Skip to main content
CVE-2019-11332 HIGH POC This Week

MKCMS 5.0 allows remote attackers to take over arbitrary user accounts by posting a username and e-mail address to ucenter/repass.php, which triggers e-mail transmission with the password, as. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Mkcms
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2019-3398 HIGH POC KEV PATCH THREAT This Week

Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Atlassian Path Traversal RCE Confluence Server
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
97.2%
CVE-2019-3718 HIGH This Week

Dell SupportAssist Client versions prior to 3.2.0.90 contain an improper origin validation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell CSRF Supportassist
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2019-10303 HIGH PATCH This Week

Jenkins Azure PublisherSettings Credentials Plugin 1.2 and earlier stored credentials unencrypted in the credentials.xml file on the Jenkins master where they could be viewed by users with access to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Microsoft Information Disclosure Azure Publishersettings Credentials
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-10302 HIGH PATCH This Week

Jenkins jira-ext Plugin 0.8 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian Jenkins Information Disclosure Jira Ext
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-10301 HIGH PATCH This Week

A missing permission check in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfig#doTestConnection form validation method allowed attackers with Overall/Read permission to connect. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Gitlab
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-1797 HIGH This Week

A vulnerability in the web-based management interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Wireless Lan Controller Software
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2019-11331 HIGH This Week

Network Time Protocol (NTP), as specified in RFC 5905, uses port 123 even for modes where a fixed port number is not required, which makes it easier for remote attackers to conduct off-path attacks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Ntp
NVD
CVSS 3.0
8.1
EPSS
2.6%
CVE-2019-1841 HIGH This Week

A vulnerability in the Software Image Management feature of Cisco DNA Center could allow an authenticated, remote attacker to access to internal services without additional authentication. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Catalyst Center
NVD
CVSS 3.0
8.1
EPSS
2.6%
CVE-2019-3719 HIGH PATCH This Week

Dell SupportAssist Client versions prior to 3.2.0.90 contain a remote code execution vulnerability. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity.

Dell RCE Supportassist
NVD
CVSS 3.1
8.0
EPSS
16.1%
CVE-2019-10300 HIGH PATCH This Week

A cross-site request forgery vulnerability in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfig#doTestConnection form validation method allowed attackers to connect to an. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Gitlab CSRF
NVD
CVSS 3.0
8.0
EPSS
1.4%
CVE-2019-11324 HIGH PATCH This Week

The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Urllib3 Ubuntu Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
2.8%
CVE-2019-3885 HIGH PATCH This Week

A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Pacemaker Ubuntu Linux +1
NVD GitHub
CVSS 3.0
7.5
EPSS
2.0%
CVE-2019-8999 HIGH PATCH This Week

An XML External Entity vulnerability in the UEM Core of BlackBerry UEM version(s) earlier than 12.10.1a could allow an attacker to potentially gain read access to files on any system reachable by the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Unified Endpoint Management
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2019-1840 HIGH This Week

A vulnerability in the DHCPv6 input packet processor of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to restart the server and cause a denial of service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Prime Network Registrar
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2019-1837 HIGH This Week

A vulnerability in the User Data Services (UDS) API of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Unified Communications Manager
NVD
CVSS 3.0
7.5
EPSS
2.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy