Skip to main content
CVE-2019-9223 HIGH POC This Week

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2019-9220 HIGH POC This Week

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.0
7.5
EPSS
2.8%
CVE-2019-10642 HIGH PATCH This Week

Contao 4.7 allows CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Contao Cms
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2019-6570 HIGH PATCH This Week

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Sinema Remote Connect Server
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-1686 HIGH This Week

A vulnerability in the TCP flags inspection feature for access control lists (ACLs) on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Apple Ios Xr
NVD
CVSS 3.1
8.6
EPSS
1.6%
CVE-2019-0163 HIGH PATCH This Week

Insufficient input validation in system firmware for Intel(R) Broadwell U i5 vPro before version MYBDWi5v.86A may allow an authenticated user to potentially enable escalation of privilege, denial of. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Intel Information Disclosure I5 5350U Firmware
NVD
CVSS 3.0
8.2
EPSS
0.4%
CVE-2019-9222 HIGH This Week

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Gitlab
NVD
CVSS 3.0
8.1
EPSS
1.5%
CVE-2019-9499 HIGH PATCH This Week

The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Hostapd Wpa Supplicant Fedora Backports Sle +5
NVD
CVSS 3.1
8.1
EPSS
2.4%
CVE-2019-9498 HIGH PATCH This Week

The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Hostapd Wpa Supplicant Fedora Backports Sle +5
NVD
CVSS 3.1
8.1
EPSS
2.4%
CVE-2019-9497 HIGH PATCH This Week

The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Microsoft Information Disclosure Hostapd Wpa Supplicant Fedora
NVD
CVSS 3.0
8.1
EPSS
5.4%
CVE-2019-1654 HIGH This Week

A vulnerability in the development shell (devshell) authentication for Cisco Aironet Series Access Points (APs) running the Cisco AP-COS operating system could allow an authenticated, local attacker. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cisco Ap Cos
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-0158 HIGH PATCH This Week

Insufficient path checking in the installation package for Intel(R) Graphics Performance Analyzer for Linux version 18.4 and before may allow an authenticated user to potentially enable escalation of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Intel Graphics Performance Analyzer
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2019-10951 HIGH PATCH This Week

Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Heap Overflow RCE Cncsoft Screeneditor
NVD
CVSS 3.1
7.8
EPSS
2.9%
CVE-2019-10947 HIGH PATCH This Week

Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Stack Overflow RCE Cncsoft Screeneditor
NVD
CVSS 3.1
7.8
EPSS
3.7%
CVE-2019-6575 HIGH This Week

A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Simatic Cp443 1 Opc Ua Firmware Simatic Et 200 Open Controller Cpu 1515Sp Pc2 Firmware Simatic Ipc Diagmonitor Firmware Simatic Net Pc Software Firmware +23
NVD VulDB
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-10953 HIGH This Week

ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Siemens Denial Of Service Abb Schneider Electric
NVD VulDB GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2018-16561 HIGH This Week

A vulnerability has been identified in SIMATIC S7-300 CPUs (All versions < V3.X.16). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siemens Simatic S7 300 Firmware Simatic S7 300F Firmware Simatic S7 300Fs Firmware +1
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2019-1718 HIGH This Week

A vulnerability in the web interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Identity Services Engine
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2019-1712 HIGH This Week

A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the PIM process to restart, resulting in a denial. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Apple Ios Xr
NVD
CVSS 3.0
7.5
EPSS
2.6%
CVE-2019-1711 HIGH This Week

A vulnerability in the Event Management Service daemon (emsd) of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Apple Ios Xr
NVD
CVSS 3.0
7.5
EPSS
2.3%
CVE-2019-9496 HIGH PATCH This Week

An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Hostapd Wpa Supplicant Fedora
NVD
CVSS 3.0
7.5
EPSS
5.2%
CVE-2019-6568 HIGH This Week

The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Cp1604 Firmware Cp1616 Firmware +51
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-3883 HIGH This Week

In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service 389 Directory Server Debian Linux Enterprise Linux
NVD
CVSS 3.1
7.5
EPSS
8.4%
CVE-2019-3798 HIGH This Week

Cloud Foundry Cloud Controller API Release, versions prior to 1.79.0, contains improper authentication when validating user permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Capi Release
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-8455 HIGH This Week

A hard-link created from the log file of Check Point ZoneAlarm up to 15.4.062 to any file on the system will get its permission changed so that all users can access that linked file. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Checkpoint Zonealarm
NVD
CVSS 3.1
7.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy