Skip to main content
CVE-2019-6296 CRITICAL POC Act Now

Cleanto 5.0 has SQL Injection via the assets/lib/export_ajax.php id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Cleanto
NVD GitHub
CVSS 3.0
9.8
EPSS
1.3%
CVE-2019-6295 CRITICAL POC Act Now

Cleanto 5.0 has SQL Injection via the assets/lib/service_method_ajax.php service_id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Cleanto
NVD GitHub
CVSS 3.0
9.8
EPSS
1.3%
CVE-2019-6294 HIGH POC This Week

An issue was discovered in EasyCMS 1.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Easycms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2019-6292 MEDIUM POC This Month

An issue was discovered in singledocparser.cpp in yaml-cpp (aka LibYaml-C++) 0.6.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Yaml Cpp
NVD GitHub
CVSS 3.0
6.5
EPSS
1.7%
CVE-2019-6267 MEDIUM POC This Month

The Premium WP Suite Easy Redirect Manager plugin 28.07-17 for WordPress has XSS via a crafted GET request that is mishandled during log viewing at the templates/admin/redirect-log.php URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Easy Redirect Manager
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2019-0007 CRITICAL Act Now

The vMX Series software uses a predictable IP ID Sequence Number. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos
NVD
CVSS 3.0
10.0
EPSS
1.7%
CVE-2019-3557 CRITICAL PATCH Act Now

The implementations of streams for bz2 and php://output improperly implemented their readImpl functions, returning -1 consistently. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Hhvm
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-0022 CRITICAL Act Now

Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full control of any installation of the software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Authentication Bypass Advanced Threat Prevention
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2019-0020 CRITICAL Act Now

Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full control of any installation of the software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Authentication Bypass Advanced Threat Prevention
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-0006 CRITICAL Act Now

A certain crafted HTTP packet can trigger an uninitialized function pointer deference vulnerability in the Packet Forwarding Engine manager (fxpc) on all EX, QFX and MX Series devices in a Virtual. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper RCE Junos
NVD
CVSS 3.1
9.8
EPSS
5.3%
CVE-2019-0002 CRITICAL Act Now

On EX2300 and EX3400 series, stateless firewall filter configuration that uses the action 'policer' in combination with other actions might not take effect. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2019-6293 MEDIUM POC This Month

An issue was discovered in the function mark_beginning_as_normal in nfa.c in flex 2.6.4. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Flex
NVD GitHub
CVSS 3.0
5.5
EPSS
1.6%
CVE-2019-6291 MEDIUM POC This Month

An issue was discovered in the function expr6 in eval.c in Netwide Assembler (NASM) through 2.14.02. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netwide Assembler
NVD
CVSS 3.0
5.5
EPSS
1.3%
CVE-2019-6290 MEDIUM POC This Month

An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netwide Assembler
NVD
CVSS 3.0
5.5
EPSS
1.3%
CVE-2019-0017 HIGH This Week

The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading of malicious images or scripts, or other content types. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper File Upload Junos Space
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2019-6289 HIGH This Week

uploads/include/dialog/select_soft.php in DedeCMS V57_UTF8_SP2 allows remote attackers to execute arbitrary PHP code by uploading with a safe file extension and then renaming with a mixed-case. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP RCE Dedecms
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2019-0029 HIGH This Week

Juniper ATP Series Splunk credentials are logged in a file readable by authenticated local users. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Juniper Splunk Information Disclosure Advanced Threat Prevention
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2019-0014 HIGH PATCH This Week

On QFX and PTX Series, receipt of a malformed packet for J-Flow sampling might crash the FPC (Flexible PIC Concentrator) process which causes all interfaces to go down. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Juniper Denial Of Service Junos
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2019-0013 HIGH PATCH This Week

The routing protocol daemon (RPD) process will crash and restart when a specific invalid IPv4 PIM Join packet is received. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Juniper Denial Of Service Junos
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2019-0012 HIGH PATCH This Week

A Denial of Service (DoS) vulnerability in BGP in Juniper Networks Junos OS configured as a VPLS PE allows an attacker to craft a specific BGP message to cause the routing protocol daemon (rpd). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-0010 HIGH This Week

An SRX Series Service Gateway configured for Unified Threat Management (UTM) may experience a system crash with the error message "mbuf exceed" -- an indication of memory buffer exhaustion -- due to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.0
7.5
EPSS
2.7%
CVE-2019-0001 HIGH This Week

Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon (bbe-smgd), and lead. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Fedora
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2019-0030 HIGH This Week

Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing of the password file contents.0 versions prior to 5.0.3. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper Information Disclosure Advanced Threat Prevention Firmware
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2019-0016 MEDIUM This Month

A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax interactions obtained from another legitimate delete. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos Space
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2019-0011 MEDIUM This Month

The Junos OS kernel crashes after processing a specific incoming packet to the out of band management interface (such as fxp0, me0, em0, vme0) destined for another address. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2019-3554 MEDIUM PATCH This Month

Wangle's AcceptRoutingHandler incorrectly casts a socket when accepting a TLS 1.3 connection, leading to a potential denial of service attack against systems accepting such connections. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Wangle
NVD GitHub
CVSS 3.0
5.9
EPSS
1.1%
CVE-2019-0003 MEDIUM This Month

When a specific BGP flowspec configuration is enabled and upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration, a reachable assertion failure occurs,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
5.9
EPSS
2.0%
CVE-2019-0021 MEDIUM This Month

On Juniper ATP, secret passphrase CLI inputs, such as "set mcm", are logged to /var/log/syslog in clear text, allowing authenticated local user to be able to view these secret information.0 versions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Juniper Information Disclosure Advanced Threat Prevention
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2019-0009 MEDIUM This Month

On EX2300 and EX3400 series, high disk I/O operations may disrupt the communication between the routing engine (RE) and the packet forwarding engine (PFE). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-0004 MEDIUM This Month

On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Juniper Information Disclosure Advanced Threat Prevention
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-0027 MEDIUM PATCH This Month

A persistent cross-site scripting (XSS) vulnerability in the Snort Rules configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Juniper XSS Information Disclosure Advanced Threat Prevention
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2019-0026 MEDIUM PATCH This Month

A persistent cross-site scripting (XSS) vulnerability in the Zone configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Juniper XSS Information Disclosure Advanced Threat Prevention
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2019-0025 MEDIUM PATCH This Month

A persistent cross-site scripting (XSS) vulnerability in RADIUS configuration menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Juniper XSS Information Disclosure Advanced Threat Prevention
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2019-0024 MEDIUM PATCH This Month

A persistent cross-site scripting (XSS) vulnerability in the Email Collectors menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Juniper XSS Information Disclosure Advanced Threat Prevention
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2019-0023 MEDIUM PATCH This Month

A persistent cross-site scripting (XSS) vulnerability in the Golden VM menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Juniper XSS Information Disclosure Advanced Threat Prevention
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2019-0018 MEDIUM PATCH This Month

A persistent cross-site scripting (XSS) vulnerability in the file upload menu of Juniper ATP may allow an authenticated user to inject arbitrary scripts and steal sensitive data and credentials from. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Juniper XSS File Upload Information Disclosure Advanced Threat Prevention
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2019-0015 MEDIUM This Month

A vulnerability in the SRX Series Service Gateway allows deleted dynamic VPN users to establish dynamic VPN connections until the device is rebooted. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2019-0005 MEDIUM This Month

On EX2300, EX3400, EX4600, QFX3K and QFX5K series, firewall filter configuration cannot perform packet matching on any IPv6 extension headers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2019-3811 MEDIUM PATCH This Month

A vulnerability was found in sssd. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Sssd Debian Linux Fedora Leap +1
NVD
CVSS 3.1
5.2
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy