Skip to main content
CVE-2019-4013 CRITICAL POC THREAT Act Now

IBM BigFix Platform 9.5 could allow any authenticated user to upload any file to any location on the server with root privileges. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload IBM RCE Bigfix Platform
NVD Exploit-DB
CVSS 3.0
9.9
EPSS
14.1%
CVE-2019-11072 CRITICAL POC PATCH THREAT Act Now

lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malicious. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Integer Overflow Lighttpd
NVD GitHub
CVSS 3.0
9.8
EPSS
73.8%
CVE-2019-0285 CRITICAL POC Act Now

The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure SAP Crystal Reports
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
6.6%
CVE-2019-10945 CRITICAL POC THREAT Act Now

An issue was discovered in Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Joomla
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
38.0%
CVE-2019-7139 CRITICAL POC PATCH THREAT Act Now

An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Information Disclosure Adobe Magento
NVD
CVSS 3.0
9.8
EPSS
15.4%
CVE-2019-7551 CRITICAL POC Act Now

Cantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x before 3.4.9 has XSS. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Portal
NVD
CVSS 3.1
9.0
EPSS
1.8%
CVE-2019-3943 HIGH POC This Week

MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Mikrotik Routeros
NVD
CVSS 3.1
8.1
EPSS
3.7%
CVE-2019-11068 CRITICAL PATCH GHSA Act Now

libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Libxslt Ubuntu Linux Debian Linux Fedora +18
NVD VulDB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2019-0036 CRITICAL Act Now

When configuring a stateless firewall filter in Junos OS, terms named using the format "internal-n" (e.g. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Authentication Bypass Junos
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2019-0008 CRITICAL Act Now

A certain sequence of valid BGP or IPv6 BFD packets may trigger a stack based buffer overflow in the Junos OS Packet Forwarding Engine manager (FXPC) process on QFX5000 series, EX4300, EX4600. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Buffer Overflow Stack Overflow RCE Junos
NVD
CVSS 3.1
9.8
EPSS
4.5%
CVE-2019-0040 CRITICAL Act Now

On Junos OS, rpcbind should only be listening to port 111 on the internal routing instance (IRI). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Information Disclosure Junos
NVD
CVSS 3.1
9.1
EPSS
1.9%
CVE-2019-11071 HIGH PATCH This Week

SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated visitors to execute arbitrary code on the host server because var_memotri is mishandled. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Spip Debian Linux
NVD GitHub
CVSS 3.0
8.8
EPSS
2.6%
CVE-2019-0279 HIGH This Week

ABAP BASIS function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP_RFCDEST, and INST_CREATE_TCPIP_RFC_DEST in SAP BASIS (fixed in versions 7.0 to 7.02, 7.10 to 7.30, 7.31, 7.40, 7.50 to 7.53) do. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Business Application Software Integrated Solution
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2019-0229 HIGH PATCH This Week

A number of HTTP endpoints in the Airflow webserver (both RBAC and classic) did not have adequate protection and were vulnerable to cross-site request forgery attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Airflow
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2019-5425 HIGH PATCH This Week

In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an authenticated user can execute arbitrary shell commands over the SSH interface bypassing the CLI interface, which allow them to escalate. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Ubiquiti Command Injection Edgeswitch X
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2019-5424 HIGH PATCH This Week

In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, a privileged user can execute arbitrary shell commands over the SSH CLI interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Ubiquiti Command Injection Edgeswitch X
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2019-0041 HIGH This Week

On EX4300-MP Series devices with any lo0 filters applied, transit network traffic may reach the control plane via loopback interface (lo0). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Authentication Bypass Junos
NVD
CVSS 3.1
8.6
EPSS
0.9%
CVE-2019-1003049 HIGH PATCH This Week

Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Jenkins Information Disclosure Openshift Container Platform Communications Cloud Native Core Automated Test Suite
NVD
CVSS 3.1
8.1
EPSS
2.1%
CVE-2019-0039 HIGH This Week

If REST API is enabled, the Junos OS login credentials are vulnerable to brute force attacks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Juniper Information Disclosure Junos
NVD
CVSS 3.1
8.1
EPSS
1.3%
CVE-2019-6287 HIGH PATCH This Week

In Rancher 2.0.0 through 2.1.5, project members have continued access to create, update, read, and delete namespaces in a project after they have been removed from it. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Rancher
NVD
CVSS 3.0
8.1
EPSS
1.0%
CVE-2019-9694 HIGH This Week

Symantec Endpoint Encryption prior to SEE 11.2.1 MP1 may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Endpoint Encryption
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-0032 HIGH This Week

A password management issue exists where the Organization authentication username and password were stored in plaintext in log files. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Juniper Information Disclosure Service Insight Service Now
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-6154 HIGH PATCH This Week

A DLL search path vulnerability was reported in Lenovo Bootable Generator, prior to version Mar-2019, that could allow a malicious user with local access to execute code on the system. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Lenovo Information Disclosure Bootable Usb
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2019-11069 HIGH PATCH This Week

Sequelize version 5 before 5.3.0 does not properly ensure that standard conforming strings are used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Sequelize
NVD GitHub
CVSS 3.0
7.5
EPSS
1.8%
CVE-2019-0044 HIGH PATCH This Week

Receipt of a specific packet on the out-of-band management interface fxp0 may cause the system to crash and restart (vmcore). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2019-0043 HIGH This Week

In MPLS environments, receipt of a specific SNMP packet may cause the routing protocol daemon (RPD) process to crash and restart. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-0037 HIGH This Week

In a Dynamic Host Configuration Protocol version 6 (DHCPv6) environment, the jdhcpd daemon may crash and restart upon receipt of certain DHCPv6 solicit messages received from a DHCPv6 client. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-0033 HIGH This Week

A firewall bypass vulnerability in the proxy ARP service of Juniper Networks Junos OS allows an attacker to cause a high CPU condition leading to a Denial of Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2019-0031 HIGH This Week

Specific IPv6 DHCP packets received by the jdhcpd daemon will cause a memory resource consumption issue to occur on a Junos OS device using the jdhcpd daemon configured to respond to IPv6 requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-0028 HIGH This Week

On Junos devices with the BGP graceful restart helper mode enabled or the BGP graceful restart mechanism enabled, a BGP session restart on a remote peer that has the graceful restart mechanism. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2019-0019 HIGH This Week

When BGP tracing is enabled an incoming BGP message may cause the Junos OS routing protocol daemon (rpd) process to crash and restart. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-10946 HIGH This Week

An issue was discovered in Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Joomla
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2019-0199 HIGH PATCH This Week

The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Tomcat Apache
NVD
CVSS 3.0
7.5
EPSS
72.9%
CVE-2019-0283 HIGH This Week

SAP NetWeaver Process Integration (Adapter Engine), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; is vulnerable to Digital Signature Spoofing. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Netweaver Process Integration
NVD
CVSS 3.0
7.1
EPSS
0.6%
CVE-2019-0035 MEDIUM This Month

When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as expected. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Authentication Bypass Junos
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2019-6556 MEDIUM This Month

When processing project files, the application (Omron CX-Programmer v9.70 and prior and Common Components January 2019 and prior) fails to check if it is referencing freed memory. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Common Components Cx Programmer
NVD
CVSS 3.0
6.6
EPSS
1.2%
CVE-2019-0038 MEDIUM This Month

Crafted packets destined to the management interface (fxp0) of an SRX340 or SRX345 services gateway may create a denial of service (DoS) condition due to buffer space exhaustion. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2019-0284 MEDIUM This Month

SLD Registration in SAP HANA (fixed in versions 1.0, 2.0) does not sufficiently validate an XML document accepted from an untrusted source. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

XXE SAP Hana
NVD
CVSS 3.0
6.0
EPSS
0.4%
CVE-2019-11065 MEDIUM PATCH This Month

Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Gradle Fedora
NVD GitHub
CVSS 3.1
5.9
EPSS
1.4%
CVE-2019-1003050 MEDIUM PATCH This Month

The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, resulting in a cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Jenkins Communications Cloud Native Core Automated Test Suite Openshift Container Platform
NVD
CVSS 3.1
5.4
EPSS
1.3%
CVE-2019-11070 MEDIUM PATCH This Month

WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apple Information Disclosure Webkitgtk Wpe Webkit
NVD
CVSS 3.0
5.3
EPSS
3.3%
CVE-2019-0282 MEDIUM This Month

Several web pages in SAP NetWeaver Process Integration (Runtime Workbench), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; can be accessed without user authentication, which might expose. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java SAP Netweaver Process Integration
NVD
CVSS 3.0
5.3
EPSS
1.2%
CVE-2019-0216 MEDIUM PATCH This Month

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Airflow
NVD
CVSS 3.0
4.8
EPSS
2.8%
CVE-2019-5426 MEDIUM PATCH This Month

In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an unauthenticated user can use the "local port forwarding" and "dynamic port forwarding" (SOCKS proxy) functionalities. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Ubiquiti Edgeswitch X
NVD
CVSS 3.1
4.8
EPSS
0.8%
CVE-2019-3612 MEDIUM This Month

Information Disclosure vulnerability in McAfee DXL Platform and TIE Server in DXL prior to 5.0.1 HF2 and TIE prior to 2.3.1 HF1 allows Authenticated users to view sensitive information in plain text. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Data Exchange Layer Threat Intelligence Exchange
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2019-0278 MEDIUM This Month

Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Netweaver Process Integration
NVD
CVSS 3.0
4.3
EPSS
0.7%
CVE-2019-0042 MEDIUM This Month

Juniper Identity Management Service (JIMS) for Windows versions prior to 1.1.4 may send an incorrect message to associated SRX services gateways. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Juniper Denial Of Service Microsoft Identity Management Service
NVD
CVSS 3.1
4.2
EPSS
0.3%
CVE-2019-6156 LOW PATCH Monitor

In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Lenovo Information Disclosure 510 15Ikl Firmware 510S 08Ikl Firmware Ideacentre 300 20Ish Firmware +174
NVD
CVSS 3.0
3.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy