Skip to main content
CVE-2019-5436 HIGH POC PATCH THREAT Act Now

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 13.3%.

Heap Overflow Buffer Overflow RCE Libcurl Leap +9
NVD VulDB
CVSS 3.1
7.8
EPSS
13.3%
CVE-2019-5440 HIGH POC This Week

Use of cryptographically weak PRNG in the password recovery token generation of Revive Adserver < v4.2.1 causes a potential authentication bypass attack if an attacker exploits the password recovery. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Revive Adserver
NVD
CVSS 3.0
8.1
EPSS
1.6%
CVE-2019-12372 HIGH POC This Week

Petraware pTransformer ADC before 2.1.7.22827 allows SQL Injection via the User ID parameter to the login form. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ptransformer Adc
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.9%
CVE-2019-0221 MEDIUM POC PATCH THREAT This Month

The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Tomcat Apache
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
45.6%
CVE-2019-12395 MEDIUM POC PATCH This Month

In Webbukkit Dynmap 3.0-beta-3 or below, due to a missing login check in servlet/MapStorageHandler.java, an attacker can see a map image without login even if victim enables login-required in setting. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Dynmap
NVD GitHub
CVSS 3.1
5.3
EPSS
1.6%
CVE-2019-10967 HIGH This Week

In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a stack-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long file name from the LIST. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Ovation Ocr400 Firmware
NVD
CVSS 3.1
8.8
EPSS
3.8%
CVE-2019-10965 HIGH This Week

In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a heap-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long command to the FTP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Ovation Ocr400 Firmware
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2019-7394 HIGH This Week

A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Risk Authentication Strong Authentication
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2019-5589 HIGH This Week

An Unsafe Search Path vulnerability in FortiClient Online Installer (Windows version before 6.0.6) may allow an unauthenticated, remote attacker with control over the directory in which. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Fortinet Microsoft RCE Forticlient
NVD
CVSS 3.0
7.8
EPSS
2.6%
CVE-2019-5435 LOW POC Monitor

An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Curl
NVD
CVSS 3.0
3.7
EPSS
4.9%
CVE-2019-0188 HIGH PATCH This Week

Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Apache Camel Enterprise Data Quality Enterprise Manager Base Platform +2
NVD GitHub
CVSS 3.1
7.5
EPSS
8.5%
CVE-2019-12382 MEDIUM PATCH This Month

An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2019-12381 MEDIUM PATCH This Month

An issue was discovered in ip_ra_control in net/ipv4/ip_sockglue.c in the Linux kernel through 5.1.5. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2019-12380 MEDIUM PATCH This Month

**DISPUTED** An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2019-12379 MEDIUM PATCH This Month

An issue was discovered in con_insert_unipair in drivers/tty/vt/consolemap.c in the Linux kernel through 5.1.5. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Linux Information Disclosure Linux Kernel
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2019-12378 MEDIUM PATCH This Month

An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel through 5.1.5. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2019-7393 MEDIUM This Month

A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Risk Authentication Strong Authentication
NVD
CVSS 3.1
4.3
EPSS
2.3%
CVE-2019-12383 MEDIUM PATCH This Month

Tor Browser before 8.0.1 has an information exposure vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Tor Browser
NVD
CVSS 3.1
4.3
EPSS
2.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy