Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-06-13 | CVE-2019-12802 | Use After Free vulnerability in multiple products In radare2 through 3.5.1, the rcc_context function of libr/egg/egg_lang.c mishandles changing context. | 7.8 |
2019-06-13 | CVE-2019-10959 | Unrestricted Upload of File with Dangerous Type vulnerability in BD products BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build 11, 1.2 Build 15, 1.3.0 Build 14, 1.3.1 Build 13, This does not impact the latest firmware Versions 1.3.2 and 1.6.1, Additionally, the following products using software Version 2.3.6 and below, Alaris GS, Alaris GH, Alaris CC, Alaris TIVA, The application does not restrict the upload of malicious files during a firmware update. | 7.5 |
2019-06-13 | CVE-2019-12799 | Deserialization of Untrusted Data vulnerability in Shopware In createInstanceFromNamedArguments in Shopware through 5.6.x, a crafted web request can trigger a PHP object instantiation vulnerability, which can result in an arbitrary deserialization if the right class is instantiated. | 8.8 |
2019-06-13 | CVE-2019-7321 | Use of Uninitialized Resource vulnerability in Artifex Mupdf 1.14.0 Usage of an uninitialized variable in the function fz_load_jpeg in Artifex MuPDF 1.14 can result in a heap overflow vulnerability that allows an attacker to execute arbitrary code. | 7.5 |
2019-06-13 | CVE-2019-11117 | Unspecified vulnerability in Intel Omni-Path Fabric Manager GUI Improper permissions in the installer for Intel(R) Omni-Path Fabric Manager GUI before version 10.9.2.1.1 may allow an authenticated user to potentially enable escalation of privilege via local attack. | 7.8 |
2019-06-13 | CVE-2019-0164 | Permissions, Privileges, and Access Controls vulnerability in multiple products Improper permissions in the installer for Intel(R) Turbo Boost Max Technology 3.0 driver version 1.0.0.1035 and before may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.3 |
2019-06-13 | CVE-2019-0130 | Cross-site Scripting vulnerability in multiple products Reflected XSS in web interface for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an unauthenticated user to potentially enable denial of service via network access. | 7.4 |
2019-06-13 | CVE-2019-0128 | Permissions, Privileges, and Access Controls vulnerability in Intel Chipset Device Software Improper permissions in the installer for Intel(R) Chipset Device Software (INF Update Utility) before version 10.1.1.45 may allow an authenticated user to escalate privilege via local access. | 7.8 |
2019-06-13 | CVE-2018-3702 | Incorrect Permission Assignment for Critical Resource vulnerability in Intel ITE Tech Consumer Infrared Driver Improper permissions in the installer for the ITE Tech* Consumer Infrared Driver for Windows 10 versions before 5.4.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2019-06-13 | CVE-2018-12147 | Improper Input Validation vulnerability in Intel products Insufficient input validation in HECI subsystem in Intel(R) CSME before version 11.21.55, Intel® Server Platform Services before version 4.0 and Intel® Trusted Execution Engine Firmware before version 3.1.55 may allow a privileged user to potentially enable escalation of privileges via local access. | 7.2 |