Skip to main content
CVE-2019-19743 MEDIUM POC This Month

On D-Link DIR-615 devices, a normal user is able to create a root(admin) user from the D-Link portal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dir 615 T1 Firmware
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
8.9%
CVE-2019-19368 MEDIUM POC THREAT This Month

A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rumpus
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
21.0%
CVE-2019-19818 MEDIUM POC This Month

The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0xa08a Out-of-Bounds Read via crafted Unicode content. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Nitro Free Pdf Reader
NVD GitHub
CVSS 3.1
5.5
EPSS
1.2%
CVE-2019-18579 MEDIUM PATCH This Month

Settings for the Dell XPS 13 2-in-1 (7390) BIOS versions prior to 1.1.3 contain a configuration vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Dell Information Disclosure Xps 7390 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2019-18828 MEDIUM This Month

Barco ClickShare Button R9861500D01 devices before 1.9.0 have Insufficiently Protected Credentials. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Brute Force Information Disclosure Clickshare Cs 100 Firmware Clickshare Cse 200 Firmware Clickshare Cse 800 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2019-14612 MEDIUM PATCH This Month

Out of bounds write in firmware for Intel(R) NUC(R) may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Privilege Escalation Buffer Overflow Intel Memory Corruption Nuc 8 Mainstream Game Kit Firmware +18
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2019-14611 MEDIUM PATCH This Month

Integer overflow in firmware for Intel(R) NUC(R) may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Integer Overflow Intel Nuc 8 Mainstream Game Kit Firmware Nuc 8 Mainstream Game Mini Computer Firmware +17
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2019-14609 MEDIUM PATCH This Month

Improper input validation in firmware for Intel(R) NUC(R) may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Intel Nuc 8 Mainstream Game Kit Firmware Nuc 8 Mainstream Game Mini Computer Firmware Nuc8I7Bek Firmware +16
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2019-11157 MEDIUM This Month

Improper conditions check in voltage settings for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege and/or information disclosure via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Information Disclosure Xeon E3 1585 Firmware Xeon E3 1585L Firmware +262
NVD
CVSS 3.1
6.7
EPSS
0.7%
CVE-2019-5259 MEDIUM This Month

There is an information leakage vulnerability on some Huawei products(AR120-S;AR1200;AR1200-S;AR150;AR150-S;AR160;AR200;AR200-S;AR2200;AR2200-S;AR3200;AR3600). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Huawei Information Disclosure Ar120 S Firmware Ar1200 Firmware +10
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2019-13181 MEDIUM This Month

A CSV injection vulnerability exists in the web UI of SolarWinds Serv-U FTP Server v15.1.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Serv U Ftp Server
NVD
CVSS 3.1
6.5
EPSS
3.2%
CVE-2019-4560 MEDIUM This Month

IBM MQ and IBM MQ Appliance 9.1 CD, 9.1 LTS, 9.0 LTS, and 8.0 is vulnerable to a denial of service attack caused by channels processing poorly formatted messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Mq Appliance
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-19783 MEDIUM PATCH This Month

An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Imap Debian Linux Fedora Ubuntu Linux
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2019-16779 MEDIUM PATCH This Month

In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Excon Backports Sle Leap Debian Linux
NVD GitHub
CVSS 3.1
5.9
EPSS
1.4%
CVE-2019-18827 MEDIUM This Month

On Barco ClickShare Button R9861500D01 devices (before firmware version 1.9.0) JTAG access is disabled after ROM code execution. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass RCE Clickshare Cs 100 Firmware Clickshare Cse 200 Firmware Clickshare Cse 800 Firmware
NVD
CVSS 3.1
5.9
EPSS
1.4%
CVE-2019-14604 MEDIUM PATCH This Month

Null pointer dereference in the FPGA kernel driver for Intel(R) Quartus(R) Prime Pro Edition before version 19.3 may allow an authenticated user to potentially enable denial of service via local. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Intel Quartus Prime
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-11165 MEDIUM PATCH This Month

Improper conditions check in the Linux kernel driver for the Intel(R) FPGA SDK for OpenCL(TM) Pro Edition before version 19.4 may allow an authenticated user to potentially enable denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Intel Field Programmable Gate Array Software Development Kit For Opencl
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-11096 MEDIUM PATCH This Month

Insufficient memory protection for Intel(R) Ethernet I218 Adapter driver for Windows* 10 before version 24.1 may allow an authenticated user to potentially enable information disclosure via local. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Intel Ethernet I218 Adapter Driver
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-4444 MEDIUM This Month

IBM API Connect 2018.1 through 2018.4.1.7 Developer Portal's user registration page does not disable password autocomplete. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Api Connect
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-13182 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability exists in the web UI of SolarWinds Serv-U FTP Server 15.1.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Serv U Ftp Server
NVD
CVSS 3.1
5.4
EPSS
6.4%
CVE-2019-12414 MEDIUM PATCH This Month

In Apache Incubator Superset before 0.32, a user can view database names that he has no access to on a dropdown list in SQLLab. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Superset
NVD
CVSS 3.1
5.3
EPSS
2.7%
CVE-2019-12413 MEDIUM PATCH This Month

In Apache Incubator Superset before 0.31 user could query database metadata information from a database he has no access to, by using a specially crafted complex query. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apache Superset
NVD
CVSS 3.1
5.3
EPSS
2.8%
CVE-2019-14607 MEDIUM This Month

Improper conditions check in multiple Intel® Processors may allow an authenticated user to potentially enable partial escalation of privilege, denial of service and/or information disclosure via. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service Intel Information Disclosure Xeon Platinum 9282 Firmware +377
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2019-18831 MEDIUM This Month

Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Information Exposure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Information Disclosure Clickshare Cs 100 Firmware Clickshare Cse 200 Firmware Clickshare Cse 800 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy