Skip to main content
CVE-2019-5018 HIGH POC This Week

An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free RCE Memory Corruption Sqlite +1
NVD
CVSS 3.1
8.1
EPSS
6.7%
CVE-2019-11878 MEDIUM POC This Month

An issue was discovered on XiongMai Besder IP20H1 V4.02.R12.00035520.12012.047500.00200 cameras. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Integer Overflow Besder Ip20H1 Firmware
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2019-1867 CRITICAL Act Now

A vulnerability in the REST API of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to bypass authentication on the REST API. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Elastic Cisco Elastic Services Controller
NVD
CVSS 3.0
10.0
EPSS
30.3%
CVE-2019-11066 CRITICAL Act Now

openid.php in LightOpenID through 1.3.1 allows SSRF via a crafted OpenID 2.0 assertion request using the HTTP GET method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SSRF Lightopenid
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-11059 CRITICAL PATCH Act Now

Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit extension, resulting in a buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow U Boot
NVD GitHub
CVSS 3.0
9.8
EPSS
1.9%
CVE-2019-5438 MEDIUM POC PATCH This Month

Path traversal using symlink in npm harp module versions <= 0.29.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Path Traversal Harp
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2019-5437 MEDIUM POC PATCH This Month

Information exposure through the directory listing in npm's harp module allows to access files that are supposed to be ignored according to the harp server rules.Vulnerable versions are <= 0.29.0 and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Information Disclosure Harp
NVD
CVSS 3.0
5.3
EPSS
1.3%
CVE-2019-5675 HIGH This Week

NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the product does not properly. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Denial Of Service Microsoft Information Disclosure Gpu Driver
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2019-5496 HIGH This Week

Oncommand Insight versions prior to 7.3.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Oncommand Insight
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2019-5495 HIGH This Week

OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft VMware Information Disclosure Oncommand Unified Manager
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-5494 HIGH This Week

OnCommand Unified Manager 7-Mode prior to version 5.2.4 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Oncommand Unified Manager
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2019-11082 HIGH PATCH This Week

core/api/datasets/internal/actions/Explode.java in the Dataset API in DKPro Core through 1.10.0 allows Directory Traversal, resulting in the overwrite of local files with the contents of an archive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Java Path Traversal Dkpro Core
NVD GitHub
CVSS 3.0
7.5
EPSS
1.9%
CVE-2019-5676 MEDIUM This Month

NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Microsoft RCE Gpu Display Driver Geforce Experience
NVD VulDB
CVSS 3.1
6.7
EPSS
0.5%
CVE-2019-11000 MEDIUM This Month

An issue was discovered in GitLab Enterprise Edition before 11.7.11, 11.8.x before 11.8.7, and 11.9.x before 11.9.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2019-3566 MEDIUM This Month

A bug in WhatsApp for Android's messaging logic would potentially allow a malicious individual who has taken over over a WhatsApp user's account to recover previously sent messages. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Google Whatsapp Whatsapp Business
NVD
CVSS 3.1
5.9
EPSS
1.1%
CVE-2019-5677 MEDIUM This Month

NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DeviceIoControl where the software reads from a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Nvidia Buffer Overflow Microsoft +1
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2019-11879 MEDIUM This Month

The WEBrick gem 1.4.2 for Ruby allows directory traversal if the attacker once had local access to create a symlink to a location outside of the web root directory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Apache Webrick
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2019-4204 MEDIUM PATCH This Month

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Automation Workflow Business Process Manager
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2019-11871 MEDIUM This Month

The Custom Field Suite plugin before 2.5.15 for WordPress has XSS for editors or admins. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Custom Field Suite
NVD
CVSS 3.0
5.4
EPSS
0.9%
CVE-2019-11884 LOW PATCH Monitor

The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Fedora Debian Linux +9
NVD GitHub
CVSS 3.1
3.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy