Skip to main content
CVE-2019-18651 MEDIUM POC This Month

A cross-site request forgery (CSRF) vulnerability in 3xLogic Infinias Access Control through 6.6.9586.0 allows remote attackers to execute malicious and unauthorized actions (e.g., delete application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Infinias Access Control Firmware
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2019-18957 MEDIUM POC This Month

Microstrategy Library in MicroStrategy before 2019 before 11.1.3 has reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microstrategy Library
NVD
CVSS 3.1
6.1
EPSS
4.5%
CVE-2019-15802 MEDIUM POC This Month

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Zyxel Gs1900 8 Firmware Gs1900 8Hp Firmware Gs1900 10Hp Firmware +6
NVD
CVSS 3.1
5.9
EPSS
1.5%
CVE-2019-18885 MEDIUM POC PATCH This Month

fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verify_dev_extents NULL pointer dereference via a crafted btrfs image because fs_devices->devices is mishandled within find_device,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.1
5.5
EPSS
1.2%
CVE-2019-18954 MEDIUM POC PATCH This Month

Pomelo v2.2.5 allows external control of critical state data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pomelo
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2019-0152 MEDIUM This Month

Insufficient memory protection in System Management Mode (SMM) and Intel(R) TXT for certain Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Intel Xeon Platinum 8253 Firmware Xeon Platinum 8256 Firmware +128
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2019-0151 MEDIUM This Month

Insufficient memory protection in Intel(R) TXT for certain Intel(R) Core Processors and Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Xeon D 2141I Firmware Xeon D 2177Nt Firmware Xeon D 2161I Firmware Xeon D 2143It Firmware Xeon D 2146Nt Firmware +442
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2019-0139 MEDIUM PATCH This Month

Insufficient access control in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow a privileged user to potentially enable an escalation of privilege, denial of. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Intel Information Disclosure Ethernet Controller X710 Tm4 Firmware +6
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2019-11136 MEDIUM This Month

Insufficient access control in system firmware for Intel(R) Xeon(R) Scalable Processors, 2nd Generation Intel(R) Xeon(R) Scalable Processors and Intel(R) Xeon(R) Processors D Family may allow a. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service Intel Information Disclosure Xeon Platinum 8253 Firmware +283
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2019-11135 MEDIUM PATCH This Month

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Information Disclosure Leap Fedora Slackware Apollo 4200 Firmware +156
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2019-0144 MEDIUM PATCH This Month

Unhandled exception in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow an authenticated user to potentially enable a denial of service via local access. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Intel Ethernet Controller X710 Tm4 Firmware Ethernet Controller X710 At2 Firmware Ethernet Controller Xxv710 Am2 Firmware +4
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2019-11179 MEDIUM This Month

Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an authenticated user to potentially enable information disclosure via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Intel Information Disclosure Baseboard Management Controller Firmware
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-3662 MEDIUM This Month

Path Traversal: '/absolute/pathname/here' vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to gain unintended access to files on the system via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Advanced Threat Defense
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-3640 MEDIUM This Month

Unprotected Transport of Credentials in ePO extension in McAfee Data Loss Prevention 11.x prior to 11.4.0 allows remote attackers with access to the network to collect login details to the LDAP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Data Loss Prevention
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2019-11139 MEDIUM This Month

Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel Debian Linux Leap Xeon 8153 Firmware +56
NVD
CVSS 3.1
6.0
EPSS
0.4%
CVE-2019-16863 MEDIUM This Month

STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure St33Tphf2Espi Firmware St33Tphf2Ei2C Firmware St33Tphf20Spi Firmware St33Tphf20I2C Firmware
NVD
CVSS 3.1
5.9
EPSS
3.3%
CVE-2019-14591 MEDIUM This Month

Improper input validation in the API for Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel Graphics Driver Cloud Backup Data Availability Services +2
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-14590 MEDIUM This Month

Improper access control in the API for the Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Information Disclosure Graphics Driver Cloud Backup +3
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-14574 MEDIUM This Month

Out of bounds read in a subsystem for Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Intel Information Disclosure Graphics Driver +4
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-11089 MEDIUM This Month

Insufficient input validation in Kernel Mode module for Intel(R) Graphics Driver before version 25.20.100.6519 may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel Graphics Driver Cloud Backup Data Availability Services +2
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-0184 MEDIUM This Month

Insufficient access control in protected memory subsystem for Intel(R) TXT for 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Xeon(R) Processor E3-1500 v5 and v6. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Intel Core I7 8700B Firmware Intel Core I7 8850H Firmware Core I9 9880H Firmware +125
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-0185 MEDIUM This Month

Insufficient access control in protected memory subsystem for SMM for 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor families; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 families;. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Core I7 6970Hq Firmware Core I7 6920Hq Firmware Core I7 6870Hq Firmware +138
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-0154 MEDIUM This Month

Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel Ubuntu Linux Pentium J4205 Firmware Pentium N4200 Firmware +144
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2019-0149 MEDIUM PATCH This Month

Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 2.8.43 may allow an authenticated user to potentially enable a denial of service via local. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Intel Ethernet Controller X710 Tm4 Firmware Ethernet Controller X710 At2 Firmware Ethernet Controller Xxv710 Am2 Firmware +4
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-0148 MEDIUM PATCH This Month

Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Intel Ethernet Controller X710 Tm4 Firmware Ethernet Controller X710 At2 Firmware Ethernet Controller Xxv710 Am2 Firmware +4
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-0147 MEDIUM PATCH This Month

Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Intel Ethernet Controller X710 Tm4 Firmware Ethernet Controller X710 At2 Firmware Ethernet Controller Xxv710 Am2 Firmware +4
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-0146 MEDIUM PATCH This Month

Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 2.8.43 may allow an authenticated user to potentially enable a denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Intel Ethernet Controller X710 Tm4 Firmware Ethernet Controller X710 At2 Firmware Ethernet Controller Xxv710 Am2 Firmware +4
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-0143 MEDIUM PATCH This Month

Unhandled exception in Kernel-mode drivers for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Intel Ethernet Controller X710 Tm4 Firmware Ethernet Controller X710 At2 Firmware Ethernet Controller Xxv710 Am2 Firmware +4
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15743 MEDIUM This Month

The Sony Xperia Touch Android device with a build fingerprint of Sony/blanc_windy/blanc_windy:7.0/LOIRE-SMART-BLANC-1.0.0-170530-0834/1:user/dev-keys contains a pre-installed app with a package name. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Google Xperia Touch Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15475 MEDIUM This Month

The Xiaomi Mi A3 Android device with a build fingerprint of xiaomi/onc_eea/onc:9/PKQ1.181021.001/V10.2.8.0.PFLEUXM:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Google Qualcomm A3 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15474 MEDIUM This Month

The Xiaomi Cepheus Android device with a build fingerprint of Xiaomi/cepheus/cepheus:9/PKQ1.181121.001/V10.2.6.0.PFAMIXM:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Google Qualcomm Cepheus Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15473 MEDIUM This Month

The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/jasmine/jasmine_sprout:9/PKQ1.180904.001/V10.0.2.0.PDIMIFJ:user/release-keys contains a pre-installed app with a package name. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Google Qualcomm A2 Lite Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15472 MEDIUM This Month

The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/daisy/daisy_sprout:9/PKQ1.180917.001/V10.0.3.0.PDLMIXM:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Google Qualcomm A2 Lite Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15471 MEDIUM This Month

The Xiaomi Mi Mix 2S Android device with a build fingerprint of Xiaomi/polaris/polaris:8.0.0/OPR1.170623.032/V9.5.19.0.ODGMIFA:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Qualcomm Information Disclosure Mix 2S Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15470 MEDIUM This Month

The Xiaomi Redmi Note 6 Pro Android device with a build fingerprint of xiaomi/tulip/tulip:8.1.0/OPM1.171019.011/V10.2.2.0.OEKMIXM:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Qualcomm Information Disclosure Redmi Note 6 Pro Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15469 MEDIUM This Month

The Xiaomi Mi Pad 4 Android device with a build fingerprint of Xiaomi/clover/clover:8.1.0/OPM1.171019.019/V9.6.26.0.ODJCNFD:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Qualcomm Information Disclosure Pad 4 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15468 MEDIUM This Month

The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/daisy/daisy_sprout:9/PKQ1.180917.001/V10.0.3.0.PDLMIXM:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Google A2 Lite Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15431 MEDIUM This Month

The Evercoss U50A Android device with a build fingerprint of EVERCOSS/U50A./EVERCOSS:7.0/NRD90M/1499911028:eng/test-keys contains a pre-installed app with a package name of com.qiku.cleaner app. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure U50A Max Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15430 MEDIUM This Month

The Bluboo D3 Pro Android device with a build fingerprint of BLUBOO/Bluboo_D2_Pro/Bluboo_D2_Pro:7.0/NRD90M/1510370501:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Bluboo D3 Pro Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15392 MEDIUM This Month

The Asus ZenFone 4 Selfie Android device with a build fingerprint of Android/sdm660_64/sdm660_64:8.1.0/OPM1/14.2016.1802.247-20180419:user/release-keys contains a pre-installed app with a package. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Zenfone 4 Selfie Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15391 MEDIUM This Month

The Asus ZenFone 4 Selfie Android device with a build fingerprint of asus/WW_Phone/ASUS_X00LD_1:8.1.0/OPM1.171019.011/15.0400.1809.405-0:user/release-keys contains a pre-installed app with a package. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Zenfone 4 Selfie Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15390 MEDIUM This Month

The Haier G8 Android device with a build fingerprint of Haier/HM-G559-FL/G8:8.1.0/O11019/1522294799:user/release-keys contains a pre-installed app with a package name of com.qiku.service.container. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Haier G8 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15386 MEDIUM This Month

The Lava Z60s Android device with a build fingerprint of LAVA/Z60s/Z60s:8.1.0/O11019/1530331229:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Mediatek Google Z60S Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-15385 MEDIUM This Month

The Infinix Note 5 Android device with a build fingerprint of Infinix/H633B/Infinix-X604_sprout:8.1.0/O11019/L-IN-180206V64:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Note 5 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15384 MEDIUM This Month

The Elephone A4 Android device with a build fingerprint of Elephone/A4/A4:8.1.0/O11019/20180530.143559:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure A4 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15383 MEDIUM This Month

The Allview X5 Android device with a build fingerprint of ALLVIEW/X5_Soul_Mini/X5_Soul_Mini:8.1.0/O11019/1522468763:userdebug/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Soul X5 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15382 MEDIUM This Month

The Cubot Nova Android device with a build fingerprint of CUBOT/CUBOT_NOVA/CUBOT_NOVA:8.1.0/O11019/1527060122:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Nova Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15381 MEDIUM This Month

The BQ 5515L Android device with a build fingerprint of BQru/BQru-5515L/BQru-5515L:8.1.0/O11019/20180409.195525:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure 5515L Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15380 MEDIUM This Month

The Fly Photo Pro Android device with a build fingerprint of Fly/PhotoPro/Photo_Pro:8.1.0/O11019/1528117003:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Photo Pro Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15379 MEDIUM This Month

The Walton Primo G3 Android device with a build fingerprint of WALTON/Primo_GM3/Primo_GM3:8.1.0/O11019/1522737198:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Primo G3 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy