Skip to main content
CVE-2019-11076 CRITICAL POC Act Now

Cribl UI 1.5.0 allows remote attackers to run arbitrary commands via an unauthenticated web request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cribl
NVD GitHub
CVSS 3.0
9.8
EPSS
3.5%
CVE-2019-7304 CRITICAL POC THREAT Act Now

Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Canonical Snapd Ubuntu Linux
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
61.1%
CVE-2019-11469 CRITICAL POC THREAT Act Now

Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zoho Manageengine Applications Manager
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
18.4%
CVE-2019-2721 HIGH POC PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Oracle Vm Virtualbox
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
2.2%
CVE-2019-11471 HIGH POC PATCH This Week

libheif 1.4.0 has a use-after-free in heif::HeifContext::Image::set_alpha_channel in heif_context.h because heif_context.cc mishandles references to non-existing alpha images. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Use After Free Information Disclosure Memory Corruption Libheif
NVD GitHub
CVSS 3.0
8.8
EPSS
1.8%
CVE-2019-2578 HIGH POC PATCH THREAT This Week

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Webcenter Sites
NVD
CVSS 3.0
8.6
EPSS
72.4%
CVE-2019-11487 HIGH POC PATCH This Week

The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Use After Free Linux Memory Corruption Linux Kernel +2
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2019-7303 HIGH POC This Week

A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert characters into a terminal on a 64-bit host. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Linux Canonical Information Disclosure Snapd Ubuntu Linux
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
3.7%
CVE-2019-2616 HIGH POC KEV PATCH THREAT This Week

Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Oracle Business Intelligence Publisher
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
92.2%
CVE-2019-11472 MEDIUM POC PATCH This Month

ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
3.4%
CVE-2019-11470 MEDIUM POC PATCH This Month

The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
3.6%
CVE-2019-2557 MEDIUM POC PATCH This Month

Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite (subcomponent: Load Testing for Web Apps). Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Oracle Application Testing Suite
NVD GitHub
CVSS 3.0
6.3
EPSS
5.5%
CVE-2019-2638 CRITICAL PATCH Act Now

Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Consolidation Hierarchy Viewer). Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle General Ledger
NVD
CVSS 3.1
9.9
EPSS
1.4%
CVE-2019-2633 CRITICAL PATCH Act Now

Vulnerability in the Oracle Work in Process component of Oracle E-Business Suite (subcomponent: Messages). Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Work In Process
NVD
CVSS 3.1
9.9
EPSS
1.4%
CVE-2019-7727 CRITICAL Act Now

In NICE Engage through 6.5, the default configuration binds an unauthenticated JMX/RMI interface to all network interfaces, without restricting registration of MBeans, which allows remote attackers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Engage
NVD
CVSS 3.0
9.8
EPSS
3.8%
CVE-2019-2658 CRITICAL PATCH Act Now

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Oracle Weblogic Server
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2019-2646 CRITICAL PATCH Act Now

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: EJB Container). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Oracle Weblogic Server
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2019-2645 CRITICAL PATCH Act Now

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Oracle Weblogic Server
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2019-11463 MEDIUM POC PATCH This Month

A memory leak in archive_read_format_zip_cleanup in archive_read_support_format_zip.c in libarchive 3.3.4-dev allows remote attackers to cause a denial of service via a crafted ZIP file because of a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Libarchive
NVD GitHub
CVSS 3.1
5.5
EPSS
1.3%
CVE-2019-2702 CRITICAL PATCH Act Now

Vulnerability in the Oracle Hospitality Cruise Dining Room Management component of Oracle Hospitality Applications (subcomponent: Web Service). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Hospitality Cruise Dining Room Management
NVD
CVSS 3.0
9.3
EPSS
1.3%
CVE-2019-2517 CRITICAL PATCH Act Now

Vulnerability in the Core RDBMS component of Oracle Database Server. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Database Server
NVD
CVSS 3.0
9.1
EPSS
1.7%
CVE-2019-2699 CRITICAL PATCH Act Now

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Windows DLL). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required.

Java Microsoft Information Disclosure Oracle Jdk +1
NVD
CVSS 3.1
9.0
EPSS
2.9%
CVE-2019-2588 MEDIUM POC PATCH THREAT This Month

Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Oracle Business Intelligence Publisher
NVD Exploit-DB
CVSS 3.0
4.9
EPSS
37.1%
CVE-2019-10710 HIGH This Week

Insecure permissions in the Web management portal on all IP cameras based on Hisilicon Hi3510 firmware allow authenticated attackers to receive a network's cleartext WiFi credentials via a specific. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Hi3510 Firmware
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2019-2723 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Oracle Vm Virtualbox
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2019-2722 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Information Disclosure Oracle Vm Virtualbox
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-2703 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Information Disclosure Oracle Vm Virtualbox
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2019-2696 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Information Disclosure Oracle Vm Virtualbox
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2019-2680 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Information Disclosure Oracle Vm Virtualbox
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2019-2656 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Information Disclosure Oracle Vm Virtualbox
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2019-2598 HIGH PATCH This Week

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: SQR). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
8.7
EPSS
1.3%
CVE-2019-2579 MEDIUM POC PATCH This Month

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Webcenter Sites
NVD
CVSS 3.0
4.3
EPSS
6.1%
CVE-2019-2706 HIGH PATCH This Week

Vulnerability in the Oracle Business Process Management Suite component of Oracle Fusion Middleware (subcomponent: BPM Foundation Services). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Business Process Management Suite
NVD
CVSS 3.0
8.2
EPSS
2.1%
CVE-2019-2705 HIGH PATCH This Week

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Outside In Technology
NVD
CVSS 3.0
8.2
EPSS
1.3%
CVE-2019-2682 HIGH PATCH This Week

Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Attachments / File Upload). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass File Upload Oracle Applications Framework
NVD
CVSS 3.0
8.2
EPSS
1.3%
CVE-2019-2677 HIGH PATCH This Week

Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: Marketing Administration). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Marketing
NVD
CVSS 3.0
8.2
EPSS
1.3%
CVE-2019-2675 HIGH PATCH This Week

Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Preferences). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Crm Technical Foundation
NVD
CVSS 3.0
8.2
EPSS
1.3%
CVE-2019-2671 HIGH PATCH This Week

Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Preferences). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Crm Technical Foundation
NVD
CVSS 3.0
8.2
EPSS
1.3%
CVE-2019-2665 HIGH PATCH This Week

Vulnerability in the Oracle Common Applications component of Oracle E-Business Suite (subcomponent: CRM User Management Framework). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Common Applications
NVD
CVSS 3.0
8.2
EPSS
1.3%
CVE-2019-2664 HIGH PATCH This Week

Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: Marketing Administration). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Marketing
NVD
CVSS 3.0
8.2
EPSS
1.3%
CVE-2019-2663 HIGH PATCH This Week

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Advanced Outbound Telephony
NVD
CVSS 3.0
8.2
EPSS
1.3%
CVE-2019-2662 HIGH PATCH This Week

Vulnerability in the Oracle Territory Management component of Oracle E-Business Suite (subcomponent: Territory Administration). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Territory Management
NVD
CVSS 3.0
8.2
EPSS
1.2%
CVE-2019-2661 HIGH PATCH This Week

Vulnerability in the Oracle Email Center component of Oracle E-Business Suite (subcomponent: Message Display). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Email Center
NVD
CVSS 3.0
8.2
EPSS
1.3%
CVE-2019-2660 HIGH PATCH This Week

Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: Setup, Admin). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Knowledge Management
NVD
CVSS 3.0
8.2
EPSS
1.3%
CVE-2019-2655 HIGH PATCH This Week

Vulnerability in the Oracle Interaction Center Intelligence component of Oracle E-Business Suite (subcomponent: Business Intelligence (OLTP)). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Interaction Center Intelligence
NVD
CVSS 3.0
8.2
EPSS
1.3%
CVE-2019-2654 HIGH PATCH This Week

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Print Server). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle One To One Fulfillment
NVD
CVSS 3.0
8.2
EPSS
1.3%
CVE-2019-2653 HIGH PATCH This Week

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Print Server). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle One To One Fulfillment
NVD
CVSS 3.0
8.2
EPSS
1.3%
CVE-2019-2652 HIGH PATCH This Week

Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Shopping Cart). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Istore
NVD
CVSS 3.0
8.2
EPSS
1.3%
CVE-2019-2651 HIGH PATCH This Week

Vulnerability in the Oracle Email Center component of Oracle E-Business Suite (subcomponent: Message Display). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Email Center
NVD
CVSS 3.0
8.2
EPSS
1.3%
CVE-2019-2643 HIGH PATCH This Week

Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite (subcomponent: User Interface). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Trade Management
NVD
CVSS 3.0
8.2
EPSS
1.3%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy