Skip to main content
CVE-2019-12219 HIGH POC This Week

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sdl2 Image Simple Directmedia Layer
NVD
CVSS 3.0
8.8
EPSS
2.0%
CVE-2019-12185 HIGH POC THREAT This Week

eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Elabftw
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
18.1%
CVE-2019-12214 HIGH POC This Week

In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Freeimage
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2019-12212 HIGH POC This Week

When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Freeimage
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2019-12211 HIGH POC This Week

When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Freeimage Ubuntu Linux
NVD
CVSS 3.1
7.5
EPSS
4.2%
CVE-2019-12198 HIGH POC This Week

In GoHttp through 2017-07-25, there is a stack-based buffer over-read via a long User-Agent header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Gohttp
NVD GitHub
CVSS 3.0
7.5
EPSS
1.3%
CVE-2019-12239 HIGH POC This Week

The WP Booking System plugin 1.5.1 for WordPress has no CSRF protection, which allows attackers to reach certain SQL injection issues that require administrative access. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress CSRF Wp Booking System
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2019-11816 HIGH This Week

Incorrect access control in the WebUI in OPNsense before version 19.1.8, and pfsense before 2.4.4-p3 allows remote authenticated users to escalate privileges to administrator via a specially crafted. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Pfsense Opnsense
NVD
CVSS 3.1
7.2
EPSS
3.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy