Skip to main content
CVE-2019-11506 HIGH POC PATCH This Week

In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Memory Corruption Graphicsmagick Debian Linux +3
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2019-11505 HIGH POC PATCH This Week

In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Memory Corruption Graphicsmagick Debian Linux +3
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2019-10008 HIGH POC THREAT This Week

Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privilege escalation because an established guest session is automatically converted into an established administrator session when the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Session Fixation Zoho Servicedesk Plus
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
19.7%
CVE-2019-9928 HIGH Act Now

A heap-based buffer overflow vulnerability exists in GStreamer's RTSP connection parser that allows remote attackers to execute arbitrary code by sending a specially crafted response from a malicious RTSP server. The vulnerability affects all GStreamer versions prior to 1.16.0 and requires user interaction (connecting to a malicious server), with a CVSS score of 8.8 indicating high severity. While no active exploitation has been confirmed (not in KEV), the vulnerability has been publicly disclosed with security advisories available, and the attack vector is relatively straightforward for attackers with RTSP protocol knowledge.

RCE Buffer Overflow Gstreamer Debian Linux Ubuntu Linux
NVD VulDB
CVSS 3.0
8.8
EPSS
17.3%
CVE-2019-7212 HIGH POC This Week

SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Smartermail
NVD
CVSS 3.0
8.2
EPSS
1.0%
CVE-2019-10239 HIGH POC This Week

Robotronic RunAsSpc 3.7.0.0 protects stored credentials insufficiently, which allows locally authenticated attackers (under the same user context) to obtain cleartext credentials of the stored. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Runasspc
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2019-11490 HIGH POC This Week

An issue was discovered in Npcap 0.992. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft RCE Npcap
NVD GitHub
CVSS 3.0
7.8
EPSS
0.7%
CVE-2019-11503 HIGH POC This Week

snap-confine as included in snapd before 2.39 did not guard against symlink races when performing the chdir() to the current working directory of the calling user, aka a "cwd restore permission. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Snapd
NVD GitHub
CVSS 3.0
7.5
EPSS
2.4%
CVE-2019-11502 HIGH POC PATCH This Week

snap-confine in snapd before 2.38 incorrectly set the ownership of a snap application to the uid and gid of the first calling user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Snapd
NVD GitHub
CVSS 3.0
7.5
EPSS
2.5%
CVE-2019-8992 HIGH This Week

The administrative server component of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE Activematrix Bpm Activematrix Policy Director Activematrix Service Bus +2
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2019-8991 HIGH This Week

The administrator web interface of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Activematrix Bpm Activematrix Policy Director Activematrix Service Bus +2
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2019-11218 HIGH This Week

Improper handling of extra parameters in the AccountController (User Profile edit) in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows authenticated users to gain application administrator. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Bonobo Git Server
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2019-10691 HIGH This Week

The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Dovecot Leap
NVD
CVSS 3.0
7.5
EPSS
2.8%
CVE-2019-9734 HIGH PATCH This Week

Aquarius CMS through 4.3.5 writes POST and GET parameters (including passwords) to a log file due to an overwriting of configuration parameters under certain circumstances. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Aquarius Cms
NVD GitHub
CVSS 3.0
7.5
EPSS
1.6%
CVE-2019-9724 HIGH This Week

aquaverde Aquarius CMS through 4.3.5 allows Information Exposure through Log Files because of an error in the Log-File writer component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Aquarius Cms
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-3786 HIGH This Week

Cloud Foundry BOSH Backup and Restore CLI, all versions prior to 1.5.0, does not check the authenticity of backup scripts in BOSH. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Bosh Backup And Restore
NVD
CVSS 3.1
7.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy