Skip to main content
CVE-2019-15378 MEDIUM This Month

The Panasonic Eluga Ray 600 Android device with a build fingerprint of Panasonic/ELUGA_Ray_600/ELUGA_Ray_600:8.1.0/O11019/1532692680:user/release-keys contains a pre-installed app with a package name. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Eluga Ray 600 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15377 MEDIUM This Month

The Cherry Flare S7 Android device with a build fingerprint of Cherry_Mobile/Flare_S7_Deluxe/Flare_S7_Deluxe:8.1.0/O11019/1533920920:user/release-keys contains a pre-installed app with a package name. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Flare S7 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15376 MEDIUM This Month

The Panasonic Eluga Ray 530 Android device with a build fingerprint of Panasonic/ELUGA_Ray_530/ELUGA_Ray_530:8.1.0/O11019/1531828974:user/release-keys contains a pre-installed app with a package name. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Eluga Ray 530 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15375 MEDIUM This Month

The Haier G8 Android device with a build fingerprint of Haier/HM-G559-FL/G8:8.1.0/O11019/1522294799:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure G8 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15374 MEDIUM This Month

The Lava Iris 88 Lite Android device with a build fingerprint of LAVA/iris88_lite/iris88_lite:8.1.0/O11019/1536323070:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Iris 88 Lite Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15373 MEDIUM This Month

The Symphony i95 Lite Android device with a build fingerprint of LAVA/iris88_lite/iris88_lite:8.1.0/O11019/1536323070:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure I95 Lite Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15372 MEDIUM This Month

The Hisense F17 Android device with a build fingerprint of Hisense/F17_4G/HS6739MT:8.1.0/O11019/Hisense_F17_4G_00_S01:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Infinity F17 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15371 MEDIUM This Month

The Symphony G100 Android device with a build fingerprint of Symphony/G100/G100:8.1.0/O11019/1530618779:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure G100 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15370 MEDIUM This Month

The Haier G8 Android device with a build fingerprint of Haier/HM-G559-FL/G8:8.1.0/O11019/1526527761:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Haier G8 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15369 MEDIUM This Month

The Lava Z61 Turbo Android device with a build fingerprint of LAVA/Z61_Turbo/Z61_Turbo:8.1.0/O11019/1536917928:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Z61 Turbo Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15368 MEDIUM This Month

The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Mega 5 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15367 MEDIUM This Month

The Haier P10 Android device with a build fingerprint of Haier/P10/P10:8.1.0/O11019/1532662449:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure P10 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15366 MEDIUM This Month

The Infinix Note 5 Android device with a build fingerprint of Infinix/H633IJL/Infinix-X604_sprout:8.1.0/O11019/IJL-180531V181:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Note 5 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15365 MEDIUM This Month

The Lava Z92 Android device with a build fingerprint of LAVA/Z92/Z92:8.1.0/O11019/1535088037:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Z92 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15364 MEDIUM This Month

The Dexp BL250 Android device with a build fingerprint of DEXP/BL250/BL250:8.1.0/O11019/1530858027:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Bl250 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15363 MEDIUM This Month

The Leagoo Power 5 Android device with a build fingerprint of LEAGOO/Power_5/Power_5:8.1.0/O11019/1532686195:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Power 5 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15362 MEDIUM This Month

The Lava Iris 88 Go Android device with a build fingerprint of LAVA/iris88_go/iris88_go:8.1.0/O11019/1538188945:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Iris 88 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15361 MEDIUM This Month

The Infinix Note 5 Android device with a build fingerprint of Infinix/H632C/Infinix-X605_sprout:8.1.0/O11019/CE-180914V59:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Note 5 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15360 MEDIUM This Month

The Hisense U965 Android device with a build fingerprint of Hisense/U965_4G_10/HS6739MT:8.1.0/O11019/Hisense_U965_4G_10_S01:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Infinity U965 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15359 MEDIUM This Month

The Haier A6 Android device with a build fingerprint of Haier/A6/A6:8.1.0/O11019/1534219877:userdebug/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure A6 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15358 MEDIUM This Month

The Dexp Z250 Android device with a build fingerprint of DEXP/Z250/Z250:8.1.0/O11019/1531130719:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Z250 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15357 MEDIUM This Month

The Advan i6A Android device with a build fingerprint of ADVAN/i6A/i6A:8.1.0/O11019/1523602705:userdebug/test-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure I6A Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15356 MEDIUM This Month

The Lava Flair Z1 Android device with a build fingerprint of LAVA/Z1/Z1:8.1.0/O11019/1536680131:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Flair Z1 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15355 MEDIUM This Month

The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Camon Iclick Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15354 MEDIUM This Month

The Ulefone Armor 5 Android device with a build fingerprint of Ulefone/Ulefone_Armor_5/Ulefone_Armor_5:8.1.0/O11019/1528806701:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Armor 5 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15353 MEDIUM This Month

The Coolpad N3C Android device with a build fingerprint of Coolpad/N3C/N3C:8.1.0/O11019/1538236809:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure N3C Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15352 MEDIUM This Month

The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Mega 5 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-18978 MEDIUM PATCH This Month

An issue was discovered in the rack-cors (aka Rack CORS Middleware) gem before 1.0.4 for Ruby. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Canonical Rack Cors Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
5.3
EPSS
2.5%
CVE-2019-11174 MEDIUM This Month

Insufficient access control in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure via network access. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Intel Information Disclosure Baseboard Management Controller Firmware
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2019-11172 MEDIUM This Month

Out of bound read in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure via network access. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Intel Information Disclosure Baseboard Management Controller Firmware
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2019-0150 MEDIUM PATCH This Month

Insufficient access control in firmware Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow a privileged user to potentially enable a denial of service via local access. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity.

Denial Of Service Intel Ethernet Controller X710 Tm4 Firmware Ethernet Controller X710 At2 Firmware Ethernet Controller Xxv710 Am2 Firmware +4
NVD
CVSS 3.1
5.1
EPSS
0.3%
CVE-2019-18649 MEDIUM This Month

When logged in as an admin user, the Title input field (under Reports) within Untangle NG firewall 14.2.0 is vulnerable to stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ng Firewall
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2019-18648 MEDIUM This Month

When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input fields. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ng Firewall
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2019-17391 MEDIUM This Month

An issue was discovered in the Espressif ESP32 mask ROM code 2016-06-08 0 through 2. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Esp32 D0Wd Firmware Esp32 D2Wd Firmware Esp32 S0Wd Firmware Esp32 Pico D4 Firmware
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2019-11113 MEDIUM This Month

Buffer overflow in Kernel Mode module for Intel(R) Graphics Driver before version 25.20.100.6618 (DCH) or 21.20.x.5077 (aka15.45.5077) may allow a privileged user to potentially enable information. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Intel Information Disclosure Graphics Driver Cloud Backup +3
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2019-0117 MEDIUM This Month

Insufficient access control in protected memory subsystem for Intel(R) SGX for 6th, 7th, 8th, 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Xeon(R) Processor E3-1500 v5, v6 Families;. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Core I7 6970Hq Firmware Core I7 6920Hq Firmware Core I7 6870Hq Firmware +159
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2019-8244 MEDIUM This Month

Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds read vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Media Encoder
NVD
CVSS 3.1
4.3
EPSS
3.3%
CVE-2019-8243 MEDIUM This Month

Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds read vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Media Encoder
NVD
CVSS 3.1
4.3
EPSS
3.3%
CVE-2019-8242 MEDIUM This Month

Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds read vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Media Encoder
NVD
CVSS 3.1
4.3
EPSS
3.3%
CVE-2019-8241 MEDIUM This Month

Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds read vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Media Encoder
NVD
CVSS 3.1
4.3
EPSS
3.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy