# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
2351 |
CVE-2019-11129 |
125 |
|
DoS |
2019-06-13 |
2019-06-20 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Out of bound read/write in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. |
2352 |
CVE-2019-11128 |
20 |
|
DoS |
2019-06-13 |
2019-06-24 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Insufficient input validation in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. |
2353 |
CVE-2019-11127 |
119 |
|
DoS Overflow |
2019-06-13 |
2019-06-24 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Buffer overflow in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. |
2354 |
CVE-2019-11126 |
119 |
|
DoS Overflow |
2019-06-13 |
2019-06-24 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Pointer corruption in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. |
2355 |
CVE-2019-11125 |
20 |
|
DoS |
2019-06-13 |
2019-06-24 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Insufficient input validation in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. |
2356 |
CVE-2019-11124 |
125 |
|
DoS |
2019-06-13 |
2019-06-24 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Out of bound read/write in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. |
2357 |
CVE-2019-11123 |
20 |
|
DoS |
2019-06-13 |
2019-06-24 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Insufficient session validation in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. |
2358 |
CVE-2019-11117 |
275 |
|
|
2019-06-13 |
2019-06-17 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Improper permissions in the installer for Intel(R) Omni-Path Fabric Manager GUI before version 10.9.2.1.1 may allow an authenticated user to potentially enable escalation of privilege via local attack. |
2359 |
CVE-2019-11114 |
20 |
|
DoS |
2019-05-17 |
2019-05-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Insufficient input validation in Intel(R) Driver & Support Assistant version 19.3.12.3 and before may allow a privileged user to potentially enable denial of service via local access. |
2360 |
CVE-2019-11095 |
284 |
|
|
2019-05-17 |
2019-05-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Insufficient access control in Intel(R) Driver & Support Assistant version 19.3.12.3 and before may allow a privileged user to potentially enable information disclosure via local access. |
2361 |
CVE-2019-11094 |
20 |
|
DoS |
2019-05-17 |
2019-05-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Insufficient input validation in system firmware for Intel (R) NUC Kit may allow an authenticated user to potentially enable escalation of privilege, denial of service, and/or information disclosure via local access. |
2362 |
CVE-2019-11093 |
264 |
|
|
2019-05-17 |
2019-05-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Unquoted service path in the installer for the Intel(R) SCS Discovery Utility version 12.0.0.129 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access. |
2363 |
CVE-2019-11092 |
254 |
|
|
2019-06-13 |
2019-06-14 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. |
2364 |
CVE-2019-11091 |
200 |
|
Exec Code +Info |
2019-05-30 |
2019-06-11 |
4.7 |
None |
Local |
Medium |
Not required |
Complete |
None |
None |
Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf |
2365 |
CVE-2019-11085 |
20 |
|
|
2019-05-17 |
2019-05-31 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
2366 |
CVE-2019-11084 |
79 |
|
XSS |
2019-04-18 |
2019-04-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
GAuth 0.9.9 beta has stored XSS that shows a popup repeatedly and discloses cookies. |
2367 |
CVE-2019-11082 |
22 |
|
Dir. Trav. |
2019-05-10 |
2019-05-10 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
core/api/datasets/internal/actions/Explode.java in the Dataset API in DKPro Core through 1.10.0 allows Directory Traversal, resulting in the overwrite of local files with the contents of an archive. |
2368 |
CVE-2019-11078 |
352 |
|
CSRF |
2019-04-10 |
2019-04-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
MKCMS V5.0 has a CSRF vulnerability to add a new admin user via the ucenter/userinfo.php URI. |
2369 |
CVE-2019-11077 |
352 |
|
CSRF |
2019-04-10 |
2019-10-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
FastAdmin V1.0.0.20190111_beta has a CSRF vulnerability to add a new admin user via the admin/auth/admin/add?dialog=1 URI. |
2370 |
CVE-2019-11071 |
20 |
|
Exec Code |
2019-04-10 |
2019-05-02 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated visitors to execute arbitrary code on the host server because var_memotri is mishandled. |
2371 |
CVE-2019-11070 |
19 |
|
|
2019-04-10 |
2019-05-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded. |
2372 |
CVE-2019-11069 |
20 |
|
|
2019-04-10 |
2019-04-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Sequelize version 5 before 5.3.0 does not properly ensure that standard conforming strings are used. |
2373 |
CVE-2019-11065 |
254 |
|
|
2019-04-09 |
2019-05-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site. |
2374 |
CVE-2019-11064 |
255 |
|
|
2019-08-28 |
2019-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
A vulnerability of remote credential disclosure was discovered in Advan VD-1 firmware versions up to 230. An attacker can export system configuration which is not encrypted to get the administrator?s account and password in plain text via cgibin/ExportSettings.cgi?Export=1 without any authentication. |
2375 |
CVE-2019-11061 |
284 |
|
|
2019-08-28 |
2019-09-04 |
4.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
None |
A broken access control vulnerability in HG100 firmware versions up to 4.00.06 allows an attacker in the same local area network to control IoT devices that connect with itself via http://[target]/smarthome/devicecontrol without any authentication. CVSS 3.0 base score 10 (Confidentiality, Integrity and Availability impacts). CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). |
2376 |
CVE-2019-11057 |
89 |
|
Exec Code Sql |
2019-05-17 |
2019-05-20 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
SQL injection vulnerability in Vtiger CRM before 7.1.0 hotfix3 allows authenticated users to execute arbitrary SQL commands. |
2377 |
CVE-2019-11042 |
119 |
|
Overflow |
2019-08-09 |
2019-08-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. |
2378 |
CVE-2019-11041 |
119 |
|
Overflow |
2019-08-09 |
2019-08-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. |
2379 |
CVE-2019-11040 |
119 |
|
Overflow |
2019-06-18 |
2019-06-20 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. |
2380 |
CVE-2019-11039 |
125 |
|
Overflow |
2019-06-18 |
2019-06-20 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash. |
2381 |
CVE-2019-11038 |
20 |
|
|
2019-06-18 |
2019-08-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code. |
2382 |
CVE-2019-11036 |
119 |
|
Overflow |
2019-05-03 |
2019-06-05 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash. |
2383 |
CVE-2019-11035 |
119 |
|
Overflow |
2019-04-18 |
2019-06-03 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash. |
2384 |
CVE-2019-11034 |
119 |
|
Overflow |
2019-04-18 |
2019-06-03 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash. |
2385 |
CVE-2019-11033 |
79 |
|
XSS |
2019-05-16 |
2019-05-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Applaud HCM 4.0.42+ uses HTML tag fields for HTML inputs in a form. This leads to an XSS vulnerability with a payload starting with the <iframe./> substring. |
2386 |
CVE-2019-11032 |
79 |
|
XSS |
2019-04-24 |
2019-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
In EasyToRecruit (E2R) before 2.11, the upload feature and the Candidate Profile Management feature are prone to Cross Site Scripting (XSS) injection in multiple locations. |
2387 |
CVE-2019-11029 |
22 |
|
Dir. Trav. |
2019-08-22 |
2019-08-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Download() method of AutoUpdateService in SMServer.exe, leading to Directory Traversal. An attacker could use ..\ with this method to iterate over lists of interesting system files and download them without previous authentication. This includes SAM-database backups, Web.config files, etc. and might cause a serious impact on confidentiality. |
2388 |
CVE-2019-11028 |
434 |
|
|
2019-04-09 |
2019-05-03 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
GAT-Ship Web Module before 1.40 suffers from a vulnerability allowing authenticated attackers to upload any file type to the server via the "Documents" area. This vulnerability is related to "uploadDocFile.aspx". |
2389 |
CVE-2019-11026 |
400 |
|
|
2019-04-08 |
2019-05-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc. |
2390 |
CVE-2019-11025 |
79 |
|
XSS |
2019-04-08 |
2019-04-16 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
In clearFilter() in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string (SNMP Options) in the View poller cache, leading to XSS. |
2391 |
CVE-2019-11024 |
20 |
|
|
2019-04-08 |
2019-04-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The load_pnm function in frompnm.c in libsixel.a in libsixel 1.8.2 has infinite recursion. |
2392 |
CVE-2019-11023 |
476 |
|
|
2019-04-08 |
2019-05-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv. |
2393 |
CVE-2019-11020 |
200 |
|
+Info |
2019-07-09 |
2019-07-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Lack of authentication in file-viewing components in DDRT Dashcom Live 2019-05-09 allows anyone to remotely access all claim details by visiting easily guessable dashboard/uploads/claim_files/claim_id_ URLs. |
2394 |
CVE-2019-11019 |
200 |
|
+Info |
2019-07-09 |
2019-07-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Lack of authentication in case-exporting components in DDRT Dashcom Live through 2019-05-08 allows anyone to remotely access all claim details by visiting easily guessable exportpdf/all_claim_detail.php?claim_id= URLs. |
2395 |
CVE-2019-11018 |
255 |
|
|
2019-04-08 |
2019-04-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
application\admin\controller\User.php in ThinkAdmin V4.0 does not prevent continued use of an administrator's cookie-based credentials after a password change. |
2396 |
CVE-2019-11017 |
79 |
|
XSS |
2019-04-18 |
2019-04-19 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
On D-Link DI-524 V2.06RU devices, multiple Stored and Reflected XSS vulnerabilities were found in the Web Configuration: /spap.htm, /smap.htm, and /cgi-bin/smap, as demonstrated by the cgi-bin/smap RC parameter. |
2397 |
CVE-2019-11016 |
601 |
|
|
2019-04-08 |
2019-04-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
Elgg before 1.12.18 and 2.3.x before 2.3.11 has an open redirect. |
2398 |
CVE-2019-11015 |
255 |
|
Bypass |
2019-04-18 |
2019-04-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
A vulnerability was found in the MIUI OS version 10.1.3.0 that allows a physically proximate attacker to bypass Lockscreen based authentication via the Wallpaper Carousel application to obtain sensitive Clipboard data and the user's stored credentials (partially). This occurs because of paste access to a social media login page. |
2399 |
CVE-2019-11013 |
22 |
|
Dir. Trav. |
2019-08-22 |
2019-08-27 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
Nimble Streamer 3.0.2-2 through 3.5.4-9 has a ../ directory traversal vulnerability. Successful exploitation could allow an attacker to traverse the file system to access files or directories that are outside of the restricted directory on the remote server. |
2400 |
CVE-2019-11010 |
399 |
|
DoS |
2019-04-08 |
2019-05-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file. |