Skip to main content
CVE-2019-11224 HIGH POC This Week

HARMAN AMX MVP5150 v2.87.13 devices allow remote OS Command Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Amx Mvp5150 Firmware
NVD
CVSS 3.0
8.8
EPSS
6.5%
CVE-2019-5526 HIGH POC This Week

VMware Workstation (15.x before 15.1.0) contains a DLL hijacking issue because some DLL files are improperly loaded by the application. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft VMware Workstation
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
9.0%
CVE-2019-12111 HIGH POC PATCH This Week

A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in copyIPv6IfDifferent in pcpserver.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Miniupnpd Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
3.4%
CVE-2019-12110 HIGH POC PATCH This Week

An AddPortMapping Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in upnpredirect.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Miniupnpd
NVD GitHub
CVSS 3.0
7.5
EPSS
2.6%
CVE-2019-12109 HIGH POC PATCH This Week

A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for rem_port. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Miniupnpd
NVD GitHub
CVSS 3.0
7.5
EPSS
2.8%
CVE-2019-12108 HIGH POC PATCH This Week

A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for int_port. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Miniupnpd
NVD GitHub
CVSS 3.0
7.5
EPSS
2.8%
CVE-2019-12107 HIGH POC PATCH This Week

The upnp_event_prepare function in upnpevents.c in MiniUPnP MiniUPnPd through 2.1 allows a remote attacker to leak information from the heap due to improper validation of an snprintf return value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Miniupnpd
NVD GitHub
CVSS 3.0
7.5
EPSS
3.0%
CVE-2019-12106 HIGH POC PATCH This Week

The updateDevice function in minissdpd.c in MiniUPnP MiniSSDPd 1.4 and 1.5 allows a remote attacker to crash the process due to a Use After Free vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Use After Free Memory Corruption Miniupnpd
NVD GitHub
CVSS 3.0
7.5
EPSS
2.8%
CVE-2019-9196 HIGH POC This Week

The Face authentication component in Aware mobile liveness 2.2.1 sdk 2.2.0 for Knomi allows a Biometrical Liveness authentication bypass via parameter tampering of the /knomi/analyze security_level. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Knomi
NVD
CVSS 3.0
7.5
EPSS
2.1%
CVE-2019-10640 HIGH POC This Week

An issue was discovered in GitLab Community and Enterprise Edition before 11.7.10, 11.8.x before 11.8.6, and 11.9.x before 11.9.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Command Injection
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2019-8936 HIGH POC PATCH This Week

NTP through 4.2.8p12 has a NULL Pointer Dereference. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Clustered Data Ontap Data Ontap Fedora +3
NVD
CVSS 3.1
7.5
EPSS
5.7%
CVE-2019-12101 HIGH POC This Week

coap_decode_option in coap.c in LibNyoci 0.07.00rc1 mishandles certain packets with "Uri-Path: (null)" and consequently allows remote attackers to cause a denial of service (segmentation fault). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libnyoci
NVD GitHub
CVSS 3.0
7.5
EPSS
1.9%
CVE-2019-3724 HIGH This Week

RSA Netwitness Platform versions prior to 11.2.1.1 is vulnerable to an Authorization Bypass vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Netwitness Platform Security Analytics
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2019-12098 HIGH PATCH This Week

In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Microsoft Heimdal Fedora Backports Sle +2
NVD GitHub VulDB
CVSS 3.1
7.4
EPSS
4.6%
CVE-2019-1773 HIGH This Week

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE Cisco Webex Business Suite +3
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2019-1772 HIGH This Week

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE Cisco Webex Business Suite +3
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2019-1771 HIGH This Week

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE Cisco Webex Business Suite +3
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-1735 HIGH This Week

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges on the underlying operating system of an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Nx Os
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-1726 HIGH This Week

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to access internal services that should be restricted on an affected device, such as the NX-API. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cisco Nx Os
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-1806 HIGH This Week

A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco Small Business Sx200, Sx300, Sx500, ESW2 Series Managed Switches and Small Business Sx250, Sx350,. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Sf200 24 Firmware Sf200 24P Firmware Sf200 48 Firmware +102
NVD
CVSS 3.1
7.7
EPSS
2.1%
CVE-2019-1717 HIGH This Week

A vulnerability in the web-based management interface of Cisco Video Surveillance Manager could allow an unauthenticated, remote attacker to access sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Cisco Video Surveillance Manager
NVD
CVSS 3.0
7.5
EPSS
10.1%
CVE-2019-5598 HIGH PATCH This Week

In FreeBSD 11.3-PRERELEASE before r345378, 12.0-STABLE before r345377, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in pf does not check if the outer ICMP or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Freebsd
NVD
CVSS 3.0
7.5
EPSS
3.3%
CVE-2019-3586 HIGH This Week

Protection Mechanism Failure in the Firewall in McAfee Endpoint Security (ENS) 10.x prior to 10.6.1 May 2019 update allows context-dependent attackers to circumvent ENS protection where GTI flagged. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Endpoint Security
NVD
CVSS 3.1
7.5
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy