Skip to main content
CVE-2019-8341 CRITICAL POC THREAT Act Now

An issue was discovered in Jinja2 2.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Jinja2 Leap
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
44.8%
CVE-2019-8347 HIGH POC This Week

BEESCMS 4.0 has a CSRF vulnerability to add arbitrary VIP accounts via the admin/admin_member.php?action=add&nav=add_web_user&admin_p_nav=user URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Beescms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-6974 HIGH POC PATCH THREAT This Week

In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Race Condition Linux Information Disclosure Linux Kernel Debian Linux +22
NVD GitHub Exploit-DB
CVSS 3.1
8.1
EPSS
16.5%
CVE-2019-8343 HIGH POC This Week

In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in paste_tokens in asm/preproc.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Netwide Assembler
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2019-4059 CRITICAL PATCH Act Now

IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Authentication Bypass IBM Rational Clearcase
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2019-0261 CRITICAL Act Now

Under certain circumstances, SAP HANA Extended Application Services, advanced model (XS advanced) does not perform authentication checks properly for XS advanced platform and business users. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass SAP Landscape Management
NVD
CVSS 3.0
9.8
EPSS
3.6%
CVE-2019-0259 CRITICAL Act Now

SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an attacker to upload any file (including script files) without proper file format validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload SAP Businessobjects
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2019-8356 MEDIUM POC This Month

An issue was discovered in SoX 14.4.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Sound Exchange
NVD
CVSS 3.0
5.5
EPSS
1.8%
CVE-2019-0267 HIGH This Week

SAP Manufacturing Integration and Intelligence, versions 15.0, 15.1 and 15.2, (Illuminator Servlet) currently does not provide Anti-XSRF tokens. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP CSRF Manufacturing Integration And Intelligence
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-0258 HIGH This Week

SAP Disclosure Management, version 10.01, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Disclosure Management
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2019-0257 HIGH This Week

Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Netweaver Application Server Abap Netweaver As Abap
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-8345 MEDIUM POC This Month

The Help feature in the ES File Explorer File Manager application 4.1.9.7.4 for Android allows session hijacking by a Man-in-the-middle attacker on the local network because HTTPS is not used, and an. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Google Information Disclosure Es File Explorer File Manager
NVD
CVSS 3.0
4.2
EPSS
0.4%
CVE-2019-0255 HIGH This Week

SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Advanced Business Application Programming Platform Kernel Advanced Business Application Programming Platform Krnl64Nuc Advanced Business Application Programming Platform Krnl64Uc
NVD
CVSS 3.0
8.1
EPSS
1.7%
CVE-2019-0266 HIGH This Week

Under certain conditions SAP HANA Extended Application Services, version 1.0, advanced model (XS advanced) writes credentials of platform users to a trace file of the SAP HANA system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass SAP Hana Extended Application Services
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2019-0251 MEDIUM This Month

The Fiori Launchpad of SAP BusinessObjects, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Businessobjects
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2019-8357 MEDIUM This Month

An issue was discovered in SoX 14.4.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Sound Exchange
NVD
CVSS 3.0
5.5
EPSS
1.6%
CVE-2019-8355 MEDIUM This Month

An issue was discovered in SoX 14.4.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Sound Exchange
NVD
CVSS 3.0
5.5
EPSS
1.7%
CVE-2019-0256 MEDIUM This Month

Under certain conditions SAP Business One Mobile Android App, version 1.2.12, allows an attacker to access information which would otherwise be restricted. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure SAP Business One
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2019-0262 MEDIUM This Month

SAP WebIntelligence BILaunchPad, versions 4.10, 4.20, does not sufficiently encode user-controlled inputs in generated HTML reports, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Businessobjects Bi Platform
NVD
CVSS 3.0
5.4
EPSS
0.9%
CVE-2019-0254 MEDIUM This Month

SAP Disclosure Management (before version 10.1 Stack 1301) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Disclosure Management
NVD
CVSS 3.0
5.4
EPSS
0.9%
CVE-2019-8354 MEDIUM This Month

An issue was discovered in SoX 14.4.2. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Sound Exchange Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.0
EPSS
1.6%
CVE-2019-0265 MEDIUM This Month

SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Advanced Business Application Programming Platform Kernel Advanced Business Application Programming Platform Krnl32Nuc Advanced Business Application Programming Platform Krnl32Uc Advanced Business Application Programming Platform Krnl64Nuc +1
NVD
CVSS 3.0
4.9
EPSS
2.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy