Skip to main content
CVE-2019-7214 CRITICAL POC THREAT Emergency

SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Smartermail
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
84.2%
CVE-2019-11506 HIGH POC PATCH This Week

In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Memory Corruption Graphicsmagick Debian Linux +3
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2019-11505 HIGH POC PATCH This Week

In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Memory Corruption Graphicsmagick Debian Linux +3
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2019-10008 HIGH POC THREAT This Week

Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privilege escalation because an established guest session is automatically converted into an established administrator session when the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Session Fixation Zoho Servicedesk Plus
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
19.7%
CVE-2019-9928 HIGH Act Now

A heap-based buffer overflow vulnerability exists in GStreamer's RTSP connection parser that allows remote attackers to execute arbitrary code by sending a specially crafted response from a malicious RTSP server. The vulnerability affects all GStreamer versions prior to 1.16.0 and requires user interaction (connecting to a malicious server), with a CVSS score of 8.8 indicating high severity. While no active exploitation has been confirmed (not in KEV), the vulnerability has been publicly disclosed with security advisories available, and the attack vector is relatively straightforward for attackers with RTSP protocol knowledge.

RCE Buffer Overflow Gstreamer Debian Linux Ubuntu Linux
NVD VulDB
CVSS 3.0
8.8
EPSS
17.3%
CVE-2019-7212 HIGH POC This Week

SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Smartermail
NVD
CVSS 3.0
8.2
EPSS
1.0%
CVE-2019-10239 HIGH POC This Week

Robotronic RunAsSpc 3.7.0.0 protects stored credentials insufficiently, which allows locally authenticated attackers (under the same user context) to obtain cleartext credentials of the stored. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Runasspc
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2019-11490 HIGH POC This Week

An issue was discovered in Npcap 0.992. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft RCE Npcap
NVD GitHub
CVSS 3.0
7.8
EPSS
0.7%
CVE-2019-11503 HIGH POC This Week

snap-confine as included in snapd before 2.39 did not guard against symlink races when performing the chdir() to the current working directory of the calling user, aka a "cwd restore permission. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Snapd
NVD GitHub
CVSS 3.0
7.5
EPSS
2.4%
CVE-2019-11502 HIGH POC PATCH This Week

snap-confine in snapd before 2.38 incorrectly set the ownership of a snap application to the uid and gid of the first calling user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Snapd
NVD GitHub
CVSS 3.0
7.5
EPSS
2.5%
CVE-2019-11498 MEDIUM POC PATCH This Month

WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption Wavpack Ubuntu Linux Fedora +1
NVD GitHub
CVSS 3.1
6.5
EPSS
3.0%
CVE-2019-8993 CRITICAL Act Now

The administrative web server component of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Activematrix Bpm Activematrix Policy Director Activematrix Service Bus Activematrix Service Grid +1
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2019-11217 CRITICAL PATCH Act Now

The GitController in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows execution of arbitrary commands in the context of the web server via a crafted http request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Bonobo Git Server
NVD
CVSS 3.0
9.8
EPSS
3.8%
CVE-2019-9951 CRITICAL Act Now

Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload My Cloud Mirror Gen 2 Firmware My Cloud Ex2 Ultra Firmware My Cloud Ex2100 Firmware +6
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-9950 CRITICAL Act Now

Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Brute Force My Cloud Firmware My Cloud Mirror Gen2 Firmware My Cloud Ex2 Ultra Firmware +6
NVD GitHub
CVSS 3.0
9.8
EPSS
2.3%
CVE-2019-3793 CRITICAL Act Now

Pivotal Apps Manager Release, versions 665.0.x prior to 665.0.28, versions 666.0.x prior to 666.0.21, versions 667.0.x prior to 667.0.7, contain an invitation service that accepts HTTP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Application Service
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2019-11081 CRITICAL Act Now

A default username and password in Dentsply Sirona Sidexis 4.3.1 and earlier allows an attacker to gain administrative access to the application server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sidexis
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2019-8992 HIGH This Week

The administrative server component of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE Activematrix Bpm Activematrix Policy Director Activematrix Service Bus +2
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2019-8991 HIGH This Week

The administrator web interface of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Activematrix Bpm Activematrix Policy Director Activematrix Service Bus +2
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2019-11504 MEDIUM POC This Month

Zotonic before version 0.47 has mod_admin XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zotonic
NVD Exploit-DB
CVSS 3.0
4.8
EPSS
2.5%
CVE-2019-11218 HIGH This Week

Improper handling of extra parameters in the AccountController (User Profile edit) in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows authenticated users to gain application administrator. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Bonobo Git Server
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2019-10691 HIGH This Week

The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Dovecot Leap
NVD
CVSS 3.0
7.5
EPSS
2.8%
CVE-2019-9734 HIGH PATCH This Week

Aquarius CMS through 4.3.5 writes POST and GET parameters (including passwords) to a log file due to an overwriting of configuration parameters under certain circumstances. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Aquarius Cms
NVD GitHub
CVSS 3.0
7.5
EPSS
1.6%
CVE-2019-9724 HIGH This Week

aquaverde Aquarius CMS through 4.3.5 allows Information Exposure through Log Files because of an error in the Log-File writer component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Aquarius Cms
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-3786 HIGH This Week

Cloud Foundry BOSH Backup and Restore CLI, all versions prior to 1.5.0, does not check the authenticity of backup scripts in BOSH. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Bosh Backup And Restore
NVD
CVSS 3.1
7.1
EPSS
0.6%
CVE-2019-9635 MEDIUM PATCH This Month

NULL pointer dereference in Google TensorFlow before 1.12.2 could cause a denial of service via an invalid GIF file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Google Denial Of Service Tensorflow
NVD GitHub
CVSS 3.0
6.5
EPSS
0.5%
CVE-2019-3789 MEDIUM This Month

Cloud Foundry Routing Release, all versions prior to 0.188.0, contains a vulnerability that can hijack the traffic to route services hosted outside the platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Routing Release
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2019-7213 MEDIUM This Month

SmarterTools SmarterMail 16.x before build 6985 allows directory traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Smartermail
NVD
CVSS 3.0
6.5
EPSS
42.1%
CVE-2019-8995 MEDIUM This Month

The workspace client, openspace client, and app development client of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Activematrix Bpm Silver Fabric Enabler
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-11203 MEDIUM This Month

The workspace client, openspace client, app development client, and REST API of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Activematrix Business Process Management Silver Fabric Enabler
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-7211 MEDIUM This Month

SmarterTools SmarterMail 16.x before build 6995 has stored XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Smartermail
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2019-11032 MEDIUM This Month

In EasyToRecruit (E2R) before 2.11, the upload feature and the Candidate Profile Management feature are prone to Cross Site Scripting (XSS) injection in multiple locations. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Easytorecruit
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-3882 MEDIUM PATCH This Month

A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Linux Linux Kernel Fedora Debian Linux +10
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2019-8994 MEDIUM This Month

The workspace client of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM contains. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Activematrix Business Process Management Silver Fabric Enabler
NVD
CVSS 3.1
4.6
EPSS
0.8%
CVE-2019-3868 LOW PATCH Monitor

Keycloak up to version 6.0.0 allows the end user token (access or id token JWT) to be used as the session cookie for browser sessions for OIDC. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Keycloak
NVD
CVSS 3.0
3.8
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy