Skip to main content
CVE-2019-6340 HIGH POC KEV PATCH THREAT Act Now

Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

PHP RCE Deserialization Drupal
NVD Exploit-DB
CVSS 3.1
8.1
EPSS
91.9%
CVE-2019-8985 CRITICAL POC THREAT Act Now

On Netis WF2411 with firmware 2.1.36123 and other Netis WF2xxx devices (possibly WF2411 through WF2880), there is a stack-based buffer overflow that does not require authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Buffer Overflow Denial Of Service RCE Wf2411 Firmware +1
NVD GitHub
CVSS 3.0
9.8
EPSS
13.3%
CVE-2019-8979 CRITICAL POC Act Now

Kohana through 3.3.6 has SQL Injection when the order_by() parameter can be controlled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Kohana
NVD GitHub
CVSS 3.0
9.8
EPSS
3.2%
CVE-2019-8982 CRITICAL POC THREAT Act Now

com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java SSRF Wavemarker Studio
NVD Exploit-DB
CVSS 3.0
9.6
EPSS
25.6%
CVE-2019-8996 CRITICAL Act Now

In Signiant Manager+Agents before 13.5, the implementation of the set command has a Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Manager Agents
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2019-1662 CRITICAL Act Now

A vulnerability in the Quality of Voice Reporting (QOVR) service of Cisco Prime Collaboration Assurance (PCA) Software could allow an unauthenticated, remote attacker to access the system as a valid. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Prime Collaboration Assurance
NVD
CVSS 3.0
9.1
EPSS
1.8%
CVE-2019-1664 HIGH This Week

A vulnerability in the hxterm service of Cisco HyperFlex Software could allow an unauthenticated, local attacker to gain root access to all nodes in the cluster. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cisco Hyperflex Hx Data Platform
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-8955 HIGH This Week

In Tor before 0.3.3.12, 0.3.4.x before 0.3.4.11, 0.3.5.x before 0.3.5.8, and 0.4.x before 0.4.0.2-alpha, remote denial of service against Tor clients and relays can occur via memory exhaustion in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Tor
NVD
CVSS 3.0
7.5
EPSS
4.6%
CVE-2019-1681 HIGH This Week

A vulnerability in the TFTP service of Cisco Network Convergence System 1000 Series software could allow an unauthenticated, remote attacker to retrieve arbitrary files from the targeted device,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Cisco Apple Information Disclosure Ios Xr
NVD
CVSS 3.1
7.5
EPSS
6.3%
CVE-2019-8980 HIGH This Week

A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel Ubuntu Linux Leap +1
NVD
CVSS 3.1
7.5
EPSS
5.8%
CVE-2019-1659 HIGH This Week

A vulnerability in the Identity Services Engine (ISE) integration feature of Cisco Prime Infrastructure (PI) could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Information Disclosure Prime Infrastructure
NVD
CVSS 3.0
7.4
EPSS
0.8%
CVE-2019-1684 MEDIUM This Month

A vulnerability in the Cisco Discovery Protocol or Link Layer Discovery Protocol (LLDP) implementation for the Cisco IP Phone 7800 and 8800 Series could allow an unauthenticated, adjacent attacker to. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Ip Phone 8800 Firmware Ip Phone 7800 Firmware Ip Conference Phone 7832 Firmware +11
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2019-1700 MEDIUM This Month

A vulnerability in field-programmable gate array (FPGA) ingress buffer management for the Cisco Firepower 9000 Series with the Cisco Firepower 2-port 100G double-width network module (PID:. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Cisco Firepower 9000 Firmware
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2019-1685 MEDIUM This Month

A vulnerability in the Security Assertion Markup Language (SAML) single sign-on (SSO) interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unity Connection
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2019-1665 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco HyperFlex software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Hyperflex Hx Data Platform
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2019-8984 MEDIUM This Month

MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 2 of 2). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mdaemon
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-8983 MEDIUM This Month

MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 1 of 2). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mdaemon
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-1691 MEDIUM This Month

A vulnerability in the detection engine of Cisco Firepower Threat Defense Software could allow an unauthenticated, remote attacker to cause the unexpected restart of the SNORT detection engine,. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Firepower Threat Defense
NVD
CVSS 3.1
5.8
EPSS
2.3%
CVE-2019-5727 MEDIUM This Month

Splunk Web in Splunk Enterprise 6.5.x before 6.5.5, 6.4.x before 6.4.9, 6.3.x before 6.3.12, 6.2.x before 6.2.14, 6.1.x before 6.1.14, and 6.0.x before 6.0.15 and Splunk Light before 6.6.0 has. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Splunk
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2019-1666 MEDIUM This Month

A vulnerability in the Graphite service of Cisco HyperFlex software could allow an unauthenticated, remote attacker to retrieve data from the Graphite service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Hyperflex Hx Data Platform
NVD
CVSS 3.1
5.3
EPSS
2.2%
CVE-2019-1698 MEDIUM This Month

A vulnerability in the web-based user interface of Cisco Internet of Things Field Network Director (IoT-FND) Software could allow an authenticated, remote attacker to gain read access to information. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Cisco Iot Field Network Director
NVD
CVSS 3.0
4.9
EPSS
3.1%
CVE-2019-1667 LOW Monitor

A vulnerability in the Graphite interface of Cisco HyperFlex software could allow an authenticated, local attacker to write arbitrary data to the Graphite interface. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Hyperflex Hx Data Platform
NVD
CVSS 3.1
3.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy