Skip to main content
CVE-2019-11687 HIGH POC THREAT Act Now

An issue was discovered in the DICOM Part 10 File Format in the NEMA DICOM Standard 1995 through 2019b and continuing in current implementations. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.4%.

Information Disclosure Microsoft Dicom Standard
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
13.4%
CVE-2019-11682 CRITICAL POC Act Now

A buffer overflow in the SMTP response service in MailCarrier 2.51 allows the attacker to execute arbitrary code remotely via a long HELP command, a related issue to CVE-2019-11395. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Mailcarrier
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2019-9017 HIGH POC THREAT This Week

DWRCC in SolarWinds DameWare Mini Remote Control 10.0 x64 has a Buffer Overflow associated with the size field for the machine name. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Dameware Mini Remote Control
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
20.6%
CVE-2018-16988 CRITICAL Act Now

An issue was discovered in Open XDMoD through 7.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Authentication Bypass Open Xdmod
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2019-11683 CRITICAL PATCH Act Now

udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x before 5.0.13 allows remote attackers to cause a denial of service (slab-out-of-bounds memory corruption) or possibly have. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Denial Of Service Buffer Overflow Linux Memory Corruption Linux Kernel +1
NVD
CVSS 3.1
9.8
EPSS
7.1%
CVE-2019-11678 CRITICAL Act Now

The "default reports" feature in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123218 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Firewall Analyzer
NVD
CVSS 3.0
9.8
EPSS
9.5%
CVE-2019-11677 CRITICAL Act Now

The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to XML External Entity (XXE) Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Zoho Manageengine Firewall Analyzer
NVD
CVSS 3.0
9.8
EPSS
9.4%
CVE-2019-9826 HIGH PATCH This Week

The fulltext search component in phpBB before 3.2.6 allows Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Phpbb
NVD
CVSS 3.0
7.5
EPSS
2.3%
CVE-2019-11675 HIGH This Week

The groonga-httpd package 6.1.5-1 for Debian sets the /var/log/groonga ownership to the groonga account, which might let local users obtain root access because of unsafe interaction with logrotate. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Information Disclosure Debian Groonga Httpd
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2019-3490 MEDIUM This Month

A DOM based XSS vulnerability has been identified in the Netstorage component of Open Enterprise Server (OES) allowing a remote attacker to execute javascript in the victims browser by tricking the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Enterprise Server
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-11676 MEDIUM This Month

The user defined DNS name in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to stored XSS attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoho Manageengine Firewall Analyzer
NVD
CVSS 3.0
6.1
EPSS
1.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy