Skip to main content
CVE-2019-0232 HIGH POC PATCH THREAT Act Now

When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Command Injection Microsoft Apache Tomcat RCE
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
99.7%
CVE-2019-11229 HIGH POC PATCH THREAT This Week

models/repo_mirror.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 mishandles mirror repo URL settings, leading to remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitea RCE
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
55.6%
CVE-2019-3891 HIGH POC This Week

It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials of the Candlepin database. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Red Hat Satellite
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2019-11222 HIGH POC PATCH This Week

gf_bin128_parse in utils/os_divers.c in GPAC 0.7.1 has a buffer overflow issue for the crypt feature when encountering a crafted_drm_file.xml file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Gpac Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
1.4%
CVE-2019-11221 HIGH POC This Week

GPAC 0.7.1 has a buffer overflow issue in gf_import_message() in media_import.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Gpac Debian Linux
NVD GitHub
CVSS 3.0
7.8
EPSS
1.1%
CVE-2019-11228 HIGH PATCH This Week

repo/setting.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 does not validate the form.MirrorAddress before calling SaveAddress. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Gitea Information Disclosure
NVD GitHub
CVSS 3.0
7.5
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy