Security Vulnerabilities - CVEs Published In June 2019
Insufficient session validation in the service API for Intel(R) RWC3 version 4.186 and before may allow an unauthenticated user to potentially enable escalation of privilege via network access.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-06-13
Insufficient session validation in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
CVSS Score
6.7
EPSS Score
0.001
Published
2019-06-13
Out of bound read/write in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
CVSS Score
6.7
EPSS Score
0.001
Published
2019-06-13
Insufficient input validation in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
CVSS Score
6.7
EPSS Score
0.001
Published
2019-06-13
Pointer corruption in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
CVSS Score
6.7
EPSS Score
0.001
Published
2019-06-13
Buffer overflow in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
CVSS Score
6.7
EPSS Score
0.001
Published
2019-06-13
Insufficient input validation in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
CVSS Score
6.7
EPSS Score
0.001
Published
2019-06-13
Out of bound read/write in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
CVSS Score
6.7
EPSS Score
0.001
Published
2019-06-13
HiSuite 9.1.0.300 versions and earlier contains a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker's choosing that could execute arbitrary code.
CVSS Score
5.3
EPSS Score
0.001
Published
2019-06-13
There is a reflection XSS vulnerability in the HedEx products. Remote attackers send malicious links to users and trick users to click. Successfully exploit cloud allow the attacker to initiate XSS attacks. Affects HedEx Lite versions earlier than V200R006C00SPC007.
CVSS Score
6.1
EPSS Score
0.001
Published
2019-06-13