Skip to main content
CVE-2019-9670 CRITICAL POC KEV PATCH THREAT Act Now

Synacor Zimbra Collaboration Suite 8.7.x contains an XML External Entity (XXE) injection vulnerability in the Autodiscover endpoint that allows unauthenticated attackers to read files and achieve server-side request forgery.

NVD Exploit-DB
CVSS 3.1
9.8
EPSS
94.4%
Threat
9.8
CVE-2019-6980 CRITICAL Act Now

Synacor Zimbra Collaboration Suite 8.7.x through 8.8.11 allows insecure object deserialization in the IMAP component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Zimbra Collaboration Suite
NVD
CVSS 3.0
9.8
EPSS
3.9%
CVE-2019-6957 CRITICAL Act Now

A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Video Recording Manager (VRM), Video. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Access Professional Edition Bosch Video Client Bosch Video Management System +10
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2019-9732 CRITICAL Act Now

An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-9485 CRITICAL Act Now

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-12450 CRITICAL PATCH Act Now

file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Glib Debian Linux Enterprise Linux Enterprise Linux Eus +5
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2019-12165 CRITICAL Act Now

MiCollab 7.3 PR2 (7.3.0.204) and earlier, 7.2 (7.2.2.13) and earlier, and 7.1 (7.1.0.57) and earlier and MiCollab AWV 6.3 (6.3.0.103), 6.2 (6.2.2.8), 6.1 (6.1.0.28), 6.0 (6.0.0.61), and 5.0 (5.0.5.7). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Micollab Micollab Audio Web Video Conferencing
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2019-9218 CRITICAL Act Now

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-12440 CRITICAL PATCH Act Now

The Sitecore Rocks plugin before 2.1.149 for Sitecore allows an unauthenticated threat actor to inject malicious commands and code via the Sitecore Rocks Hard Rocks Service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Rocks
NVD GitHub
CVSS 3.0
9.8
EPSS
2.1%
CVE-2019-6958 CRITICAL Act Now

A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Configuration Manager, Building Integration. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Access Professional Edition Bosch Video Client Bosch Video Management System Building Integration System +7
NVD
CVSS 3.1
9.1
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy