26Udvcpu Firmware Q04 06 13 26Udpvcpu Firmware Q03Udecpu Firmware Q04 06 10 13 20 26 50 100Udehcpu Firmware +6
NVD
CVSS 3.1
5.9
EPSS
1.5%
CVE-2019-2212 MEDIUM This Month

In poisson_distribution of random, there is an out of bounds read. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-2209 MEDIUM This Month

In BTA_DmPinReply of bta_dm_api.cc, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2019-2198 MEDIUM This Month

In Download Provider, there is a possible SQL injection vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

SQLi Information Disclosure Google Android
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-2197 MEDIUM This Month

In processPhonebookAccess of CachedBluetoothDevice.java, there is a possible permission bypass due to an insecure default value. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-2196 MEDIUM This Month

In Download Provider, there is possible SQL injection. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

SQLi Information Disclosure Google Android
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-5279 MEDIUM This Month

Huawei smart phones Emily-L29C with Versions earlier than 9.1.0.311(C10E2R1P13T8), Versions earlier than 9.1.0.311(C461E2R1P11T8), Versions earlier than 9.1.0.316(C635E2R1P11T8), Versions earlier. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emily L29C Firmware
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2019-5230 MEDIUM This Month

P20 Pro, P20, Mate RS smartphones with versions earlier than Charlotte-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than Emily-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than NEO-AL00D. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure P20 Pro Firmware P20 Firmware Mate Rs Firmware
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2019-0382 MEDIUM This Month

A Cross-Site Scripting vulnerability exists in SAP BusinessObjects Business Intelligence Platform (Web Intelligence-Publication related pages); corrected in version 4.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2019-0388 MEDIUM This Month

SAP UI5 HTTP Handler (corrected in SAP_UI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI_700 version 2.0) allows an attacker to manipulate content due to insufficient URL validation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass SAP Ui
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2019-5231 MEDIUM This Month

P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.186(C00E180R2P1) have an improper authorization vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass P30 Firmware
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2019-3641 MEDIUM This Month

Abuse of Authorization vulnerability in APIs exposed by TIE server in McAfee Threat Intelligence Exchange Server (TIE Server) 3.0.0 allows remote authenticated users to modify stored reputation data. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Threat Intelligence Exchange Server
NVD
CVSS 3.1
4.5
EPSS
0.7%
CVE-2019-0393 MEDIUM This Month

An SQL Injection vulnerability in SAP Quality Management (corrected in S4CORE versions 1.0, 1.01, 1.02, 1.03) allows an attacker to carry out targeted database queries that can read individual fields. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi SAP Quality Management
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2019-0391 MEDIUM This Month

Under certain conditions SAP NetWeaver AS Java (corrected in 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise be restricted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure SAP Netweaver Application Server Java
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2019-0390 MEDIUM This Month

Under certain conditions SAP Data Hub (corrected in DH_Foundation version 2) allows an attacker to access information which would otherwise be restricted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Diagnostics Agent
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2019-5292 LOW Monitor

Honor 10 Lite, Honor 8A, Huawei Y6 mobile phones with the versions before 9.1.0.217(C00E215R3P1), the versions before 9.1.0.205(C00E97R1P9), the versions before 9.1.0.205(C00E97R2P2) have an. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Huawei Information Disclosure Honor 10 Lite Firmware Honor 8A Firmware Huawei Y6 Firmware
NVD
CVSS 3.1
3.3
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy