Skip to main content
CVE-2019-3953 CRITICAL POC Act Now

Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 10012 RPC call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Webaccess
NVD
CVSS 3.0
9.8
EPSS
4.0%
CVE-2019-12881 HIGH POC This Week

i915_gem_userptr_get_pages in drivers/gpu/drm/i915/i915_gem_userptr.c in the Linux kernel 4.15.0 on Ubuntu 18.04.2 allows local users to cause a denial of service (NULL pointer dereference and BUG). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Linux Ubuntu Linux Kernel
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2019-7588 HIGH POC This Week

A vulnerability in the exacqVision Enterprise System Manager (ESM) v5.12.2 application whereby unauthorized privilege escalation can potentially be achieved. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Enterprise System Manager
NVD
CVSS 3.0
7.0
EPSS
0.7%
CVE-2019-12874 CRITICAL Act Now

An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vlc Media Player
NVD
CVSS 3.0
9.8
EPSS
2.4%
CVE-2019-4142 HIGH This Week

IBM Cloud Private 2.1.0, 3.1.0, 3.1.1, and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Cloud Private
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2019-12868 HIGH PATCH This Week

app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator because the PHP file_exists function is used with user-controlled entries, and phar:// URLs trigger. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization PHP Misp
NVD GitHub VulDB
CVSS 3.0
7.2
EPSS
3.4%
CVE-2019-12133 HIGH This Week

Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Zoho Manageengine Analytics Plus Manageengine Browser Security Plus Manageengine Desktop Central +15
NVD GitHub
CVSS 3.0
7.8
EPSS
1.8%
CVE-2019-7159 HIGH This Week

OX App Suite 7.10.1 and earlier allows Information Exposure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Open Xchange Appsuite
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2019-12872 HIGH This Week

dotCMS before 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker of the role Publisher via view_unpushed_bundles.jsp. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Dotcms
NVD GitHub
CVSS 3.0
7.2
EPSS
1.3%
CVE-2019-10998 MEDIUM This Month

An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0 LTS devices. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Axc F 2152 Firmware Axc F 2152 Starterkit Firmware
NVD
CVSS 3.0
6.8
EPSS
0.4%
CVE-2019-12875 MEDIUM PATCH This Month

Alpine Linux abuild through 3.4.0 allows an unprivileged member of the abuild group to add an untrusted package via a --keys-dir option that causes acceptance of an untrusted signing key. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure Abuild
NVD GitHub
CVSS 3.0
6.5
EPSS
1.3%
CVE-2019-12592 MEDIUM This Month

A universal Cross-site scripting (UXSS) vulnerability in the Evernote Web Clipper extension before 7.11.1 for Chrome allows remote attackers to run arbitrary web script or HTML in the context of any. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Google Web Clipper
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2019-6965 MEDIUM POC This Month

An XSS issue was discovered in i-doit Open 1.12 via the src/tools/php/qr/qr.php url parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP I Doit
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.5%
CVE-2019-12823 MEDIUM PATCH This Month

Craft CMS before 3.1.31 does not properly filter XML feeds and thus allowing XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Craft Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy