Skip to main content
CVE-2019-9039 CRITICAL POC PATCH Act Now

In Couchbase Sync Gateway 2.1.2, an attacker with access to the Sync Gateway’s public REST API was able to issue additional N1QL statements and extract sensitive data or call arbitrary N1QL functions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Denial Of Service Information Disclosure Sync Gateway
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2019-12966 CRITICAL POC Act Now

FeHelper through 2019-06-19 allows arbitrary code execution during a JSON format operation, as demonstrated by the {"a":(function(){confirm(1)})()} input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Fehelper
NVD GitHub
CVSS 3.0
9.8
EPSS
2.4%
CVE-2019-6168 CRITICAL Act Now

A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo RCE Service Bridge
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2019-6167 CRITICAL Act Now

A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo RCE Service Bridge
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2019-12976 MEDIUM POC This Month

ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Debian Linux Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
5.5
EPSS
2.4%
CVE-2019-12972 MEDIUM POC This Month

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Binutils Leap Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
1.8%
CVE-2019-12981 HIGH PATCH This Week

Ming (aka libming) 0.4.8 has an "fill overflow" vulnerability in the function SWFShape_setLeftFillStyle in blocks/shape.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Libming
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2019-10164 HIGH This Week

PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PostgreSQL Buffer Overflow Stack Overflow RCE Enterprise Linux +2
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2019-4224 HIGH PATCH This Week

IBM PureApplication System 2.2.3.0 through 2.2.5.3 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Pureapplication System
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-6166 HIGH This Week

A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo CSRF Service Bridge
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2019-12979 HIGH PATCH This Week

ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the SyncImageSettings function in MagickCore/image.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Debian Linux Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
7.8
EPSS
2.4%
CVE-2019-12978 HIGH PATCH This Week

ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the ReadPANGOImage function in coders/pango.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.0
7.8
EPSS
1.9%
CVE-2019-12977 HIGH PATCH This Week

ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the WriteJP2Image function in coders/jp2.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.0
7.8
EPSS
1.9%
CVE-2019-4241 HIGH PATCH This Week

IBM PureApplication System 2.2.3.0 through 2.2.5.3 could allow an authenticated user with local access to bypass authentication and obtain administrative access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass IBM Pureapplication System
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-10154 HIGH PATCH This Week

A flaw was found in Moodle before versions 3.7, 3.6.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Moodle
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-4235 HIGH PATCH This Week

IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Brute Force IBM Information Disclosure Pureapplication System
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-3569 HIGH PATCH This Week

HHVM, when used with FastCGI, would bind by default to all available interfaces. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Information Disclosure Hhvm
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-6169 HIGH This Week

A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo Information Disclosure Service Bridge
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2019-6163 HIGH This Week

A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Lenovo System Update
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2019-11272 HIGH PATCH This Week

Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Spring Security Debian Linux
NVD
CVSS 3.1
7.3
EPSS
1.4%
CVE-2019-12982 MEDIUM PATCH This Month

Ming (aka libming) 0.4.8 has a heap buffer overflow and underflow in the decompileCAST function in util/decompile.c in libutil.a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Buffer Overflow Libming
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-12980 MEDIUM PATCH This Month

In Ming (aka libming) 0.4.8, there is an integer overflow (caused by an out-of-range left shift) in the SWFInput_readSBits function in blocks/input.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Libming
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-11583 MEDIUM This Month

The issue searching component in Jira before version 8.1.0 allows remote attackers to deny access to Jira service via denial of service vulnerability in issue search when ordering by "Epic Name". Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian Denial Of Service Jira
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2019-10133 MEDIUM PATCH This Month

A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Moodle
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-12984 MEDIUM PATCH This Month

A NULL pointer dereference vulnerability in the function nfc_genl_deactivate_target() in net/nfc/netlink.c in the Linux kernel before 5.1.13 can be triggered by a malicious user-mode program that. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
2.4%
CVE-2019-12975 MEDIUM PATCH This Month

ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Debian Linux Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
5.5
EPSS
2.3%
CVE-2019-12974 MEDIUM PATCH This Month

A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
5.5
EPSS
2.3%
CVE-2019-12973 MEDIUM PATCH This Month

In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Openjpeg Leap Debian Linux Database Server +1
NVD GitHub
CVSS 3.1
5.5
EPSS
2.6%
CVE-2019-12968 MEDIUM PATCH This Month

A vulnerability was found in the Sonic Robo Blast 2 (SRB2) plugin (EP_Versions 9 to 11 inclusive) distributed with Doomseeker 1.1 and 1.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Doomseeker
NVD
CVSS 3.0
5.3
EPSS
2.6%
CVE-2019-4225 MEDIUM PATCH This Month

IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially sensitive information in log files that could be read by a local user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

IBM Information Disclosure Pureapplication System
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2019-4234 MEDIUM PATCH This Month

IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the implementation of locking feature in pattern editor. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass IBM Pureapplication System
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2019-10134 LOW PATCH Monitor

A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Moodle
NVD
CVSS 3.1
3.7
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy