Security Vulnerabilities - CVEs Published In 2019
Omron’s CS and CJ series PLCs have an unrestricted externally accessible lock vulnerability.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-12-16
Settings for the Dell XPS 13 2-in-1 (7390) BIOS versions prior to 1.1.3 contain a configuration vulnerability. The BIOS configuration for the "Enable Thunderbolt (and PCIe behind TBT) pre-boot modules" setting is enabled by default. A local unauthenticated attacker with physical access to a user's system can obtain read or write access to main memory via a DMA attack during platform boot.
CVSS Score
7.6
EPSS Score
0.002
Published
2019-12-16
Improper permissions in the Intel(R) Dynamic Platform and Thermal Framework v8.3.10208.5643 and before may allow an authenticated user to potentially execute code at an elevated level of privilege.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-12-16
Insufficient memory protection in the Linux Administrative Tools for Intel(R) Network Adapters before version 24.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Score
7.8
EPSS Score
0.004
Published
2019-12-16
In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted "bin" keys. Existing files could be overwritten depending on the current user permission set.
CVSS Score
7.8
EPSS Score
0.006
Published
2019-12-16
Insufficient memory protection for Intel(R) Ethernet I218 Adapter driver for Windows* 10 before version 24.1 may allow an authenticated user to potentially enable information disclosure via local access.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-12-16
Improper conditions check in voltage settings for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege and/or information disclosure via local access.
CVSS Score
6.7
EPSS Score
0.003
Published
2019-12-16
Improper conditions check in the Linux kernel driver for the Intel(R) FPGA SDK for OpenCL(TM) Pro Edition before version 19.4 may allow an authenticated user to potentially enable denial of service via local access.
CVSS Score
5.5
EPSS Score
0.002
Published
2019-12-16
In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, an attacker could monitor traffic between the PLC and the controller and replay requests that could result in the opening and closing of industrial valves.
CVSS Score
8.1
EPSS Score
0.003
Published
2019-12-16
Improper permissions in the executable for Intel(R) RST before version 17.7.0.1006 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Score
7.8
EPSS Score
0.003
Published
2019-12-16