Skip to main content
CVE-2019-9202 HIGH POC THREAT This Week

Nagios IM (component of Nagios XI) before 2.2.7 allows authenticated users to execute arbitrary code via API key issues. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Incident Manager
NVD
CVSS 3.1
8.8
EPSS
24.2%
CVE-2019-9164 HIGH POC THREAT This Week

Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Command Injection Nagios Xi
NVD
CVSS 3.1
8.8
EPSS
46.0%
CVE-2019-1754 HIGH PATCH This Week

A vulnerability in the authorization subsystem of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Cisco Apple Information Disclosure Ios Xe
NVD
CVSS 3.1
8.8
EPSS
3.5%
CVE-2019-1753 HIGH PATCH This Week

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Cisco Apple Information Disclosure Ios Xe
NVD
CVSS 3.0
8.8
EPSS
3.8%
CVE-2019-1743 HIGH PATCH This Week

A vulnerability in the web UI framework of Cisco IOS XE Software could allow an authenticated, remote attacker to make unauthorized changes to the filesystem of the affected device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Cisco Apple Ios Xe
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2019-1747 HIGH PATCH This Week

A vulnerability in the implementation of the Short Message Service (SMS) handling functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Cisco Apple iOS Ios Xe
NVD
CVSS 3.1
8.6
EPSS
2.4%
CVE-2019-1740 HIGH PATCH This Week

A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Cisco Apple Ios Xe iOS
NVD
CVSS 3.1
8.6
EPSS
2.2%
CVE-2019-3710 HIGH This Week

Dell EMC Networking OS10 versions prior to 10.4.3 contain a cryptographic key vulnerability due to an underlying application using undocumented, pre-installed X.509v3 key/certificate pairs. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Dell Emc Networking Os10
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2019-9166 HIGH This Week

Privilege escalation in Nagios XI before 5.5.11 allows local attackers to elevate privileges to root via write access to config.inc.php and import_xiconfig.php. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

PHP Privilege Escalation Nagios Xi
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2019-1003048 HIGH PATCH This Week

A vulnerability in Jenkins PRQA Plugin 3.1.0 and earlier allows attackers with local file system access to the Jenkins home directory to obtain the unencrypted password from the plugin configuration. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Prqa
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-7524 HIGH This Week

In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Dovecot Debian Linux Ubuntu Linux Leap
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-1745 HIGH PATCH This Week

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Cisco Apple Command Injection Ios Xe
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-0225 HIGH PATCH This Week

A specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki 2.9.0 to 2.11.0.M2, which could be used by an attacker to obtain registered users'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Apache Jspwiki
NVD
CVSS 3.1
7.5
EPSS
10.3%
CVE-2019-0222 HIGH PATCH This Week

In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apache Activemq E Series Santricity Web Services Communications Diameter Signaling Router +5
NVD
CVSS 3.1
7.5
EPSS
12.4%
CVE-2019-0212 HIGH PATCH This Week

In all previously released Apache HBase 2.x versions (2.0.0-2.0.4, 2.1.0-2.1.3), authorization was incorrectly applied to users of the HBase REST server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Apache Hbase
NVD
CVSS 3.0
7.5
EPSS
3.9%
CVE-2019-6605 HIGH This Week

On BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, and 12.0.x, an undisclosed sequence of packets received by an SSL virtual server and processed by an associated Client SSL or Server SSL profile may cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Application Acceleration Manager Big Ip Edge Gateway +9
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2019-6603 HIGH This Week

In BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, and 13.0.0-13.0.1, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Application Acceleration Manager Big Ip Edge Gateway +9
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2019-6602 HIGH This Week

In BIG-IP 11.5.1-11.5.8 and 11.6.1-11.6.3, the Configuration Utility login page may not follow best security practices when handling a malicious request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +9
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2019-1003043 HIGH PATCH This Week

A missing permission check in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Jenkins Slack Notification
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-5739 HIGH This Week

Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js 6.16.0 and earlier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Node.js Node Js Leap
NVD
CVSS 3.1
7.5
EPSS
5.1%
CVE-2019-5737 HIGH This Week

In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Node.js Node Js Leap
NVD
CVSS 3.1
7.5
EPSS
16.2%
CVE-2019-6542 HIGH This Week

ENTTEC Datagate MK2, Storm 24, Pixelator all firmware versions prior to (70044,70050,70060)_update_05032019-482 allows an unauthenticated user to initiate a remote reboot, which may be used to cause. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service Datagate Mk2 Firmware Storm 24 Firmware Pixelator Firmware
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-1752 HIGH PATCH This Week

A vulnerability in the ISDN functions of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Cisco Apple iOS Ios Xe
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2019-1751 HIGH PATCH This Week

A vulnerability in the Network Address Translation 64 (NAT64) functions of Cisco IOS Software could allow an unauthenticated, remote attacker to cause either an interface queue wedge or a device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Cisco Apple iOS
NVD
CVSS 3.0
7.5
EPSS
2.5%
CVE-2019-1741 HIGH PATCH This Week

A vulnerability in the Cisco Encrypted Traffic Analytics (ETA) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Cisco Apple Ios Xe
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2019-1739 HIGH PATCH This Week

A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Cisco Apple iOS Ios Xe
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2019-1738 HIGH PATCH This Week

A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Cisco Apple iOS Ios Xe
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2019-1750 HIGH PATCH This Week

A vulnerability in the Easy Virtual Switching System (VSS) of Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an unauthenticated, adjacent attacker to cause the switches to reload. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Cisco Apple Ios Xe
NVD
CVSS 3.0
7.4
EPSS
0.7%
CVE-2019-1749 HIGH PATCH This Week

A vulnerability in the ingress traffic validation of Cisco IOS XE Software for Cisco Aggregation Services Router (ASR) 900 Route Switch Processor 3 (RSP3) could allow an unauthenticated, adjacent. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Cisco Apple Ios Xe
NVD
CVSS 3.1
7.4
EPSS
0.6%
CVE-2019-1748 HIGH PATCH This Week

A vulnerability in the Cisco Network Plug-and-Play (PnP) agent of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Cisco Apple Information Disclosure iOS +1
NVD
CVSS 3.1
7.4
EPSS
1.2%
CVE-2019-3869 HIGH PATCH This Week

When running Tower before 3.4.3 on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variables. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Kubernetes Ansible Tower
NVD GitHub
CVSS 3.1
7.2
EPSS
1.3%
CVE-2019-1756 HIGH PATCH This Week

A vulnerability in Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Cisco Apple Information Disclosure iOS Ios Xe
NVD
CVSS 3.0
7.2
EPSS
3.8%
CVE-2019-1755 HIGH PATCH This Week

A vulnerability in the Web Services Management Agent (WSMA) function of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary Cisco IOS commands as a privilege. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Cisco Apple Information Disclosure Ios Xe
NVD
CVSS 3.0
7.2
EPSS
3.5%
CVE-2019-1003044 HIGH PATCH This Week

A cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Jenkins CSRF Slack Notification
NVD
CVSS 3.0
7.1
EPSS
1.1%
CVE-2019-5674 HIGH PATCH This Week

NVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is enabled. Rated high severity (CVSS 7.0).

Nvidia Denial Of Service RCE Geforce Experience
NVD
CVSS 3.0
7.0
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy