Skip to main content
CVE-2019-8545 HIGH This Week

A memory corruption issue was addressed with improved state management. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Apple Memory Corruption Iphone Os Mac Os X +2
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2019-8606 HIGH This Week

A validation issue existed in the handling of symlinks. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Apple Information Disclosure Mac Os X
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2019-19235 HIGH This Week

AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 (for Windows 10 notebook PCs) could lead to unsigned code execution with no additional execution. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft RCE Atk Package
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2019-11086 MEDIUM This Month

Insufficient input validation in subsystem for Intel(R) AMT before version 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Intel Active Management Technology Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2019-8760 MEDIUM This Month

This issue was addressed by improving Face ID machine learning models. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Iphone Os
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2019-11110 MEDIUM This Month

Authentication bypass in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Intel Converged Security Management Engine Firmware Trusted Execution Engine Firmware
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2019-11108 MEDIUM This Month

Insufficient input validation in subsystem for Intel(R) CSME before versions 12.0.45 and 13.0.10 may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Converged Security Management Engine Firmware
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2019-11106 MEDIUM This Month

Insufficient session validation in the subsystem for Intel(R) CSME before versions 11.8.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Converged Security Management Engine Firmware Trusted Execution Engine Firmware
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2019-11105 MEDIUM This Month

Logic issue in subsystem for Intel(R) CSME before versions 12.0.45, 13.0.10 and 14.0.10 may allow a privileged user to potentially enable escalation of privilege and information disclosure via local. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Information Disclosure Converged Security Management Engine Firmware
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2019-11087 MEDIUM This Month

Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service Intel Information Disclosure Converged Security Management Engine Firmware +1
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2019-18994 MEDIUM This Month

Due to a lack of file length check, the HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier crashes when trying to load an empty *.JPR application file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Abb Pb610 Panel Builder 600
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2019-8654 MEDIUM This Month

An inconsistent user interface issue was addressed with improved state management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2019-8632 MEDIUM This Month

Some analytics data was sent using HTTP rather than HTTPS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Information Disclosure Texture
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2019-8626 MEDIUM This Month

An input validation issue was addressed with improved input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Iphone Os Watchos
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-8615 MEDIUM This Month

Multiple memory corruption issues were addressed with improved memory handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Microsoft Apple RCE +6
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2019-8607 MEDIUM This Month

An out-of-bounds read was addressed with improved input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Apple Information Disclosure Icloud +6
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-8597 MEDIUM This Month

Multiple memory corruption issues were addressed with improved memory handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Apple RCE Memory Corruption +7
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2019-8554 MEDIUM This Month

A permissions issue existed in the handling of motion and orientation data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-8517 MEDIUM This Month

An out-of-bounds read was addressed with improved bounds checking. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Information Disclosure Iphone Os Mac Os X +2
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-8515 MEDIUM This Month

A cross-origin issue existed with the fetch API. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Apple Information Disclosure Icloud Itunes +3
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-7292 MEDIUM This Month

A validation issue was addressed with improved logic. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Apple Information Disclosure Icloud Itunes +4
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2019-8608 MEDIUM This Month

Multiple memory corruption issues were addressed with improved memory handling. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Apple RCE Memory Corruption +7
NVD
CVSS 3.1
6.3
EPSS
1.5%
CVE-2019-18781 MEDIUM This Month

An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5.x before 5809 that allows attackers to force users who click on a crafted link to be sent to a specified. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Open Redirect Manageengine Adselfservice Plus
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2019-8813 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Apple Icloud Itunes +5
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2019-8791 MEDIUM This Month

An issue existed in the parsing of URL schemes. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Apple Open Redirect Shazam
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-8764 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apple Watchos Webkitgtk
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-8719 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Icloud Itunes Webkitgtk
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2019-8690 MEDIUM POC This Month

A logic issue existed in the handling of document loads. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Apple Icloud Itunes +4
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
4.5%
CVE-2019-8674 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apple Safari Iphone Os Webkitgtk
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-8658 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Apple Icloud Itunes +5
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2019-8649 MEDIUM POC This Month

A logic issue existed in the handling of synchronous page loads. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Apple Icloud Itunes +4
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
4.5%
CVE-2019-8625 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Icloud Itunes Webkitgtk
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2019-8551 MEDIUM This Month

A logic issue was addressed with improved validation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Apple Icloud Itunes +3
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-8505 MEDIUM This Month

A logic issue was addressed with improved validation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apple Safari Iphone Os
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-6204 MEDIUM This Month

A logic issue was addressed with improved validation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apple Safari Iphone Os
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-11992 MEDIUM This Month

A security vulnerability in HPE OneView for VMware vCenter 9.5 could be exploited remotely to allow Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS VMware Oneview For Vmware Vcenter
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-19775 MEDIUM PATCH This Month

The image thumbnailing handler in Zulip Server versions 1.9.0 to before 2.0.8 allowed an open redirect that was visible to logged-in users. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Zulip Server
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-11090 MEDIUM This Month

Cryptographic timing conditions in the subsystem for Intel(R) PTT before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0 and 14.0.10; Intel(R) TXE 3.1.70 and 4.0.20; Intel(R) SPS before. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Intel Information Disclosure Platform Trust Technology Firmware Server Platform Services Firmware +1
NVD
CVSS 3.1
5.9
EPSS
2.3%
CVE-2019-16782 MEDIUM PATCH This Month

There's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Rack Fedora Leap
NVD GitHub
CVSS 3.1
5.9
EPSS
3.7%
CVE-2019-10482 MEDIUM This Month

Due to the use of non-time-constant comparison functions there is issue in timing side channels which can be used as a potential side channel for SUI corruption in Snapdragon Auto, Snapdragon. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Qualcomm Information Disclosure Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +46
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2019-8804 MEDIUM This Month

An inconsistency in Wi-Fi network configuration settings was addressed. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Ipados Iphone Os
NVD
CVSS 3.1
5.7
EPSS
0.4%
CVE-2019-8512 MEDIUM This Month

This issue was addressed with improved transparency. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apple Iphone Os
NVD
CVSS 3.1
5.7
EPSS
0.7%
CVE-2019-19788 MEDIUM This Month

Opera for Android before 54.0.2669.49432 is vulnerable to a sandboxed cross-origin iframe bypass attack. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Google Opera
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-8817 MEDIUM This Month

A validation issue was addressed with improved input sanitization. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Mac Os X
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2019-8798 MEDIUM This Month

A memory corruption issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Memory Corruption Ipados +4
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-8794 MEDIUM This Month

A validation issue was addressed with improved input sanitization. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os Mac Os X +2
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2019-8793 MEDIUM This Month

A consistency issue existed in deciding when to show the screen recording indicator. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-8789 MEDIUM This Month

A validation issue existed in the handling of symlinks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os Mac Os X
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2019-8770 MEDIUM This Month

The issue was addressed with improved permissions logic. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Mac Os X
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2019-8731 MEDIUM This Month

A permissions issue existed in which execute permission was incorrectly granted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Apple Iphone Os
NVD
CVSS 3.1
5.5
EPSS
0.8%
Prev Page 6 of 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy