| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-4340 | Hig | 0.53 | 8.2 | 0.02 | Aug 20, 2019 | IBM Security Guardium Big Data Intelligence 4.0 (SonarG) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID:… | ||
| CVE-2019-4338 | Hig | 0.49 | 7.5 | 0.02 | Aug 20, 2019 | IBM Security Guardium Big Data Intelligence 4.0 (SonarG) does not properly restrict the size or amount of resources that are requested or influenced by an actor. This weakness can be used to consume more resources than intended. IBM X-Force ID: 161417. | ||
| CVE-2019-2134 | Hig | 0.51 | 7.8 | 0.01 | Aug 20, 2019 | In phFriNfc_ExtnsTransceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product:… | ||
| CVE-2019-2133 | Hig | 0.51 | 7.8 | 0.01 | Aug 20, 2019 | In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.… | ||
| CVE-2019-2132 | Hig | 0.51 | 7.8 | 0.01 | Aug 20, 2019 | It is possible to overlay the VPN dialog by a malicious application. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2… | ||
| CVE-2019-2131 | Hig | 0.51 | 7.8 | 0.01 | Aug 20, 2019 | An application with overlay permission can display overlays on top of settings UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1… | ||
| CVE-2019-2128 | Hig | 0.51 | 7.8 | 0.00 | Aug 20, 2019 | In ACELP_4t64_fx of c4t64fx.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions:… | ||
| CVE-2019-2127 | Hig | 0.51 | 7.8 | 0.00 | Aug 20, 2019 | In AudioInputDescriptor::setClientActive of AudioInputDescriptor.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.… | ||
| CVE-2019-2126 | Hig | 0.58 | 8.8 | 0.05 | Aug 20, 2019 | In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.… | ||
| CVE-2019-2125 | Hig | 0.47 | 7.3 | 0.00 | Aug 20, 2019 | In ChangeDefaultDialerDialog.java, there is a possible escalation of privilege due to an overlay attack. This could lead to local escalation of privilege, granting privileges to a local app without the user's informed consent, with no additional privileges needed. User… | ||
| CVE-2019-2122 | Hig | 0.47 | 7.3 | 0.00 | Aug 20, 2019 | In LockTaskController.lockKeyguardIfNeeded of the LockTaskController.java, there was a difference in the handling of the default case between the WindowManager and the Settings. This could lead to a local escalation of privilege with no additional execution privileges needed.… | ||
| CVE-2019-2121 | Hig | 0.46 | 7.0 | 0.00 | Aug 20, 2019 | In ActivityManagerService.attachApplication of ActivityManagerService, there is a possible race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android.… | ||
| CVE-2019-2120 | Hig | 0.51 | 7.8 | 0.00 | Aug 20, 2019 | In OatFileAssistant::GenerateOatFile of oat_file_assistant.cc, there is a possible file corruption issue due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2019-13520 | Hig | 0.51 | 7.8 | 0.03 | Aug 20, 2019 | Multiple buffer overflow issues have been identified in Alpha5 Smart Loader: All versions prior to 4.2. An attacker could use specially crafted project files to overflow the buffer and execute code under the privileges of the application. | ||
| CVE-2019-11924 | Hig | 0.00 | 7.5 | 0.02 | Aug 20, 2019 | A peer could send empty handshake fragments containing only padding which would be kept in memory until a full handshake was received, resulting in memory exhaustion. This issue affects versions v2019.01.28.00 and above of fizz, until v2019.08.05.00. | ||
| CVE-2019-4460 | Hig | 0.49 | 7.5 | 0.03 | Aug 20, 2019 | IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID:… | ||
| CVE-2019-4433 | Hig | 0.54 | 8.2 | 0.04 | Aug 20, 2019 | IBM InfoSphere Global Name Management 5.0 and 6.0 and IBM InfoSphere Identity Insight 8.1 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or… | ||
| CVE-2019-4419 | Hig | 0.53 | 8.2 | 0.02 | Aug 20, 2019 | IBM Intelligent Operations Center V5.1.0 through V5.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162737. | ||
| CVE-2019-4402 | Hig | 0.49 | 7.5 | 0.02 | Aug 20, 2019 | IBM API Connect 2018.1 through 2018.4.1.6 developer portal could allow an unauthorized user to cause a denial of service via an unprotected API. IBM X-Force ID: 162263. | ||
| CVE-2019-4310 | Hig | 0.49 | 7.5 | 0.02 | Aug 20, 2019 | IBM Security Guardium Big Data Intelligence 4.0 (SonarG) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161036. | ||
| CVE-2019-4294 | Hig | 0.51 | 7.8 | 0.01 | Aug 20, 2019 | IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the system, caused by a command injection… | ||
| CVE-2019-4253 | Hig | 0.51 | 7.8 | 0.00 | Aug 20, 2019 | IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local privileged Informix user to load a malicious shared library and gain root access privileges. IBM X-Force ID: 159941. | ||
| CVE-2019-4117 | Hig | 0.57 | 8.8 | 0.01 | Aug 20, 2019 | IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158116. | ||
| CVE-2019-3968 | Hig | 0.58 | 8.8 | 0.10 | Aug 20, 2019 | In OpenEMR 5.0.1 and earlier, an authenticated attacker can execute arbitrary commands on the host system via the Scanned Forms interface when creating a new form. | ||
| CVE-2019-10745 | — | Hig | 0.42 | 7.5 | 0.01 | Aug 20, 2019 | assign-deep is vulnerable to Prototype Pollution in versions before 0.4.8 and version 1.0.0. The function assign-deep could be tricked into adding or modifying properties of Object.prototype using either a constructor or a _proto_ payload. | |
| CVE-2018-1796 | Hig | 0.51 | 7.8 | 0.00 | Aug 20, 2019 | IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user to load malicious libraries and gain root privileges. IBM X-Force ID: 149426. | ||
| CVE-2019-11209 | Hig | 0.57 | 8.8 | 0.01 | Aug 20, 2019 | The realm configuration component of TIBCO Software Inc.'s TIBCO FTL Community Edition, TIBCO FTL Developer Edition, TIBCO FTL Enterprise Edition contains a vulnerability that theoretically fails to properly enforce access controls. This issue affects TIBCO FTL Community Edition… | ||
| CVE-2017-18523 | Hig | 0.57 | 8.8 | 0.01 | Aug 20, 2019 | The eelv-newsletter plugin before 4.6.1 for WordPress has CSRF in the address book. | ||
| CVE-2019-15238 | Hig | 0.57 | 8.8 | 0.01 | Aug 20, 2019 | The cforms2 plugin before 15.0.2 for WordPress has CSRF related to the IP address field. | ||
| CVE-2017-18569 | Hig | 0.57 | 8.8 | 0.01 | Aug 20, 2019 | The my-wp-translate plugin before 1.0.4 for WordPress has CSRF. | ||
| CVE-2016-10915 | Hig | 0.57 | 8.8 | 0.01 | Aug 20, 2019 | The popup-by-supsystic plugin before 1.7.9 for WordPress has CSRF. | ||
| CVE-2016-10914 | Hig | 0.57 | 8.8 | 0.01 | Aug 20, 2019 | The add-from-server plugin before 3.3.2 for WordPress has CSRF for importing a large file. | ||
| CVE-2015-9331 | Hig | 0.49 | 7.5 | 0.01 | Aug 20, 2019 | The wp-all-import plugin before 3.2.4 for WordPress has no prevention of unauthenticated requests to adminInit. | ||
| CVE-2015-9318 | Hig | 0.49 | 7.5 | 0.01 | Aug 20, 2019 | The awesome-support plugin before 3.1.7 for WordPress has a security issue in which shortcodes are allowed in replies. | ||
| CVE-2014-10381 | Hig | 0.57 | 8.8 | 0.01 | Aug 20, 2019 | The user-domain-whitelist plugin before 1.5 for WordPress has CSRF. | ||
| CVE-2011-5328 | Hig | 0.57 | 8.8 | 0.01 | Aug 20, 2019 | The user-access-manager plugin before 1.2 for WordPress has CSRF. | ||
| CVE-2019-14687 | Hig | 0.51 | 7.8 | 0.02 | Aug 20, 2019 | A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. This process is very similar, yet not identical to CVE-2019-14684. | ||
| CVE-2019-14684 | Hig | 0.51 | 7.8 | 0.01 | Aug 20, 2019 | A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. This process is very similar, yet not identical to CVE-2019-14687. | ||
| CVE-2019-11521 | Hig | 0.53 | 8.1 | 0.02 | Aug 20, 2019 | OX App Suite 7.10.1 allows Content Spoofing. | ||
| CVE-2019-12889 | Hig | 0.46 | 7.0 | 0.01 | Aug 20, 2019 | An unauthenticated privilege escalation exists in SailPoint Desktop Password Reset 7.2. A user with local access to only the Windows logon screen can escalate their privileges to NT AUTHORITY\System. An attacker would need local access to the machine for a successful exploit.… | ||
| CVE-2019-15239 | Hig | 0.00 | 7.8 | 0.01 | Aug 20, 2019 | In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to be fixed by… | ||
| CVE-2019-15237 | Hig | 0.48 | 7.4 | 0.01 | Aug 20, 2019 | Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks. | ||
| CVE-2019-15229 | Hig | 0.57 | 8.8 | 0.01 | Aug 20, 2019 | FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page. | ||
| CVE-2019-15225 | Hig | 0.49 | 7.5 | 0.03 | Aug 19, 2019 | In Envoy through 1.11.1, users may configure a route to match incoming path headers via the libstdc++ regular expression implementation. A remote attacker may send a request with a very long URI to result in a denial of service (memory consumption). This is a related issue to… | ||
| CVE-2019-11163 | Hig | 0.51 | 7.8 | 0.00 | Aug 19, 2019 | Insufficient access control in a hardware abstraction driver for Intel(R) Processor Identification Utility for Windows before version 6.1.0731 may allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local… | ||
| CVE-2019-11162 | Hig | 0.51 | 7.8 | 0.00 | Aug 19, 2019 | Insufficient access control in hardware abstraction in SEMA driver for Intel(R) Computing Improvement Program before version 2.4.0.04733 may allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local access. | ||
| CVE-2019-11148 | Hig | 0.51 | 7.8 | 0.00 | Aug 19, 2019 | Improper permissions in the installer for Intel(R) Remote Displays SDK before version 2.0.1 R2 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2019-11146 | Hig | 0.51 | 7.8 | 0.00 | Aug 19, 2019 | Improper file verification in Intel® Driver & Support Assistant before 19.7.30.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2019-11145 | Hig | 0.51 | 7.8 | 0.00 | Aug 19, 2019 | Improper file verification in Intel® Driver & Support Assistant before 19.7.30.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2019-0173 | Hig | 0.49 | 7.6 | 0.01 | Aug 19, 2019 | Authentication bypass in the web console for Intel(R) Raid Web Console 2 all versions may allow an unauthenticated attacker to potentially enable disclosure of information via network access. |
- risk 0.53cvss 8.2epss 0.02
IBM Security Guardium Big Data Intelligence 4.0 (SonarG) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID:…
- risk 0.49cvss 7.5epss 0.02
IBM Security Guardium Big Data Intelligence 4.0 (SonarG) does not properly restrict the size or amount of resources that are requested or influenced by an actor. This weakness can be used to consume more resources than intended. IBM X-Force ID: 161417.
- risk 0.51cvss 7.8epss 0.01
In phFriNfc_ExtnsTransceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product:…
- risk 0.51cvss 7.8epss 0.01
In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.…
- risk 0.51cvss 7.8epss 0.01
It is possible to overlay the VPN dialog by a malicious application. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2…
- risk 0.51cvss 7.8epss 0.01
An application with overlay permission can display overlays on top of settings UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1…
- risk 0.51cvss 7.8epss 0.00
In ACELP_4t64_fx of c4t64fx.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions:…
- risk 0.51cvss 7.8epss 0.00
In AudioInputDescriptor::setClientActive of AudioInputDescriptor.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.…
- risk 0.58cvss 8.8epss 0.05
In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.…
- risk 0.47cvss 7.3epss 0.00
In ChangeDefaultDialerDialog.java, there is a possible escalation of privilege due to an overlay attack. This could lead to local escalation of privilege, granting privileges to a local app without the user's informed consent, with no additional privileges needed. User…
- risk 0.47cvss 7.3epss 0.00
In LockTaskController.lockKeyguardIfNeeded of the LockTaskController.java, there was a difference in the handling of the default case between the WindowManager and the Settings. This could lead to a local escalation of privilege with no additional execution privileges needed.…
- risk 0.46cvss 7.0epss 0.00
In ActivityManagerService.attachApplication of ActivityManagerService, there is a possible race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android.…
- risk 0.51cvss 7.8epss 0.00
In OatFileAssistant::GenerateOatFile of oat_file_assistant.cc, there is a possible file corruption issue due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…
- risk 0.51cvss 7.8epss 0.03
Multiple buffer overflow issues have been identified in Alpha5 Smart Loader: All versions prior to 4.2. An attacker could use specially crafted project files to overflow the buffer and execute code under the privileges of the application.
- risk 0.00cvss 7.5epss 0.02
A peer could send empty handshake fragments containing only padding which would be kept in memory until a full handshake was received, resulting in memory exhaustion. This issue affects versions v2019.01.28.00 and above of fizz, until v2019.08.05.00.
- risk 0.49cvss 7.5epss 0.03
IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID:…
- risk 0.54cvss 8.2epss 0.04
IBM InfoSphere Global Name Management 5.0 and 6.0 and IBM InfoSphere Identity Insight 8.1 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or…
- risk 0.53cvss 8.2epss 0.02
IBM Intelligent Operations Center V5.1.0 through V5.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162737.
- risk 0.49cvss 7.5epss 0.02
IBM API Connect 2018.1 through 2018.4.1.6 developer portal could allow an unauthorized user to cause a denial of service via an unprotected API. IBM X-Force ID: 162263.
- risk 0.49cvss 7.5epss 0.02
IBM Security Guardium Big Data Intelligence 4.0 (SonarG) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161036.
- risk 0.51cvss 7.8epss 0.01
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the system, caused by a command injection…
- risk 0.51cvss 7.8epss 0.00
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local privileged Informix user to load a malicious shared library and gain root access privileges. IBM X-Force ID: 159941.
- risk 0.57cvss 8.8epss 0.01
IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158116.
- risk 0.58cvss 8.8epss 0.10
In OpenEMR 5.0.1 and earlier, an authenticated attacker can execute arbitrary commands on the host system via the Scanned Forms interface when creating a new form.
- risk 0.42cvss 7.5epss 0.01
assign-deep is vulnerable to Prototype Pollution in versions before 0.4.8 and version 1.0.0. The function assign-deep could be tricked into adding or modifying properties of Object.prototype using either a constructor or a _proto_ payload.
- risk 0.51cvss 7.8epss 0.00
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user to load malicious libraries and gain root privileges. IBM X-Force ID: 149426.
- risk 0.57cvss 8.8epss 0.01
The realm configuration component of TIBCO Software Inc.'s TIBCO FTL Community Edition, TIBCO FTL Developer Edition, TIBCO FTL Enterprise Edition contains a vulnerability that theoretically fails to properly enforce access controls. This issue affects TIBCO FTL Community Edition…
- risk 0.57cvss 8.8epss 0.01
The eelv-newsletter plugin before 4.6.1 for WordPress has CSRF in the address book.
- risk 0.57cvss 8.8epss 0.01
The cforms2 plugin before 15.0.2 for WordPress has CSRF related to the IP address field.
- risk 0.57cvss 8.8epss 0.01
The my-wp-translate plugin before 1.0.4 for WordPress has CSRF.
- risk 0.57cvss 8.8epss 0.01
The popup-by-supsystic plugin before 1.7.9 for WordPress has CSRF.
- risk 0.57cvss 8.8epss 0.01
The add-from-server plugin before 3.3.2 for WordPress has CSRF for importing a large file.
- risk 0.49cvss 7.5epss 0.01
The wp-all-import plugin before 3.2.4 for WordPress has no prevention of unauthenticated requests to adminInit.
- risk 0.49cvss 7.5epss 0.01
The awesome-support plugin before 3.1.7 for WordPress has a security issue in which shortcodes are allowed in replies.
- risk 0.57cvss 8.8epss 0.01
The user-domain-whitelist plugin before 1.5 for WordPress has CSRF.
- risk 0.57cvss 8.8epss 0.01
The user-access-manager plugin before 1.2 for WordPress has CSRF.
- risk 0.51cvss 7.8epss 0.02
A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. This process is very similar, yet not identical to CVE-2019-14684.
- risk 0.51cvss 7.8epss 0.01
A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. This process is very similar, yet not identical to CVE-2019-14687.
- risk 0.53cvss 8.1epss 0.02
OX App Suite 7.10.1 allows Content Spoofing.
- risk 0.46cvss 7.0epss 0.01
An unauthenticated privilege escalation exists in SailPoint Desktop Password Reset 7.2. A user with local access to only the Windows logon screen can escalate their privileges to NT AUTHORITY\System. An attacker would need local access to the machine for a successful exploit.…
- risk 0.00cvss 7.8epss 0.01
In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to be fixed by…
- risk 0.48cvss 7.4epss 0.01
Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks.
- risk 0.57cvss 8.8epss 0.01
FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page.
- risk 0.49cvss 7.5epss 0.03
In Envoy through 1.11.1, users may configure a route to match incoming path headers via the libstdc++ regular expression implementation. A remote attacker may send a request with a very long URI to result in a denial of service (memory consumption). This is a related issue to…
- risk 0.51cvss 7.8epss 0.00
Insufficient access control in a hardware abstraction driver for Intel(R) Processor Identification Utility for Windows before version 6.1.0731 may allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local…
- risk 0.51cvss 7.8epss 0.00
Insufficient access control in hardware abstraction in SEMA driver for Intel(R) Computing Improvement Program before version 2.4.0.04733 may allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local access.
- risk 0.51cvss 7.8epss 0.00
Improper permissions in the installer for Intel(R) Remote Displays SDK before version 2.0.1 R2 may allow an authenticated user to potentially enable escalation of privilege via local access.
- risk 0.51cvss 7.8epss 0.00
Improper file verification in Intel® Driver & Support Assistant before 19.7.30.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
- risk 0.51cvss 7.8epss 0.00
Improper file verification in Intel® Driver & Support Assistant before 19.7.30.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
- risk 0.49cvss 7.6epss 0.01
Authentication bypass in the web console for Intel(R) Raid Web Console 2 all versions may allow an unauthenticated attacker to potentially enable disclosure of information via network access.