Skip to main content
CVE-2019-9210 HIGH POC This Week

In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Advancecomp Debian Linux Ubuntu Linux +1
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2019-9211 MEDIUM POC This Month

There is a reachable assertion abort in the function write_long_string_missing_values() in data/sys-file-writer.c in libdata.a in GNU PSPP 1.2.0 that will lead to denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Pspp Fedora Backports
NVD
CVSS 3.0
6.5
EPSS
2.0%
CVE-2019-8410 MEDIUM POC This Month

Maccms 8.0 allows XSS via the inc/config/cache.php t_key parameter because template/paody/html/vod_type.html mishandles the keywords parameter, and a/tpl/module/db.php only filters the t_name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Maccms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-9212 CRITICAL PATCH Act Now

SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrary commands via a crafted serialized Hessian object because blacklisting of com.caucho.naming.QName and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Apache Sofa Hessian
NVD GitHub
CVSS 3.0
9.8
EPSS
2.8%
CVE-2019-4061 MEDIUM POC THREAT This Month

IBM BigFix Platform 9.2 and 9.5 could allow an attacker to query the relay remotely and gather information about the updates and fixlets deployed to the associated sites due to not enabling. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

IBM Information Disclosure Bigfix Platform
NVD GitHub
CVSS 3.1
5.3
EPSS
22.5%
CVE-2019-5670 HIGH PATCH This Week

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape in which the software uses a sequential operation to read from or write to a buffer, but. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Information Disclosure Nvidia Buffer Overflow Microsoft +2
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2019-5669 HIGH PATCH This Week

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape in which the software uses a sequential operation to read from or write to a buffer, but. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Nvidia Buffer Overflow Microsoft Denial Of Service Gpu Driver
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2019-5668 HIGH PATCH This Week

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiSubmitCommandVirtual in which the application dereferences a pointer that it. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Nvidia Denial Of Service Microsoft Gpu Driver
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2019-5667 HIGH PATCH This Week

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiSetRootPageTable in which the application dereferences a pointer that it expects. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Nvidia Microsoft RCE +1
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2019-5666 HIGH PATCH This Week

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) create context command DDI DxgkDdiCreateContext in which the product uses untrusted input when. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Nvidia Denial Of Service Microsoft Gpu Driver
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2019-5665 HIGH PATCH This Week

NVIDIA Windows GPU Display driver contains a vulnerability in the 3D vision component in which the stereo service software, when opening a file, does not check for hard links. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Nvidia Denial Of Service Microsoft RCE Gpu Driver
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2019-5491 HIGH This Week

Clustered Data ONTAP versions prior to 9.1P15 and 9.3 prior to 9.3P7 are susceptible to a vulnerability which discloses sensitive information to an unauthenticated user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Clustered Data Ontap
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2019-1559 MEDIUM PATCH This Month

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

OpenSSL Information Disclosure Oracle Ubuntu Linux Debian Linux +79
NVD
CVSS 3.1
5.9
EPSS
17.1%
CVE-2019-5671 MEDIUM PATCH This Month

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software does not release a resource after its effective. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Nvidia Denial Of Service Microsoft Gpu Driver
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2019-7006 MEDIUM This Month

Avaya one-X Communicator uses weak cryptographic algorithms in the client authentication component that could allow a local attacker to decrypt sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure One X Communicator
NVD
CVSS 3.1
5.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy