Skip to main content
CVE-2019-6294 HIGH POC This Week

An issue was discovered in EasyCMS 1.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Easycms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2019-0017 HIGH This Week

The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading of malicious images or scripts, or other content types. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper File Upload Junos Space
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2019-6289 HIGH This Week

uploads/include/dialog/select_soft.php in DedeCMS V57_UTF8_SP2 allows remote attackers to execute arbitrary PHP code by uploading with a safe file extension and then renaming with a mixed-case. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP RCE Dedecms
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2019-0029 HIGH This Week

Juniper ATP Series Splunk credentials are logged in a file readable by authenticated local users. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Juniper Splunk Information Disclosure Advanced Threat Prevention
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2019-0014 HIGH PATCH This Week

On QFX and PTX Series, receipt of a malformed packet for J-Flow sampling might crash the FPC (Flexible PIC Concentrator) process which causes all interfaces to go down. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Juniper Denial Of Service Junos
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2019-0013 HIGH PATCH This Week

The routing protocol daemon (RPD) process will crash and restart when a specific invalid IPv4 PIM Join packet is received. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Juniper Denial Of Service Junos
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2019-0012 HIGH PATCH This Week

A Denial of Service (DoS) vulnerability in BGP in Juniper Networks Junos OS configured as a VPLS PE allows an attacker to craft a specific BGP message to cause the routing protocol daemon (rpd). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-0010 HIGH This Week

An SRX Series Service Gateway configured for Unified Threat Management (UTM) may experience a system crash with the error message "mbuf exceed" -- an indication of memory buffer exhaustion -- due to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.0
7.5
EPSS
2.7%
CVE-2019-0001 HIGH This Week

Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon (bbe-smgd), and lead. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Fedora
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2019-0030 HIGH This Week

Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing of the password file contents.0 versions prior to 5.0.3. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper Information Disclosure Advanced Threat Prevention Firmware
NVD
CVSS 3.1
7.2
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy