Skip to main content
CVE-2019-10773 HIGH POC PATCH This Week

In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted "bin" keys. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Yarn
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2019-19731 HIGH POC THREAT This Week

Roxy Fileman 1.4.5 for .NET is vulnerable to path traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Microsoft RCE Roxy Fileman
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
11.6%
CVE-2019-19331 HIGH POC This Week

knot-resolver before version 4.3.0 is vulnerable to denial of service through high CPU utilization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Knot Resolver Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2019-19743 MEDIUM POC This Month

On D-Link DIR-615 devices, a normal user is able to create a root(admin) user from the D-Link portal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dir 615 T1 Firmware
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
8.9%
CVE-2019-19368 MEDIUM POC THREAT This Month

A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rumpus
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
21.0%
CVE-2019-18269 CRITICAL Act Now

Omron’s CS and CJ series PLCs have an unrestricted externally accessible lock vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Plc Cj Firmware Plc Cs Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2019-19826 CRITICAL Act Now

The Views Dynamic Fields module through 7.x-1.0-alpha4 for Drupal makes insecure unserialize calls in handlers/views_handler_filter_dynamic_fields.inc, as demonstrated by PHP object injection,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP RCE Deserialization Views Dynamic Field
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2019-16778 CRITICAL PATCH Act Now

In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Tensorflow
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2019-18261 CRITICAL Act Now

In Omron PLC CS series, all versions, Omron PLC CJ series, all versions, and Omron PLC NJ series, all versions, the software does not implement sufficient measures to prevent multiple failed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Plc Cj Firmware Plc Cs Firmware Plc Nj Firmware
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2019-18259 CRITICAL Act Now

In Omron PLC CJ series, all versions and Omron PLC CS series, all versions, an attacker could spoof arbitrary messages or execute commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Plc Cj Firmware Plc Cs Firmware
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2019-18830 CRITICAL Act Now

Barco ClickShare Button R9861500D01 devices before 1.9.0 allow OS Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Clickshare Cs 100 Firmware Clickshare Cse 200 Firmware Clickshare Cse 800 Firmware
NVD
CVSS 3.1
9.8
EPSS
4.3%
CVE-2019-18826 CRITICAL Act Now

Barco ClickShare Button R9861500D01 devices before 1.9.0 have Improper Following of a Certificate's Chain of Trust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Clickshare Cs 100 Firmware Clickshare Cse 200 Firmware Clickshare Cse 800 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2019-19818 MEDIUM POC This Month

The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0xa08a Out-of-Bounds Read via crafted Unicode content. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Nitro Free Pdf Reader
NVD GitHub
CVSS 3.1
5.5
EPSS
1.2%
CVE-2019-18191 HIGH This Week

A privilege escalation vulnerability in the Trend Micro Deep Security as a Service Quick Setup cloud formation template could allow an authenticated entity with certain unrestricted AWS execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Deep Security As A Service
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2019-13533 HIGH This Week

In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, an attacker could monitor traffic between the PLC and the controller and replay requests that could result in the opening. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Plc Cj Firmware Plc Cs Firmware
NVD VulDB
CVSS 3.1
8.1
EPSS
0.3%
CVE-2019-14610 HIGH PATCH This Week

Improper access control in firmware for Intel(R) NUC(R) may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Intel Nuc 8 Mainstream Game Kit Firmware Nuc 8 Mainstream Game Mini Computer Firmware Nuc8I7Bek Firmware +16
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-14608 HIGH PATCH This Week

Improper buffer restrictions in firmware for Intel(R) NUC(R) may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Privilege Escalation Buffer Overflow Intel Nuc 8 Mainstream Game Kit Firmware Nuc 8 Mainstream Game Mini Computer Firmware +17
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-14605 HIGH This Week

Improper permissions in the installer for the Intel(R) SCS Platform Discovery Utility, all versions, may allow an authenticated user to potentially enable escalation of privilege via local attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Setup And Configuration Software Platform Discovery Utility
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-14603 HIGH PATCH This Week

Improper permissions in the installer for the License Server software for Intel® Quartus® Prime Pro Edition before version 19.3 may allow an authenticated user to potentially enable escalation of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Intel Quartus Prime
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-14599 HIGH This Week

Unquoted service path in Control Center-I version 2.1.0.0 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Control Center I
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-14568 HIGH PATCH This Week

Improper permissions in the executable for Intel(R) RST before version 17.7.0.1006 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Intel Rapid Storage Technology
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-0159 HIGH PATCH This Week

Insufficient memory protection in the Linux Administrative Tools for Intel(R) Network Adapters before version 24.3 may allow an authenticated user to potentially enable escalation of privilege via. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Intel Administrative Tools For Intel Network Adapters
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-0134 HIGH This Week

Improper permissions in the Intel(R) Dynamic Platform and Thermal Framework v8.3.10208.5643 and before may allow an authenticated user to potentially execute code at an elevated level of privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Dynamic Platform And Thermal Framework
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-18579 MEDIUM PATCH This Month

Settings for the Dell XPS 13 2-in-1 (7390) BIOS versions prior to 1.1.3 contain a configuration vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Dell Information Disclosure Xps 7390 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2019-18828 MEDIUM This Month

Barco ClickShare Button R9861500D01 devices before 1.9.0 have Insufficiently Protected Credentials. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Brute Force Information Disclosure Clickshare Cs 100 Firmware Clickshare Cse 200 Firmware Clickshare Cse 800 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2019-14612 MEDIUM PATCH This Month

Out of bounds write in firmware for Intel(R) NUC(R) may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Privilege Escalation Buffer Overflow Intel Memory Corruption Nuc 8 Mainstream Game Kit Firmware +18
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2019-14611 MEDIUM PATCH This Month

Integer overflow in firmware for Intel(R) NUC(R) may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Integer Overflow Intel Nuc 8 Mainstream Game Kit Firmware Nuc 8 Mainstream Game Mini Computer Firmware +17
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2019-14609 MEDIUM PATCH This Month

Improper input validation in firmware for Intel(R) NUC(R) may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Intel Nuc 8 Mainstream Game Kit Firmware Nuc 8 Mainstream Game Mini Computer Firmware Nuc8I7Bek Firmware +16
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2019-11157 MEDIUM This Month

Improper conditions check in voltage settings for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege and/or information disclosure via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Information Disclosure Xeon E3 1585 Firmware Xeon E3 1585L Firmware +262
NVD
CVSS 3.1
6.7
EPSS
0.7%
CVE-2019-5259 MEDIUM This Month

There is an information leakage vulnerability on some Huawei products(AR120-S;AR1200;AR1200-S;AR150;AR150-S;AR160;AR200;AR200-S;AR2200;AR2200-S;AR3200;AR3600). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Huawei Information Disclosure Ar120 S Firmware Ar1200 Firmware +10
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2019-13181 MEDIUM This Month

A CSV injection vulnerability exists in the web UI of SolarWinds Serv-U FTP Server v15.1.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Serv U Ftp Server
NVD
CVSS 3.1
6.5
EPSS
3.2%
CVE-2019-4560 MEDIUM This Month

IBM MQ and IBM MQ Appliance 9.1 CD, 9.1 LTS, 9.0 LTS, and 8.0 is vulnerable to a denial of service attack caused by channels processing poorly formatted messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Mq Appliance
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-19783 MEDIUM PATCH This Month

An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Imap Debian Linux Fedora Ubuntu Linux
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2019-16779 MEDIUM PATCH This Month

In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Excon Backports Sle Leap Debian Linux
NVD GitHub
CVSS 3.1
5.9
EPSS
1.4%
CVE-2019-18827 MEDIUM This Month

On Barco ClickShare Button R9861500D01 devices (before firmware version 1.9.0) JTAG access is disabled after ROM code execution. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass RCE Clickshare Cs 100 Firmware Clickshare Cse 200 Firmware Clickshare Cse 800 Firmware
NVD
CVSS 3.1
5.9
EPSS
1.4%
CVE-2019-14604 MEDIUM PATCH This Month

Null pointer dereference in the FPGA kernel driver for Intel(R) Quartus(R) Prime Pro Edition before version 19.3 may allow an authenticated user to potentially enable denial of service via local. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Intel Quartus Prime
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-11165 MEDIUM PATCH This Month

Improper conditions check in the Linux kernel driver for the Intel(R) FPGA SDK for OpenCL(TM) Pro Edition before version 19.4 may allow an authenticated user to potentially enable denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Intel Field Programmable Gate Array Software Development Kit For Opencl
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-11096 MEDIUM PATCH This Month

Insufficient memory protection for Intel(R) Ethernet I218 Adapter driver for Windows* 10 before version 24.1 may allow an authenticated user to potentially enable information disclosure via local. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Intel Ethernet I218 Adapter Driver
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-4444 MEDIUM This Month

IBM API Connect 2018.1 through 2018.4.1.7 Developer Portal's user registration page does not disable password autocomplete. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Api Connect
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-13182 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability exists in the web UI of SolarWinds Serv-U FTP Server 15.1.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Serv U Ftp Server
NVD
CVSS 3.1
5.4
EPSS
6.4%
CVE-2019-12414 MEDIUM PATCH This Month

In Apache Incubator Superset before 0.32, a user can view database names that he has no access to on a dropdown list in SQLLab. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Superset
NVD
CVSS 3.1
5.3
EPSS
2.7%
CVE-2019-12413 MEDIUM PATCH This Month

In Apache Incubator Superset before 0.31 user could query database metadata information from a database he has no access to, by using a specially crafted complex query. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apache Superset
NVD
CVSS 3.1
5.3
EPSS
2.8%
CVE-2019-14607 MEDIUM This Month

Improper conditions check in multiple Intel® Processors may allow an authenticated user to potentially enable partial escalation of privilege, denial of service and/or information disclosure via. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service Intel Information Disclosure Xeon Platinum 9282 Firmware +377
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2019-18831 MEDIUM This Month

Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Information Exposure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Information Disclosure Clickshare Cs 100 Firmware Clickshare Cse 200 Firmware Clickshare Cse 800 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy