Skip to main content
CVE-2019-12981 HIGH PATCH This Week

Ming (aka libming) 0.4.8 has an "fill overflow" vulnerability in the function SWFShape_setLeftFillStyle in blocks/shape.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Libming
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2019-10164 HIGH This Week

PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PostgreSQL Buffer Overflow Stack Overflow RCE Enterprise Linux +2
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2019-4224 HIGH PATCH This Week

IBM PureApplication System 2.2.3.0 through 2.2.5.3 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Pureapplication System
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-6166 HIGH This Week

A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo CSRF Service Bridge
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2019-12979 HIGH PATCH This Week

ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the SyncImageSettings function in MagickCore/image.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Debian Linux Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
7.8
EPSS
2.4%
CVE-2019-12978 HIGH PATCH This Week

ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the ReadPANGOImage function in coders/pango.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.0
7.8
EPSS
1.9%
CVE-2019-12977 HIGH PATCH This Week

ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the WriteJP2Image function in coders/jp2.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.0
7.8
EPSS
1.9%
CVE-2019-4241 HIGH PATCH This Week

IBM PureApplication System 2.2.3.0 through 2.2.5.3 could allow an authenticated user with local access to bypass authentication and obtain administrative access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass IBM Pureapplication System
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-10154 HIGH PATCH This Week

A flaw was found in Moodle before versions 3.7, 3.6.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Moodle
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-4235 HIGH PATCH This Week

IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Brute Force IBM Information Disclosure Pureapplication System
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-3569 HIGH PATCH This Week

HHVM, when used with FastCGI, would bind by default to all available interfaces. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Information Disclosure Hhvm
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-6169 HIGH This Week

A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo Information Disclosure Service Bridge
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2019-6163 HIGH This Week

A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Lenovo System Update
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2019-11272 HIGH PATCH This Week

Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Spring Security Debian Linux
NVD
CVSS 3.1
7.3
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy