Skip to main content
CVE-2019-6340 HIGH POC KEV PATCH THREAT Act Now

Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

PHP RCE Deserialization Drupal
NVD Exploit-DB
CVSS 3.1
8.1
EPSS
91.9%
CVE-2019-1664 HIGH This Week

A vulnerability in the hxterm service of Cisco HyperFlex Software could allow an unauthenticated, local attacker to gain root access to all nodes in the cluster. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cisco Hyperflex Hx Data Platform
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-8955 HIGH This Week

In Tor before 0.3.3.12, 0.3.4.x before 0.3.4.11, 0.3.5.x before 0.3.5.8, and 0.4.x before 0.4.0.2-alpha, remote denial of service against Tor clients and relays can occur via memory exhaustion in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Tor
NVD
CVSS 3.0
7.5
EPSS
4.6%
CVE-2019-1681 HIGH This Week

A vulnerability in the TFTP service of Cisco Network Convergence System 1000 Series software could allow an unauthenticated, remote attacker to retrieve arbitrary files from the targeted device,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Cisco Apple Information Disclosure Ios Xr
NVD
CVSS 3.1
7.5
EPSS
6.3%
CVE-2019-8980 HIGH This Week

A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel Ubuntu Linux Leap +1
NVD
CVSS 3.1
7.5
EPSS
5.8%
CVE-2019-1659 HIGH This Week

A vulnerability in the Identity Services Engine (ISE) integration feature of Cisco Prime Infrastructure (PI) could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Information Disclosure Prime Infrastructure
NVD
CVSS 3.0
7.4
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy