Skip to main content
CVE-2019-10044 HIGH POC This Week

Telegram Desktop before 1.5.12 on Windows, and the Telegram applications for Android, iOS, and Linux, is vulnerable to an IDN homograph attack when displaying messages containing URLs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Microsoft Information Disclosure Telegram Telegram Desktop
NVD GitHub
CVSS 3.0
8.8
EPSS
3.3%
CVE-2019-7642 HIGH POC This Week

D-Link routers with the mydlink feature have some web interfaces without authentication requirements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 817Lw Firmware Dir 816L Firmware Dir 816 Firmware +2
NVD GitHub
CVSS 3.1
7.5
EPSS
2.6%
CVE-2019-10042 HIGH POC This Week

The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 816 Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
1.7%
CVE-2019-10012 HIGH POC This Week

Jenzabar JICS (aka Internet Campus Solution) before 9 allows remote attackers to upload and execute arbitrary .aspx code by placing it in a ZIP archive and using the MoxieManager (for .NET) plugin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

File Upload Internet Campus Solution Moxiemanager
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2019-3857 HIGH PATCH This Week

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Libssh2 Debian Linux Ontap Select Deploy Administration Utility +10
NVD
CVSS 3.1
8.8
EPSS
6.1%
CVE-2019-3856 HIGH PATCH This Week

An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Libssh2 Debian Linux Ontap Select Deploy Administration Utility +10
NVD
CVSS 3.1
8.8
EPSS
6.1%
CVE-2019-3863 HIGH PATCH This Week

A flaw was found in libssh2 before 1.8.1 creating a vulnerability on the SSH client side. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Libssh2 Debian Linux Ontap Select Deploy Administration Utility +7
NVD
CVSS 3.0
8.8
EPSS
3.4%
CVE-2019-7611 HIGH PATCH This Week

A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Elastic Elasticsearch
NVD
CVSS 3.1
8.1
EPSS
2.1%
CVE-2019-3879 HIGH This Week

It was discovered that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is triggered as an internal command, meaning the permission validation that should be performed against the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ovirt Virtualization
NVD
CVSS 3.1
8.1
EPSS
1.9%
CVE-2019-0204 HIGH PATCH This Week

A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Docker Apache Mesos Fuse
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2019-3484 HIGH This Week

Mitigates a remote code execution issue in ArcSight Logger versions prior to 6.7. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Arcsight Logger
NVD
CVSS 3.0
7.8
EPSS
1.4%
CVE-2019-7613 HIGH This Week

Winlogbeat versions before 5.6.16 and 6.6.2 had an insufficient logging flaw. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Winlogbeat
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-4046 HIGH PATCH This Week

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by improper handling of request headers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service IBM Websphere Application Server
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2019-6240 HIGH This Week

An issue was discovered in GitLab Community and Enterprise Edition before 11.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Gitlab
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2019-3481 HIGH This Week

Mitigates a XML External Entity Parsing issue in ArcSight Logger versions prior to 6.7. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Arcsight Logger
NVD
CVSS 3.0
7.1
EPSS
1.7%
CVE-2019-3827 HIGH PATCH This Week

An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no. Rated high severity (CVSS 7.0). This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Gvfs
NVD
CVSS 3.1
7.0
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy