Recent vulnerabilities and exploits

8.8
CVSSv3
CVE-2019-12181

A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux....

NA
CVE-2019-13991

Embedded systems based on Arduino before Rev3 allow remote attackers to send data to LEDs (directly connected to GPIO pins) via a laser, because of LED photosensitivity....

NA
CVE-2019-7590

ExacqVision Server?s services 'exacqVisionServer', 'dvrdhcpserver' and 'mdnsresponder' have an unquoted service path. If an authenticated user is able to insert code in their system root path it potentially can be executed during the application...

NA
CVE-2019-5680

In NVIDIA Jetson TX1 L4T R32 version branch prior to R32.2, Tegra bootloader contains a vulnerability in nvtboot in which the nvtboot-cpu image is loaded without the load address first being validated, which may lead to code execution, denial of service, or escalation of...

NA
CVE-2019-13989

dpic 2019.06.20 has a Stack-based Buffer Overflow in the wfloat() function in main.c....

NA
CVE-2019-12889

#CVE-2019-12889 Steps to reproduce: At the login screen, disconnect from the office network and join any other Wi-Fi Internet access point. Then select Forgot Password. A browser window will pop up but fail to connect to the password reset intranet site and display an error...

8.6
CVSSv3
CVE-2016-10745

In Pallets Jinja before 2.8.1, str.format allows a sandbox escape....

NA
CVE-2019-12820

A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner. Actions performed on the app such as changing a password, and personal information it communicates with the server, use unencrypted HTTP. As an example, while logging in through the app to...

NA
CVE-2019-12821

A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner, while adding a device to the account using a QR-code. The QR-code follows an easily predictable pattern that depends only on the specific device ID of the robot vacuum cleaner. By...

5.5
CVSSv3
CVE-2019-5765

An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted Intent....