Skip to main content
CVE-2019-12928 CRITICAL POC THREAT Emergency

The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE Information Disclosure Command Injection Qemu
NVD
CVSS 3.0
9.8
EPSS
23.0%
CVE-2019-12939 CRITICAL POC Act Now

LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in server.php via the p_ext_rse parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Livezilla
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-12929 CRITICAL POC Act Now

The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE Information Disclosure Command Injection Qemu
NVD
CVSS 3.0
9.8
EPSS
4.9%
CVE-2019-12951 CRITICAL PATCH Act Now

An issue was discovered in Mongoose before 6.15. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Mongoose
NVD GitHub
CVSS 3.0
9.8
EPSS
2.0%
CVE-2019-12292 CRITICAL Act Now

Citrix AppDNA before 7 1906.1.0.472 has Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Appdna
NVD
CVSS 3.0
9.8
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy