Skip to main content
CVE-2019-7629 CRITICAL POC Act Now

Stack-based buffer overflow in the strip_vt102_codes function in TinTin++ 2.01.6 and WinTin++ 2.01.6 allows remote attackers to execute arbitrary code by sending a long message to the client. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Tintin Wintin
NVD
CVSS 3.0
9.8
EPSS
5.4%
CVE-2019-8908 CRITICAL POC Act Now

An issue was discovered in WTCMS 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Wtcms
NVD GitHub
CVSS 3.0
9.8
EPSS
2.3%
CVE-2019-8429 CRITICAL POC Act Now

ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filter[Query][terms][0][cnj] parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zoneminder
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-8428 CRITICAL POC Act Now

ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zoneminder
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-8427 CRITICAL POC Act Now

daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Zoneminder
NVD GitHub
CVSS 3.0
9.8
EPSS
2.5%
CVE-2019-8424 CRITICAL POC Act Now

ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zoneminder
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-8423 CRITICAL POC Act Now

ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zoneminder
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-8910 HIGH POC This Week

An issue was discovered in WTCMS 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Wtcms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2019-8907 HIGH POC This Week

do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption File Debian Linux +2
NVD
CVSS 3.0
8.8
EPSS
3.5%
CVE-2019-8904 HIGH POC This Week

do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure File Ubuntu Linux
NVD
CVSS 3.0
8.8
EPSS
2.5%
CVE-2019-6453 HIGH POC THREAT This Week

mIRC before 7.55 allows remote command execution by using argument injection through custom URI protocol handlers. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Code Injection Google Mirc
NVD GitHub Exploit-DB
CVSS 3.0
8.1
EPSS
71.8%
CVE-2019-8909 HIGH POC This Week

An issue was discovered in WTCMS 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wtcms
NVD GitHub
CVSS 3.0
7.5
EPSS
1.8%
CVE-2019-8903 HIGH POC PATCH THREAT This Week

index.js in Total.js Platform before 3.2.3 allows path traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Total Js
NVD GitHub
CVSS 3.0
7.5
EPSS
72.1%
CVE-2019-8433 HIGH POC This Week

JTBC(PHP) 3.0.1.8 allows Arbitrary File Upload via the console/#/console/file/manage.php?type=list URI, as demonstrated by a .php file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Jtbc Php
NVD GitHub
CVSS 3.0
7.5
EPSS
1.2%
CVE-2019-8372 HIGH POC This Week

The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Information Disclosure Lha Sys
NVD
CVSS 3.0
7.0
EPSS
0.5%
CVE-2019-8911 MEDIUM POC This Month

An issue was discovered in WTCMS 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wtcms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-8434 MEDIUM POC This Month

In CmsEasy 7.0, there is XSS via the ckplayer.php autoplay parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cmseasy
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-8432 MEDIUM POC This Month

In CmsEasy 7.0, there is XSS via the ckplayer.php url parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cmseasy
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-8426 MEDIUM POC This Month

skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Zoneminder
NVD GitHub
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-8425 MEDIUM POC This Month

includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Zoneminder
NVD GitHub
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-8917 CRITICAL Act Now

SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js RCE Orion Network Performance Monitor
NVD GitHub
CVSS 3.0
9.8
EPSS
36.4%
CVE-2019-0101 CRITICAL PATCH Act Now

Authentication bypass in the Intel Unite(R) solution versions 3.2 through 3.3 may allow an unauthenticated user to potentially enable escalation of privilege to the Intel Unite(R) Solution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Privilege Escalation Intel Unite
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2019-8902 MEDIUM POC This Month

An issue was discovered in idreamsoft iCMS through 7.0.14. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Icms
NVD GitHub
CVSS 3.0
5.7
EPSS
0.4%
CVE-2019-8436 MEDIUM POC This Month

imcat 4.5 has Stored XSS via the root/run/adm.php fm[instop][note] parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Imcat
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2019-0102 HIGH This Week

Insufficient session authentication in web server for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an unauthenticated user to potentially enable escalation of privilege via network. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Session Fixation Intel Data Center Manager
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2019-8435 MEDIUM POC This Month

admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpmywind
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2019-8906 MEDIUM POC PATCH This Month

do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure File Ubuntu Linux Leap +4
NVD GitHub
CVSS 3.1
4.4
EPSS
0.5%
CVE-2019-8905 MEDIUM POC This Month

do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Debian Linux File Ubuntu Linux +1
NVD
CVSS 3.1
4.4
EPSS
0.5%
CVE-2019-8912 HIGH PATCH This Week

In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +3
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2019-0109 HIGH This Week

Improper folder permissions in Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Data Center Manager
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2019-0105 HIGH This Week

Insufficient file permissions checking in install routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow authenticated user to potentially enable escalation of privilege via. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Intel Privilege Escalation Data Center Manager
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2019-8919 HIGH This Week

The seadroid (aka Seafile Android Client) application through 2.2.13 for Android always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Seadroid
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-0107 MEDIUM This Month

Insufficient user prompt in install routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Data Center Manager
NVD
CVSS 3.0
6.7
EPSS
0.5%
CVE-2019-0106 MEDIUM This Month

Insufficient run protection in install routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Data Center Manager
NVD
CVSS 3.0
6.7
EPSS
0.5%
CVE-2019-0111 MEDIUM This Month

Improper file permissions for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Data Center Manager
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2019-0110 MEDIUM This Month

Insufficient key management for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Data Center Manager
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2019-0108 MEDIUM This Month

Improper file permissions for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable disclosure of information via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Data Center Manager
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2019-0104 MEDIUM This Month

Insufficient file protection in uninstall routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Data Center Manager
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2019-0103 MEDIUM This Month

Insufficient file protection in install routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Data Center Manager
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2019-0112 MEDIUM This Month

Improper flow control in crypto routines for Intel(R) Data Center Manager SDK before version 5.0.2 may allow a privileged user to potentially enable a denial of service via local access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel Data Center Manager
NVD
CVSS 3.0
4.4
EPSS
0.4%
CVE-2019-0127 LOW Monitor

Logic error in the installer for Intel(R) OpenVINO(TM) 2018 R3 and before for Linux may allow a privileged user to potentially enable information disclosure via local access. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Openvino
NVD
CVSS 3.0
3.9
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy