Skip to main content
CVE-2019-11640 HIGH POC This Week

An issue was discovered in GNU recutils 1.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Recutils
NVD GitHub
CVSS 3.0
8.8
EPSS
1.9%
CVE-2019-11639 HIGH POC This Week

An issue was discovered in GNU recutils 1.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Recutils
NVD GitHub
CVSS 3.0
8.8
EPSS
1.9%
CVE-2019-11632 HIGH POC This Week

In Octopus Deploy 2019.1.0 through 2019.3.1 and 2019.4.0 through 2019.4.5, an authenticated user with the VariableViewUnscoped or VariableEditUnscoped permission scoped to a specific project could. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Octopus Deploy Octopus Server
NVD GitHub
CVSS 3.0
8.1
EPSS
1.2%
CVE-2019-0227 HIGH POC PATCH THREAT This Week

A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. Public exploit code available.

SSRF Apache Axis Agile Engineering Data Management Agile Product Lifecycle Management +34
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
86.5%
CVE-2019-11638 MEDIUM POC This Month

An issue was discovered in GNU recutils 1.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Recutils
NVD GitHub
CVSS 3.0
6.5
EPSS
1.4%
CVE-2019-11637 MEDIUM POC This Month

An issue was discovered in GNU recutils 1.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Recutils
NVD GitHub
CVSS 3.0
6.5
EPSS
1.4%
CVE-2019-10952 CRITICAL Act Now

An attacker could send a crafted HTTP/HTTPS request to render the web server unavailable and/or lead to remote code execution caused by a stack-based buffer overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Compactlogix 5370 L1 Firmware Compactlogix 5370 L2 Firmware +2
NVD
CVSS 3.1
9.8
EPSS
10.0%
CVE-2019-10954 HIGH This Week

An attacker could send crafted SMTP packets to cause a denial-of-service condition where the controller enters a major non-recoverable faulted state (MNRF) in CompactLogix 5370 L1, L2, and L3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Compactlogix 5370 L1 Firmware Compactlogix 5370 L2 Firmware Compactlogix 5370 L3 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
6.1%
CVE-2019-11641 HIGH This Week

Anomali Agave (formerly Drupot) through 1.0.0 fails to avoid fingerprinting by including predictable data and minimal variation in size within HTML templates, giving attackers the ability to detect. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Agave
NVD GitHub
CVSS 3.0
7.5
EPSS
1.3%
CVE-2019-11636 HIGH This Week

Zcash 2.x allows an inexpensive approach to "fill all transactions of all blocks" and "prevent any real transaction from occurring" via a "Sapling Wood-Chipper" attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zcash
NVD GitHub
CVSS 3.0
7.5
EPSS
2.2%
CVE-2019-11633 HIGH This Week

HoneyPress through 2016-09-27 can be fingerprinted by attackers because of the ingrained unique www.atxsec.com and ayylmao.wpengine.com hostnames within the fake WordPress templates. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Honeypress
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-11628 MEDIUM This Month

An issue was discovered in QlikView Server before 11.20 SR19, 12.00 and 12.10 before 12.10 SR11, 12.20 before SR9, and 12.30 before SR2; and Qlik Sense Enterprise and Qlik Analytics Platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Qlikview Server Qlik Analytics Qlik Sense
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2019-6562 MEDIUM This Month

In Philips Tasy EMR, Tasy EMR Versions 3.02.1744 and prior, the software incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Tasy Emr
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-4258 MEDIUM This Month

IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 Standard Edition is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Sterling B2b Integrator
NVD
CVSS 3.1
5.4
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy