Skip to main content
CVE-2019-11489 HIGH POC This Week

Incorrect Access Control in the Administrative Management Interface in SimplyBook.me Enterprise before 2019-04-23 allows Authenticated Low-Priv Users to Elevate Privileges to Full Admin Rights via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Simplybook
NVD
CVSS 3.0
8.8
EPSS
2.6%
CVE-2019-9900 HIGH POC This Week

When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Envoy Openshift Service Mesh
NVD GitHub
CVSS 3.1
8.3
EPSS
3.7%
CVE-2019-11488 HIGH POC This Week

Incorrect Access Control in the Account Access / Password Reset Link in SimplyBook.me Enterprise before 2019-04-23 allows Unauthorized Attackers to READ/WRITE Customer or Administrator data via a. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Simplybook
NVD
CVSS 3.0
8.1
EPSS
1.5%
CVE-2019-11518 HIGH POC This Week

An issue was discovered in SEMCMS 3.8. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Semcms
NVD GitHub
CVSS 3.0
7.2
EPSS
1.3%
CVE-2019-9139 HIGH This Week

DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed PDF file that is mishandled by Daview.exe. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Daviewindy
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2019-9138 HIGH This Week

DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed PhotoShop file that is mishandled by Daview.exe. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Daviewindy
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2019-9137 HIGH This Week

DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed Image file that is mishandled by Daview.exe. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Daviewindy
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2019-9136 HIGH This Week

DaviewIndy 8.98.7 and earlier versions have a Heap-based overflow vulnerability, triggered when the user opens a malformed JPEG2000 format file that is mishandled by Daview.exe. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Daviewindy
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2019-9135 HIGH This Week

DaviewIndy 8.98.7 and earlier versions have a Heap-based overflow vulnerability, triggered when the user opens a malformed DIB format file that is mishandled by Daview.exe. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Daviewindy
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2019-3900 HIGH PATCH This Week

An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Linux Linux Kernel Fedora Enterprise Linux +11
NVD
CVSS 3.1
7.7
EPSS
4.4%
CVE-2019-3721 HIGH This Week

Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain an Improper Range Header Processing Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Dell Emc Openmanage Server Administrator
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2019-11514 HIGH PATCH This Week

User/Command/ConfirmEmailHandler.php in Flarum before 0.1.0-beta.8 mishandles invalidation of user email tokens. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure Flarum
NVD GitHub
CVSS 3.0
7.5
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy