Skip to main content
CVE-2019-9039 CRITICAL POC PATCH Act Now

In Couchbase Sync Gateway 2.1.2, an attacker with access to the Sync Gateway’s public REST API was able to issue additional N1QL statements and extract sensitive data or call arbitrary N1QL functions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Denial Of Service Information Disclosure Sync Gateway
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2019-12966 CRITICAL POC Act Now

FeHelper through 2019-06-19 allows arbitrary code execution during a JSON format operation, as demonstrated by the {"a":(function(){confirm(1)})()} input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Fehelper
NVD GitHub
CVSS 3.0
9.8
EPSS
2.4%
CVE-2019-6168 CRITICAL Act Now

A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo RCE Service Bridge
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2019-6167 CRITICAL Act Now

A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo RCE Service Bridge
NVD
CVSS 3.1
9.8
EPSS
2.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy