Skip to main content
CVE-2019-12744 HIGH POC THREAT This Week

SeedDMS before 5.1.11 allows Remote Command Execution (RCE) because of unvalidated file upload of PHP scripts, a different vulnerability than CVE-2018-12940. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP File Upload Seeddms
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
11.7%
CVE-2019-6964 HIGH This Week

A heap-based buffer over-read in Service_SetParamStringValue in cosa_x_cisco_com_ddns_dml.c of the RDK RDKB-20181217-1 CcspPandM module may allow attackers with login credentials to achieve. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Rdkb Ccsppandm
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2019-6963 HIGH This Week

A heap-based buffer overflow in cosa_dhcpv4_dml.c in the RDK RDKB-20181217-1 CcspPandM module may allow attackers with login credentials to achieve remote code execution by crafting a long buffer in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Rdkb Ccsppandm
NVD
CVSS 3.0
8.8
EPSS
2.4%
CVE-2019-1878 HIGH This Week

A vulnerability in the Cisco Discovery Protocol (CDP) implementation for the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, adjacent attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Command Injection Telepresence Ce Telepresence Tc
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2019-1874 HIGH PATCH This Week

A vulnerability in the web-based management interface of Cisco Prime Service Catalog Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Cisco CSRF Prime Service Catalog
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2019-1626 HIGH This Week

A vulnerability in the vManage web-based UI (Web UI) of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected vManage device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Sd Wan Firmware
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2019-1624 HIGH This Week

A vulnerability in the vManage web-based UI (Web UI) in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Sd Wan
NVD
CVSS 3.0
8.8
EPSS
4.3%
CVE-2019-12901 HIGH This Week

Pydio Cells before 1.5.0 fails to neutralize '../' elements, allowing an attacker with minimum privilege to Upload files to, and Delete files/folders from, an unprivileged directory, leading to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Path Traversal Cells
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2019-1632 HIGH This Week

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF). Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco CSRF Integrated Management Controller Unified Computing System
NVD
CVSS 3.0
8.0
EPSS
0.5%
CVE-2019-3735 HIGH This Week

Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist for Home PCs version 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1 contain an Improper Privilege Management. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Supportassist For Home Pcs Supportassist For Business Pcs
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-1625 HIGH This Week

A vulnerability in the CLI of Cisco SD-WAN Solution could allow an authenticated, local attacker to elevate lower-level privileges to the root user on an affected device. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cisco Sd Wan Firmware
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-6962 HIGH This Week

A shell injection issue in cosa_wifi_apis.c in the RDK RDKB-20181217-1 CcspWifiAgent module allows attackers with login credentials to execute arbitrary shell commands under the CcspWifiSsp process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Rdkb Ccsppandm
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2019-1869 HIGH This Week

A vulnerability in the internal packet-processing functionality of the Cisco StarOS operating system running on virtual platforms could allow an unauthenticated, remote attacker to cause an affected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Memory Corruption Staros
NVD
CVSS 3.0
7.5
EPSS
2.6%
CVE-2019-1843 HIGH This Week

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Rv110W Firmware Rv130W Firmware Rv215W Firmware
NVD
CVSS 3.0
7.5
EPSS
2.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy