Skip to main content
CVE-2019-7684 CRITICAL POC Act Now

inxedu through 2018-12-24 has a vulnerability that can lead to the upload of a malicious JSP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Inxedu
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2019-7674 CRITICAL POC Act Now

An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Brute Force Information Disclosure S14 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.3%
CVE-2019-7653 CRITICAL POC Act Now

The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Python Debian Rdflib Debian Linux +1
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2019-7675 HIGH POC This Week

An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure S14 Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
1.1%
CVE-2019-7663 MEDIUM POC PATCH This Month

An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libtiff Debian Linux Ubuntu Linux Leap
NVD
CVSS 3.0
6.5
EPSS
3.4%
CVE-2019-7662 MEDIUM POC This Month

An assertion failure was discovered in wasm::WasmBinaryBuilder::getType() in wasm-binary.cpp in Binaryen 1.38.22. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Binaryen
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2019-7677 MEDIUM POC This Month

XSS exists in Enphase Envoy R3.*.* via the profileName parameter to the /home URI on TCP port 8888. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Envoy
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-7678 CRITICAL Act Now

A directory traversal vulnerability was discovered in Enphase Envoy R3.*.* via images/, include/, include/js, or include/css on TCP port 8888. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Envoy
NVD GitHub
CVSS 3.0
9.8
EPSS
2.5%
CVE-2019-7665 MEDIUM POC This Month

In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Elfutils Debian Linux +9
NVD
CVSS 3.1
5.5
EPSS
1.4%
CVE-2019-7664 MEDIUM POC This Month

In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption Elfutils Enterprise Linux +6
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2019-7659 HIGH This Week

Genivia gSOAP 2.7.x and 2.8.x before 2.8.75 allows attackers to cause a denial of service (application abort) or possibly have unspecified other impact if a server application is built with the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption Gsoap Debian Linux
NVD
CVSS 3.0
8.1
EPSS
2.0%
CVE-2019-7673 HIGH This Week

An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure S14 Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2019-7676 HIGH This Week

A weak password vulnerability was discovered in Enphase Envoy R3.*.*. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Brute Force Information Disclosure Envoy
NVD GitHub
CVSS 3.0
7.2
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy