Skip to main content
CVE-2019-9733 CRITICAL POC THREAT Act Now

An issue was discovered in JFrog Artifactory 6.7.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Artifactory
NVD
CVSS 3.0
9.8
EPSS
53.9%
CVE-2019-9974 CRITICAL POC Act Now

diag_tool.cgi on DASAN H660RM GPON routers with firmware 1.03-0022 lacks any authorization check, which allows remote attackers to run a ping command via a GET request to enumerate LAN devices or. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass H660Rm Firmware
NVD
CVSS 3.0
9.1
EPSS
2.9%
CVE-2019-11078 HIGH POC This Week

MKCMS V5.0 has a CSRF vulnerability to add a new admin user via the ucenter/userinfo.php URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Mkcms
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2019-11077 HIGH POC This Week

FastAdmin V1.0.0.20190111_beta has a CSRF vulnerability to add a new admin user via the admin/auth/admin/add?dialog=1 URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Fastadmin
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2019-9975 HIGH POC This Week

DASAN H660RM devices with firmware 1.03-0022 use a hard-coded key for logs encryption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass H660Rm Firmware
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2019-3914 HIGH POC THREAT This Week

Remote command injection vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows a remote, authenticated attacker to execute arbitrary commands on the target device. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Fios Quantum Gateway G1100 Firmware
NVD
CVSS 3.0
7.2
EPSS
29.9%
CVE-2019-3460 MEDIUM POC PATCH This Month

A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel Ubuntu Linux Debian Linux +13
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2019-3459 MEDIUM POC PATCH This Month

A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Linux Information Disclosure Linux Kernel Ubuntu Linux +14
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2019-7219 MEDIUM POC This Month

Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Webaccess
NVD GitHub
CVSS 3.0
6.1
EPSS
5.2%
CVE-2019-7644 CRITICAL PATCH Act Now

Auth0 Auth0-WCF-Service-JWT before 1.0.4 leaks the expected JWT signature in an error message when it cannot successfully validate the JWT signature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Auth0 Wcf Service Jwt
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-5715 CRITICAL PATCH Act Now

All versions of SilverStripe 3 prior to 3.6.7 and 3.7.3, and all versions of SilverStripe 4 prior to 4.0.7, 4.1.5, 4.2.4, and 4.3.1 allows Reflected SQL Injection through Form and DataObject. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Silverstripe
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-6318 CRITICAL Act Now

HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, HP Officejet Enterprise printers have an insufficient solution bundle signature validation that. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack HP RCE Color Laserjet Cm4540 Mfp Firmware Color Laserjet Enterprise Cp5525 Firmware +141
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2019-6493 MEDIUM POC This Month

SmartDefragDriver.sys (2.0) in IObit Smart Defrag 6 never frees an executable kernel pool that is allocated with user defined bytes and size when IOCTL 0x9C401CC0 is called. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Smart Defrag
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2019-5672 CRITICAL Act Now

NVIDIA Jetson TX1 and TX2 contain a vulnerability in the Linux for Tegra (L4T) operating system (on all versions prior to R28.3) where the Secure Shell (SSH) keys provided in the sample rootfs are. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia Information Disclosure Jetson Tx1 Jetson Tx2
NVD
CVSS 3.0
9.1
EPSS
1.4%
CVE-2019-6525 HIGH This Week

AVEVA Wonderware System Platform 2017 Update 2 and prior uses an ArchestrA network user account for authentication of system processes and inter-node communications. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Wonderware System Platform
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-9056 HIGH This Week

An issue was discovered in CMS Made Simple 2.2.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Deserialization Cms Made Simple
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2019-9976 HIGH This Week

The Boa server configuration on DASAN H660RM devices with firmware 1.03-0022 logs POST data to the /tmp/boa-temp file, which allows logged-in users to read the credentials of administration web. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure H660Rm Firmware
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2019-6610 HIGH This Week

On BIG-IP versions 14.0.0-14.0.0.4, 13.0.0-13.1.1.1, 12.1.0-12.1.4, 11.6.0-11.6.3.4, and 11.5.1-11.5.8, the system is vulnerable to a denial of service attack when performing URL classification. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Access Policy Manager
NVD
CVSS 3.0
8.6
EPSS
1.1%
CVE-2019-3845 HIGH This Week

A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent in versions before Satellite 6.2, Satellite 6.1 optional and Satellite Capsule. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Satellite
NVD
CVSS 3.1
8.0
EPSS
0.7%
CVE-2019-6534 HIGH PATCH This Week

The uncontrolled search path element vulnerability in Gemalto Sentinel UltraPro Client Library ux32w.dll Versions 1.3.0, 1.3.1, and 1.3.2 enables an attacker to load and execute a malicious file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Sentinel Ultrapro Client Library
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2019-5024 HIGH This Week

A restricted environment escape vulnerability exists in the “kiosk mode” function of Capsule Technologies SmartLinx Neuron 2 medical information collection devices running versions 9.0.3 or lower. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Smartlinx Neuron 2 Firmware
NVD
CVSS 3.1
7.6
EPSS
0.5%
CVE-2019-9628 HIGH This Week

The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xmltooling Ubuntu Linux Leap
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2019-3916 HIGH This Week

Information disclosure vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an remote, unauthenticated attacker to retrieve the value of the password salt by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fios Quantum Gateway G1100 Firmware
NVD
CVSS 3.0
7.5
EPSS
2.1%
CVE-2019-3915 HIGH This Week

Authentication Bypass by Capture-replay vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an unauthenticated attacker with adjacent network access to intercept. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Fios Quantum Gateway G1100 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2019-6796 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2019-5673 MEDIUM This Month

NVIDIA Jetson TX2 contains a vulnerability in the kernel driver (on all versions prior to R28.3) where the ARM System Memory Management Unit (SMMU) improperly checks for a fault condition, causing. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Denial Of Service Jetson Tx2
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2019-3837 MEDIUM PATCH This Month

It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Race Condition Buffer Overflow Linux Kernel Enterprise Linux
NVD
CVSS 3.1
6.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy