Skip to main content
CVE-2019-0232 HIGH POC PATCH THREAT Act Now

When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Command Injection Microsoft Apache Tomcat RCE
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
99.7%
CVE-2019-11229 HIGH POC PATCH THREAT This Week

models/repo_mirror.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 mishandles mirror repo URL settings, leading to remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitea RCE
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
55.6%
CVE-2019-3891 HIGH POC This Week

It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials of the Candlepin database. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Red Hat Satellite
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2019-11222 HIGH POC PATCH This Week

gf_bin128_parse in utils/os_divers.c in GPAC 0.7.1 has a buffer overflow issue for the crypt feature when encountering a crafted_drm_file.xml file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Gpac Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
1.4%
CVE-2019-11221 HIGH POC This Week

GPAC 0.7.1 has a buffer overflow issue in gf_import_message() in media_import.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Gpac Debian Linux
NVD GitHub
CVSS 3.0
7.8
EPSS
1.1%
CVE-2019-11236 MEDIUM POC PATCH This Month

In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Python Urllib3
NVD GitHub
CVSS 3.0
6.1
EPSS
2.1%
CVE-2019-4202 CRITICAL Act Now

IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to command injection. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE IBM Command Injection Api Connect
NVD
CVSS 3.1
10.0
EPSS
4.2%
CVE-2019-6609 CRITICAL Act Now

Platform dependent weakness. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager +11
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-4203 CRITICAL Act Now

IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from the host OS and potentially carry out SSRF attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF IBM Api Connect
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2019-4012 CRITICAL Act Now

IBM BigFix WebUI Profile Management 6 and Software Distribution 23 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi IBM Bigfix Webui Profile Management Bigfix Webui Software Distribution
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2019-6526 CRITICAL Act Now

Moxa IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior use plaintext transmission of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Iks G6824A Firmware Eds 405A Firmware Eds 408A Firmware Eds 510A Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2019-4178 CRITICAL Act Now

IBM Cognos Analytics 11 could allow a remote attacker to traverse directories on the system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Path Traversal Cognos Analytics
NVD
CVSS 3.0
9.1
EPSS
3.1%
CVE-2019-11228 HIGH PATCH This Week

repo/setting.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 does not validate the form.MirrorAddress before calling SaveAddress. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Gitea Information Disclosure
NVD GitHub
CVSS 3.0
7.5
EPSS
1.3%
CVE-2019-5517 MEDIUM PATCH This Month

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow VMware Information Disclosure Fusion Workstation +1
NVD
CVSS 3.0
6.8
EPSS
1.1%
CVE-2019-5516 MEDIUM PATCH This Month

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow VMware Information Disclosure Fusion Workstation +1
NVD
CVSS 3.0
6.8
EPSS
1.7%
CVE-2019-5520 MEDIUM PATCH This Month

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow VMware Information Disclosure Fusion Workstation +1
NVD
CVSS 3.0
5.9
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy