Skip to main content
CVE-2019-15355 MEDIUM This Month

The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Camon Iclick Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15354 MEDIUM This Month

The Ulefone Armor 5 Android device with a build fingerprint of Ulefone/Ulefone_Armor_5/Ulefone_Armor_5:8.1.0/O11019/1528806701:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Armor 5 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15353 MEDIUM This Month

The Coolpad N3C Android device with a build fingerprint of Coolpad/N3C/N3C:8.1.0/O11019/1538236809:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure N3C Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15352 MEDIUM This Month

The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Mega 5 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-18978 MEDIUM PATCH This Month

An issue was discovered in the rack-cors (aka Rack CORS Middleware) gem before 1.0.4 for Ruby. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Canonical Rack Cors Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
5.3
EPSS
2.5%
CVE-2019-11174 MEDIUM This Month

Insufficient access control in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure via network access. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Intel Information Disclosure Baseboard Management Controller Firmware
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2019-11172 MEDIUM This Month

Out of bound read in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure via network access. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Intel Information Disclosure Baseboard Management Controller Firmware
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2019-0150 MEDIUM PATCH This Month

Insufficient access control in firmware Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow a privileged user to potentially enable a denial of service via local access. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity.

Denial Of Service Intel Ethernet Controller X710 Tm4 Firmware Ethernet Controller X710 At2 Firmware Ethernet Controller Xxv710 Am2 Firmware +4
NVD
CVSS 3.1
5.1
EPSS
0.3%
CVE-2019-18649 MEDIUM This Month

When logged in as an admin user, the Title input field (under Reports) within Untangle NG firewall 14.2.0 is vulnerable to stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ng Firewall
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2019-18648 MEDIUM This Month

When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input fields. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ng Firewall
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2019-17391 MEDIUM This Month

An issue was discovered in the Espressif ESP32 mask ROM code 2016-06-08 0 through 2. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Esp32 D0Wd Firmware Esp32 D2Wd Firmware Esp32 S0Wd Firmware Esp32 Pico D4 Firmware
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2019-11113 MEDIUM This Month

Buffer overflow in Kernel Mode module for Intel(R) Graphics Driver before version 25.20.100.6618 (DCH) or 21.20.x.5077 (aka15.45.5077) may allow a privileged user to potentially enable information. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Intel Information Disclosure Graphics Driver Cloud Backup +3
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2019-0117 MEDIUM This Month

Insufficient access control in protected memory subsystem for Intel(R) SGX for 6th, 7th, 8th, 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Xeon(R) Processor E3-1500 v5, v6 Families;. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Core I7 6970Hq Firmware Core I7 6920Hq Firmware Core I7 6870Hq Firmware +159
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2019-8244 MEDIUM This Month

Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds read vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Media Encoder
NVD
CVSS 3.1
4.3
EPSS
3.3%
CVE-2019-8243 MEDIUM This Month

Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds read vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Media Encoder
NVD
CVSS 3.1
4.3
EPSS
3.3%
CVE-2019-8242 MEDIUM This Month

Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds read vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Media Encoder
NVD
CVSS 3.1
4.3
EPSS
3.3%
CVE-2019-8241 MEDIUM This Month

Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds read vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Media Encoder
NVD
CVSS 3.1
4.3
EPSS
3.3%
CVE-2019-15744 LOW Monitor

The Sony Xperia Xperia XZs Android device with a build fingerprint of Sony/keyaki_softbank/keyaki_softbank:7.1.1/TONE3-3.0.0-SOFTBANK-170517-0323/1:user/dev-keys contains a pre-installed app with a. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Google Xperia Xzs Firmware
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2019-15467 LOW Monitor

The Xiaomi Mi Mix 2S Android device with a build fingerprint of Xiaomi/polaris/polaris:8.0.0/OPR1.170623.032/V9.5.19.0.ODGMIFA:user/release-keys contains a pre-installed app with a package name of. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Google Mix 2S Firmware
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2019-15466 LOW Monitor

The Xiaomi Redmi 6 Pro Android device with a build fingerprint of xiaomi/sakura_india/sakura_india:8.1.0/OPM1.171019.019/V10.2.6.0.ODMMIXM:user/release-keys contains a pre-installed app with a. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Google Redmi 6 Pro Firmware
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2019-15428 LOW Monitor

The Xiaomi Mi Note 2 Android device with a build fingerprint of Xiaomi/scorpio/scorpio:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Google Note 2 Firmware
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2019-15427 LOW Monitor

The Xiaomi Mi Mix Android device with a build fingerprint of Xiaomi/lithium/lithium:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Google Mix Firmware
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2019-15426 LOW Monitor

The Xiaomi 5S Plus Android device with a build fingerprint of Xiaomi/natrium/natrium:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Google 5S Plus Firmware
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2019-15425 LOW Monitor

The Kata M4s Android device with a build fingerprint of alps/full_hct6750_66_n/hct6750_66_n:7.0/NRD90M/1495624556:user/test-keys contains a pre-installed app with a package name of. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Google Mediatek M4S Firmware
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2019-15424 LOW Monitor

The Doogee BL5000 Android device with a build fingerprint of DOOGEE/BL5000/BL5000:7.0/NRD90M/1497072355:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Google Mediatek Bl5000 Firmware
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2019-15423 LOW Monitor

The Bluboo Bluboo_S1 Android device with a build fingerprint of BLUBOO/Bluboo_S1/Bluboo_S1:7.0/NRD90M/1495809471:user/release-keys contains a pre-installed app with a package name of. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Google Mediatek Blueboo S1 Firmware
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2019-15422 LOW Monitor

The Doogee Mix Android device with a build fingerprint of DOOGEE/MIX/MIX:7.0/NRD90M/1495809471:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Google Mediatek Mix Firmware
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2019-15421 LOW Monitor

The Blackview BV7000_Pro Android device with a build fingerprint of Blackview/BV7000_Pro/BV7000_Pro:7.0/NRD90M/1493011204:user/release-keys contains a pre-installed app with a package name of. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Google Mediatek Bv7000 Pro Firmware
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2019-15420 LOW Monitor

The Blackview BV9000Pro-F Android device with a build fingerprint of Blackview/BV9000Pro-F/BV9000Pro-F:7.1.1/N4F26M/1514363110:user/release-keys contains a pre-installed app with a package name of. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Google Mediatek Bv9000Pro F Firmware
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2019-15415 LOW Monitor

The Xiaomi Redmi 5 Android device with a build fingerprint of xiaomi/vince/vince:7.1.2/N2G47H/V9.5.4.0.NEGMIFA:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Google Redmi 5 Firmware
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2019-15393 LOW Monitor

The Asus ZenFone Live Android device with a build fingerprint of asus/WW_Phone/ASUS_X00LD_3:7.1.1/NMF26F/14.0400.1806.203-20180720:user/release-keys contains a pre-installed app with a package name. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Google Zenfone Live L1 Firmware
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2019-15387 LOW Monitor

The Archos Core 101 Android device with a build fingerprint of archos/MTKAC101CR3G_ARCHOS/ac101cr3g:7.0/NRD90M/20180611.034442:user/release-keys contains a pre-installed app with a package name of. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Google Core 101 Firmware
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2019-15340 LOW Monitor

The Xiaomi Redmi 6 Pro Android device with a build fingerprint of xiaomi/sakura_india/sakura_india:8.1.0/OPM1.171019.019/V9.6.4.0.ODMMIFD:user/release-keys contains a pre-installed app with a package. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Redmi 6 Firmware
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2019-15339 LOW Monitor

The Lava Z60s Android device with a build fingerprint of LAVA/Z60s/Z60s:8.1.0/O11019/1530331229:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Z60S Firmware
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2019-15338 LOW Monitor

The Lava Iris 88 Lite Android device with a build fingerprint of LAVA/iris88_lite/iris88_lite:8.1.0/O11019/1536323070:user/release-keys contains a pre-installed app with a package name of. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Iris 88 Firmware
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2019-15337 LOW Monitor

The Lava Z81 Android device with a build fingerprint of LAVA/Z81/Z81:8.1.0/O11019/1532317309:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Z81 Firmware
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2019-15336 LOW Monitor

The Lava Z61 Turbo Android device with a build fingerprint of LAVA/Z61_Turbo/Z61_Turbo:8.1.0/O11019/1536917928:user/release-keys contains a pre-installed app with a package name of. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Z61 Firmware
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2019-15335 LOW Monitor

The Lava Z92 Android device with a build fingerprint of LAVA/Z92/Z92:8.1.0/O11019/1535088037:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Z92 Firmware
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2019-15334 LOW Monitor

The Lava Iris 88 Go Android device with a build fingerprint of LAVA/iris88_go/iris88_go:8.1.0/O11019/1538188945:user/release-keys contains a pre-installed app with a package name of. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Iris 88 Firmware
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2019-15333 LOW Monitor

The Lava Flair Z1 Android device with a build fingerprint of LAVA/Z1/Z1:8.1.0/O11019/1536680131:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Flair Z1 Firmware
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2019-15332 LOW Monitor

The Lava Z61 Android device with a build fingerprint of LAVA/Z61_2GB/Z61_2GB:8.1.0/O11019/1533889281:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Z61 Firmware
NVD
CVSS 3.1
3.3
EPSS
0.2%
Prev Page 5 of 5

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy