Skip to main content
CVE-2019-6296 CRITICAL POC Act Now

Cleanto 5.0 has SQL Injection via the assets/lib/export_ajax.php id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Cleanto
NVD GitHub
CVSS 3.0
9.8
EPSS
1.3%
CVE-2019-6295 CRITICAL POC Act Now

Cleanto 5.0 has SQL Injection via the assets/lib/service_method_ajax.php service_id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Cleanto
NVD GitHub
CVSS 3.0
9.8
EPSS
1.3%
CVE-2019-0007 CRITICAL Act Now

The vMX Series software uses a predictable IP ID Sequence Number. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos
NVD
CVSS 3.0
10.0
EPSS
1.7%
CVE-2019-3557 CRITICAL PATCH Act Now

The implementations of streams for bz2 and php://output improperly implemented their readImpl functions, returning -1 consistently. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Hhvm
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-0022 CRITICAL Act Now

Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full control of any installation of the software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Authentication Bypass Advanced Threat Prevention
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2019-0020 CRITICAL Act Now

Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full control of any installation of the software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Authentication Bypass Advanced Threat Prevention
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-0006 CRITICAL Act Now

A certain crafted HTTP packet can trigger an uninitialized function pointer deference vulnerability in the Packet Forwarding Engine manager (fxpc) on all EX, QFX and MX Series devices in a Virtual. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper RCE Junos
NVD
CVSS 3.1
9.8
EPSS
5.3%
CVE-2019-0002 CRITICAL Act Now

On EX2300 and EX3400 series, stateless firewall filter configuration that uses the action 'policer' in combination with other actions might not take effect. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos
NVD
CVSS 3.1
9.8
EPSS
2.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy