Skip to main content
CVE-2019-11383 CRITICAL POC Act Now

An issue was discovered in the Medha WiFi FTP Server application 1.8.3 for Android. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Wifi Ftp Server
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-11384 CRITICAL POC Act Now

The Zalora application 6.15.1 for Android stores confidential information insecurely on the system (i.e. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Zalora
NVD
CVSS 3.0
9.8
EPSS
1.0%
CVE-2019-11450 CRITICAL POC Act Now

whatsns 4.0 allows index.php?question/ajaxadd.html title SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Whatsns
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-11448 CRITICAL POC THREAT Act Now

An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zoho Manageengine Applications Manager
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
12.4%
CVE-2019-11395 CRITICAL POC THREAT Act Now

A buffer overflow in MailCarrier 2.51 allows remote attackers to execute arbitrary code via a long string, as demonstrated by SMTP RCPT TO, POP3 USER, POP3 LIST, POP3 TOP, or POP3 RETR. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Mailcarrier
NVD
CVSS 3.0
9.8
EPSS
14.6%
CVE-2019-11393 CRITICAL POC Act Now

An issue was discovered in /admin/users/update in M/Monit before 3.7.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Monit
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.1%
CVE-2019-3899 CRITICAL Act Now

It was found that default configuration of Heketi does not require any authentication potentially exposing the management interface to misuse. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openshift Container Platform Heketi
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2019-11418 CRITICAL Act Now

apply.cgi on the TRENDnet TEW-632BRP 1.010B32 router has a buffer overflow via long strings to the SOAPACTION:HNAP1 interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tew 632Brp Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-11417 CRITICAL Act Now

system.cgi on TRENDnet TV-IP110WN cameras has a buffer overflow caused by an inadequate source-length check before a strcpy operation in the respondAsp function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tv Ip110Wn Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-11411 CRITICAL PATCH Act Now

An issue was discovered in Artifex MuJS 1.0.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Mujs
NVD GitHub
CVSS 3.0
9.8
EPSS
3.3%
CVE-2019-11403 CRITICAL Act Now

In Gradle Enterprise before 2018.5.2, Build Cache Nodes would reflect the configured password back when viewing the HTML page source of the settings page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Build Cache Node Enterprise
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2019-11402 CRITICAL Act Now

In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store the credentials at rest in an encrypted format. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Enterprise
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2019-11235 CRITICAL PATCH Act Now

FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Freeradius Fedora Enterprise Linux Enterprise Linux Eus +6
NVD
CVSS 3.0
9.8
EPSS
3.6%
CVE-2019-11234 CRITICAL Act Now

FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Freeradius Fedora Enterprise Linux Ubuntu Linux
NVD
CVSS 3.0
9.8
EPSS
7.6%
CVE-2019-11460 CRITICAL PATCH Act Now

An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3.30 prior to 3.30.2.2, and 3.32 prior to 3.32.1.1. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Gnome Desktop
NVD
CVSS 3.0
9.0
EPSS
2.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy