Skip to main content
CVE-2019-12828 HIGH POC THREAT This Week

An issue was discovered in Electronic Arts Origin before 10.5.39. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft RCE Origin
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
13.3%
CVE-2019-11770 HIGH POC This Week

In Eclipse Buildship versions prior to 3.1.1, the build files indicate that this project is resolving dependencies over HTTP instead of HTTPS. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Buildship
NVD GitHub
CVSS 3.1
8.1
EPSS
1.3%
CVE-2019-9842 HIGH POC This Week

madskristensen MiniBlog through 2018-05-18 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in app_code/handlers/PostHandler.cs. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Miniblog
NVD GitHub
CVSS 3.0
7.2
EPSS
2.2%
CVE-2019-2259 CRITICAL Act Now

Resource allocation error while playing the video whose dimensions are more than supported dimension in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Qualcomm Msm8909W Firmware Msm8996au Firmware Qcs605 Firmware +32
NVD
CVSS 3.0
9.8
EPSS
0.9%
CVE-2019-2256 CRITICAL Act Now

An unprivileged user can craft a bitstream such that the payload encoded in the bitstream gains code execution in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm RCE Mdm9650 Firmware Msm8909W Firmware Msm8996au Firmware +32
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-2255 CRITICAL Act Now

An unprivileged user can craft a bitstream such that the payload encoded in the bitstream gains code execution in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm RCE Msm8909W Firmware Msm8996au Firmware Qcs605 Firmware +32
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-10126 CRITICAL PATCH Act Now

A flaw was found in the Linux kernel. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Linux Linux Kernel Virtualization +21
NVD
CVSS 3.1
9.8
EPSS
6.8%
CVE-2019-11582 HIGH This Week

An argument injection vulnerability in Atlassian Sourcetree for Windows's URI handlers, in all versions prior to 3.1.3, allows remote attackers to gain remote code execution through the use of a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Microsoft RCE Sourcetree
NVD
CVSS 3.0
8.8
EPSS
4.9%
CVE-2019-2257 HIGH This Week

Wrong permissions in configuration file can lead to unauthorized permission in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Qualcomm Mdm9150 Firmware Mdm9607 Firmware Mdm9650 Firmware +21
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-12822 HIGH PATCH This Week

In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds memory reference, and potential DoS, as demonstrated by a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Goahead
NVD GitHub
CVSS 3.0
7.5
EPSS
8.8%
CVE-2019-12818 HIGH PATCH This Week

An issue was discovered in the Linux kernel before 4.20.15. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
7.5
EPSS
5.5%
CVE-2019-0303 MEDIUM This Month

SAP BusinessObjects Business Intelligence Platform (Administration Console), versions 4.2, 4.3, module BILogon/appService.jsp is reflecting requested parameter errMsg into response content without. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Businessobjects
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-4381 MEDIUM PATCH This Month

IBM i 7.27.3 Clustering could allow a local attacker to obtain sensitive information, caused by the use of advanced node failure detection using the REST API to interface with the HMC. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass IBM
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-4239 MEDIUM This Month

IBM MQ Advanced Cloud Pak (IBM Cloud Private 1.0.0 through 3.0.1) stores user credentials in plain in clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Private
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-12819 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel before 5.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Use After Free Linux Memory Corruption Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.6%
CVE-2019-4403 MEDIUM This Month

IBM Connections 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Connections
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-0316 MEDIUM This Month

SAP NetWeaver Process Integration, versions: SAP_XIESR: 7.20, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate user-controlled inputs, which allows an attacker. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Netweaver Process Integration
NVD
CVSS 3.0
4.8
EPSS
0.6%
CVE-2019-10159 MEDIUM This Month

cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnerable to a data leak, due to an improper authorization in the migration log controller. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cfme Gemset Cloudforms
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy