Skip to main content
CVE-2018-13379 CRITICAL POC KEV THREAT Emergency

Fortinet FortiOS SSL-VPN contains a path traversal vulnerability allowing unauthenticated attackers to download system files including session tokens and credentials, massively exploited from 2019 onward by APT and ransomware groups.

NVD Exploit-DB
CVSS 3.1
9.1
EPSS
94.5%
Threat
9.7
CVE-2019-12210 HIGH POC PATCH This Week

In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debug_file, that file descriptor is not closed when a new process is spawned. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Pam U2F
NVD GitHub
CVSS 3.0
8.1
EPSS
1.9%
CVE-2019-12728 HIGH POC PATCH This Week

Grails before 3.3.10 used cleartext HTTP to resolve the SDKMan notification service. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Grails
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2019-12209 HIGH POC PATCH This Week

Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/.config/Yubico/u2f_keys) as root (unless openasuser was enabled), and does not properly verify that the path lacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Pam U2F
NVD GitHub
CVSS 3.0
7.5
EPSS
2.9%
CVE-2019-12727 HIGH POC This Week

On Ubiquiti airCam 3.1.4 devices, a Denial of Service vulnerability exists in the RTSP Service provided by the ubnt-streamer binary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Ubiquiti Information Disclosure Aircam Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2019-12730 CRITICAL PATCH Act Now

aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Ffmpeg
NVD GitHub
CVSS 3.0
9.8
EPSS
3.0%
CVE-2019-5285 HIGH This Week

Some Huawei S series switches have a DoS vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Denial Of Service S12700 Firmware S1700 Firmware S2300 Firmware +11
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2019-5298 MEDIUM This Month

There is an improper authentication vulnerability in some Huawei AP products before version V200R009C00SPC800. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei Ap4050Dn E Firmware
NVD
CVSS 3.0
6.8
EPSS
0.3%
CVE-2019-5215 MEDIUM This Month

There is a man-in-the-middle (MITM) vulnerability on Huawei P30 smartphones versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), and P30 Pro versions before VOG-AL00 9.1.0.162. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required. No vendor patch available.

Huawei Information Disclosure P30 Pro Firmware P30 Firmware
NVD
CVSS 3.0
6.8
EPSS
0.3%
CVE-2019-5300 MEDIUM This Month

There is a digital signature verification bypass vulnerability in AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300 and SRG3300 Huawei routers. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Jwt Attack Huawei Ar1200 Firmware Ar1200 S Firmware +9
NVD
CVSS 3.0
6.7
EPSS
0.2%
CVE-2019-5587 MEDIUM This Month

Lack of root file system integrity checking in Fortinet FortiOS VM application images all versions below 6.0.5 may allow attacker to implant malicious programs into the installing image by. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortios
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2019-5284 MEDIUM This Month

There is a DoS vulnerability in RTSP module of Leland-AL00A Huawei smart phones versions earlier than Leland-AL00A 9.1.0.111(C00E111R2P10T8). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Leland Al00A Firmware
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-5588 MEDIUM This Month

A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the "err". Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet XSS Fortios
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-5586 MEDIUM This Month

A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.2.0 to 5.6.10, 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet XSS Fortios
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-5244 MEDIUM This Month

Mate 9 Pro Huawei smartphones earlier than LON-L29C 8.0.0.361(C636) versions have an information leak vulnerability due to the lack of input validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Mate 9 Pro Fimware
NVD
CVSS 3.0
5.5
EPSS
0.7%
CVE-2019-10636 MEDIUM This Month

Marvell SSD Controller (88SS1074, 88SS1079, 88SS1080, 88SS1093, 88SS1092, 88SS1095, 88SS9174, 88SS9175, 88SS9187, 88SS9188, 88SS9189, 88SS9190, 88SS1085, 88SS1087, 88SS1090, 88SS1100, 88SS1084,. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service 88Ss1074 Firmware 88Ss1079 Firmware 88Ss1080 Firmware 88Ss1093 Firmware +15
NVD
CVSS 3.0
4.6
EPSS
0.3%
CVE-2019-5297 MEDIUM This Month

Emily-L29C Huawei phones versions earlier than 9.0.0.159 (C185E2R1P12T8) have a Factory Reset Protection (FRP) bypass security vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei Emily L29C Firmware
NVD
CVSS 3.0
4.6
EPSS
0.2%
CVE-2019-5283 MEDIUM This Month

There is Factory Reset Protection (FRP) bypass security vulnerability in P20 Huawei smart phones versions earlier than Emily-AL00A 9.0.0.167 (C00E81R1P21T8). Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei P20 Firmware
NVD
CVSS 3.0
4.6
EPSS
0.2%
CVE-2019-5217 MEDIUM This Month

There is an information disclosure vulnerability on Mate 9 Pro Huawei smartphones versions earlier than LON-AL00B9.0.1.150 (C00E61R1P8T8). Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Mate 9 Pro Firmware
NVD
CVSS 3.0
4.6
EPSS
0.3%
CVE-2019-5306 MEDIUM This Month

There is a Factory Reset Protection (FRP) bypass security vulnerability in P20 Huawei smart phones versions before Emily-AL00A 9.0.0.167(C00E81R1P21T8). Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei P20 Firmware
NVD
CVSS 3.0
4.6
EPSS
0.2%
CVE-2019-5281 MEDIUM This Month

There is an information leak vulnerability in some Huawei phones, versions earlier than Jackman-L21 8.2.0.155(C185R1P2). Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Y9 2019 Firmware
NVD
CVSS 3.0
4.6
EPSS
0.3%
CVE-2019-5307 MEDIUM This Month

Some Huawei 4G LTE devices, P30 versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) and P30 Pro versions before VOG-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), are exposed to a message replay. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Huawei Information Disclosure P30 Firmware P30 Pro Firmware
NVD
CVSS 3.0
4.2
EPSS
0.3%
CVE-2019-5296 LOW Monitor

Mate20 Huawei smartphones versions earlier than HMA-AL00C00B175 have an out-of-bounds read vulnerability. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity. No vendor patch available.

Huawei Buffer Overflow Information Disclosure Mate20 Firmware
NVD
CVSS 3.0
3.9
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy