Skip to main content
CVE-2019-9750 CRITICAL POC Act Now

In IoTivity through 1.3.1, the CoAP server interface can be used for Distributed Denial of Service attacks using source IP address spoofing and UDP-based traffic amplification. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Iotivity
NVD
CVSS 3.0
9.1
EPSS
1.3%
CVE-2019-9748 CRITICAL POC Act Now

In tinysvcmdns through 2018-01-16, an mDNS server processing a crafted packet can perform arbitrary data read operations up to 16383 bytes from the start of the buffer. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Tinysvcmdns
NVD
CVSS 3.0
9.1
EPSS
2.4%
CVE-2019-9749 HIGH POC This Week

An issue was discovered in the MQTT input plugin in Fluent Bit through 1.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Fluent Bit
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-9747 HIGH POC This Week

In tinysvcmdns through 2018-01-16, a maliciously crafted mDNS (Multicast DNS) packet triggers an infinite loop while parsing an mDNS query. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Tinysvcmdns
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-9742 HIGH POC This Week

gdwfpcd.sys in G Data Total Security before 2019-02-22 allows an attacker to bypass ACLs because Interpreted Device Characteristics lacks FILE_DEVICE_SECURE_OPEN and therefore files and directories. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Total Security
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-9735 MEDIUM POC PATCH This Month

An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Neutron Openstack Debian Linux
NVD
CVSS 3.0
6.5
EPSS
3.6%
CVE-2019-9741 MEDIUM POC This Month

An issue was discovered in net/http in Go 1.11.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Redis Code Injection Go Debian Linux Fedora +2
NVD GitHub
CVSS 3.1
6.1
EPSS
2.3%
CVE-2019-9740 MEDIUM POC This Month

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Redis Code Injection Python
NVD
CVSS 3.1
6.1
EPSS
5.3%
CVE-2019-9738 MEDIUM POC This Month

jimmykuu Gopher 2.0 has DOM-based XSS via vectors involving the '<EMBED SRC="data:image/svg+xml' substring. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gopher
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-9737 MEDIUM POC This Month

Editor.md 1.5.0 has DOM-based XSS via vectors involving the '<EMBED SRC="data:image/svg+xml' substring. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Editor Md
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-9736 MEDIUM POC This Month

DOM-based XSS exists in 1024Tools Markdown 1.0 via vectors involving the '<EMBED SRC="data:image/svg+xml' substring. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS 1024Tools
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-1723 CRITICAL PATCH Act Now

A vulnerability in the Cisco Common Services Platform Collector (CSPC) could allow an unauthenticated, remote attacker to access an affected device by using an account that has a default, static. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Cisco Common Services Platform Collector
NVD
CVSS 3.1
9.8
EPSS
5.8%
CVE-2019-9754 MEDIUM POC This Month

An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Tinycc
NVD
CVSS 3.0
5.5
EPSS
0.9%
CVE-2019-3785 HIGH This Week

Cloud Foundry Cloud Controller, versions prior to 1.78.0, contain an endpoint with improper authorization. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Capi Release
NVD
CVSS 3.1
8.1
EPSS
1.3%
CVE-2019-3716 HIGH This Week

RSA Archer versions, prior to 6.5 SP2, contain an information exposure vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Archer Grc Platform
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-6596 HIGH This Week

In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, 12.1.0-12.1.3.6, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, when processing fragmented ClientHello messages in a DTLS session TMM may corrupt memory eventually. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Access Policy Manager
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-9746 HIGH PATCH This Week

In libwebm before 2019-03-08, a NULL pointer dereference caused by the functions OutputCluster and OutputTracks in webm_info.cc will trigger an abort, which allows a DoS attack, a similar issue to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Libwebm
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2019-6597 HIGH This Week

In BIG-IP 13.0.0-13.1.1.1, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager Big Ip Analytics +10
NVD
CVSS 3.0
7.2
EPSS
1.3%
CVE-2019-3711 HIGH This Week

RSA Authentication Manager versions prior to 8.4 P1 contain an Insecure Credential Management Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rsa Authentication Manager Authentication Manager
NVD
CVSS 3.0
7.2
EPSS
2.0%
CVE-2019-6600 MEDIUM This Month

In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, when remote authentication is enabled for administrative users and all external users are granted the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager Big Ip Analytics +9
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2019-6599 MEDIUM This Month

In BIG-IP 11.6.1-11.6.3.2 or 11.5.1-11.5.8, or Enterprise Manager 3.1.1, improper escaping of values in an undisclosed page of the configuration utility may result with an improper handling on the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Big Ip Access Policy Manager
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-6601 MEDIUM This Month

In BIG-IP 13.0.0, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, the Application Acceleration Manager (AAM) wamd process used in processing of images and PDFs fails to drop group permissions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Big Ip Application Acceleration Manager
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-3715 MEDIUM This Month

RSA Archer versions, prior to 6.5 SP1, contain an information exposure vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Archer Grc Platform
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2019-9752 MEDIUM PATCH This Month

An issue was discovered in Open Ticket Request System (OTRS) 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Otrs Backports Sle Leap
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2019-9751 MEDIUM PATCH This Month

An issue was discovered in Open Ticket Request System (OTRS) 6.x before 6.0.17 and 7.x before 7.0.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Otrs
NVD
CVSS 3.0
4.8
EPSS
0.8%
CVE-2019-6598 MEDIUM This Month

In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, malformed requests to the Traffic Management User Interface (TMUI), also. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager Big Ip Analytics +10
NVD
CVSS 3.0
4.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy