Skip to main content
CVE-2019-1620 CRITICAL POC THREAT Emergency

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Cisco Data Center Network Manager
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
83.8%
CVE-2019-1619 CRITICAL POC THREAT Emergency

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cisco Data Center Network Manager
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
82.8%
CVE-2019-5786 MEDIUM POC KEV PATCH THREAT This Month

Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Use After Free Information Disclosure Memory Corruption Chrome
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
61.5%
CVE-2019-12583 CRITICAL POC PATCH THREAT Act Now

Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Zyxel Uag2100 Firmware Uag4100 Firmware Uag5100 Firmware +11
NVD
CVSS 3.0
9.1
EPSS
43.9%
CVE-2019-7225 HIGH POC This Week

The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Abb Cp620 Firmware Cp620 Web Firmware Cp630 Firmware +13
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2019-5827 HIGH POC PATCH This Week

Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google Integer Overflow Buffer Overflow Chrome Backports +4
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2019-7226 HIGH POC This Week

The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authentication and gain access to privileged functions. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Abb Pb610 Panel Builder 600 Firmware
NVD
CVSS 3.1
8.8
EPSS
5.3%
CVE-2019-7228 HIGH POC PATCH This Week

The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Abb Pb610 Panel Builder 600 Firmware
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2019-1622 MEDIUM POC THREAT This Month

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cisco Data Center Network Manager
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
78.9%
CVE-2019-1621 HIGH POC THREAT This Week

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to gain access to sensitive files on an affected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Data Center Network Manager
NVD GitHub
CVSS 3.1
7.5
EPSS
29.8%
CVE-2019-7227 HIGH POC PATCH This Week

In the ABB IDAL FTP server, an authenticated attacker can traverse to arbitrary directories on the hard disk with "CWD ../" and then use the FTP server functionality to download and upload files. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available.

Path Traversal Abb Pb610 Panel Builder 600 Firmware
NVD
CVSS 3.1
7.3
EPSS
8.5%
CVE-2019-12581 MEDIUM POC PATCH This Month

A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Zyxel Uag2100 Firmware Uag4100 Firmware Uag5100 Firmware +6
NVD
CVSS 3.0
6.1
EPSS
6.4%
CVE-2019-3632 HIGH This Week

Directory Traversal vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to gain elevated privileges via specially crafted input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Enterprise Security Manager
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2019-5836 HIGH This Week

Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Memory Corruption Chrome Backports +3
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2019-5831 HIGH This Week

Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Memory Corruption Chrome Backports +3
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2019-5829 HIGH This Week

Integer overflow in download manager in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow Buffer Overflow Chrome Backports +3
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2019-5828 HIGH This Week

Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Information Disclosure Memory Corruption Chrome +4
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-5824 HIGH This Week

Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Memory Corruption Chrome Backports +3
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-5822 HIGH This Week

Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome Backports Leap +2
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2019-5821 HIGH This Week

Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow Buffer Overflow Chrome Backports +3
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-5820 HIGH This Week

Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow Buffer Overflow Chrome Backports +3
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2019-5817 HIGH This Week

Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Microsoft Memory Corruption Chrome +4
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-5816 HIGH This Week

Process lifetime issue in Chrome in Google Chrome on Android prior to 74.0.3729.108 allowed a remote attacker to potentially persist an exploited process via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Fedora Backports +1
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2019-5813 HIGH This Week

Use after free in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Use After Free Memory Corruption Chrome +4
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2019-5811 HIGH This Week

Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome Debian Linux Fedora +2
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-5809 HIGH This Week

Use after free in file chooser in Google Chrome prior to 74.0.3729.108 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Memory Corruption Google Use After Free +5
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2019-5808 HIGH This Week

Use after free in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Use After Free Memory Corruption Chrome +4
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-5807 HIGH This Week

Object lifetime issue in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Memory Corruption Chrome Debian Linux +3
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-5806 HIGH This Week

Integer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow Microsoft Buffer Overflow Chrome +4
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2019-3628 HIGH This Week

Privilege escalation in McAfee Enterprise Security Manager (ESM) 11.x prior to 11.2.0 allows authenticated user to gain access to a core system component via incorrect access control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Enterprise Security Manager
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2019-12887 HIGH PATCH This Week

KeyIdentity LinOTP before 2.10.5.3 has Incorrect Access Control (issue 1 of 2). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Linotp
NVD
CVSS 3.0
8.1
EPSS
1.2%
CVE-2019-5819 HIGH This Week

Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allowed a local attacker to execute arbitrary code via a crafted string copied to clipboard. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google RCE Chrome Backports Leap +2
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-4252 HIGH This Week

IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 could allow a remote attacker to traverse directories on the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Path Traversal Rational Collaborative Lifecycle Management Rational Doors Next Generation Rational Engineering Lifecycle Manager +4
NVD
CVSS 3.1
7.5
EPSS
3.4%
CVE-2019-3631 HIGH This Week

Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Enterprise Security Manager
NVD
CVSS 3.1
7.2
EPSS
2.0%
CVE-2019-3630 HIGH This Week

Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Enterprise Security Manager
NVD
CVSS 3.1
7.2
EPSS
2.0%
CVE-2019-3629 MEDIUM This Month

Application protection bypass vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows unauthenticated user to impersonate system users via specially. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Enterprise Security Manager
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-10177 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability was found in the PDF export component of CloudForms, versions 5.9 and 5.10, due to user input is not properly sanitized. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS RCE CSRF Cloudforms Management Engine
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-5837 MEDIUM This Month

Resource size information leakage in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Backports Leap +2
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2019-5835 MEDIUM This Month

Object lifecycle issue in SwiftShader in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Chrome Backports +2
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2019-5834 MEDIUM This Month

Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Backports Leap +2
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2019-5832 MEDIUM This Month

Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Backports Leap +2
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2019-5830 MEDIUM This Month

Insufficient policy enforcement in CORS in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Backports Leap +2
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-5818 MEDIUM This Month

Uninitialized data in media in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Backports Leap +2
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2019-5814 MEDIUM This Month

Insufficient policy enforcement in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF Chrome Backports Leap +2
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-5812 MEDIUM This Month

Inadequate security UI in iOS UI in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Apple Information Disclosure Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-5810 MEDIUM This Month

Information leak in autofill in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Fedora +2
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-5805 MEDIUM This Month

Use-after-free in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Information Disclosure Memory Corruption Chrome +4
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2019-5785 MEDIUM This Month

Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Memory Corruption Chrome
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2019-5784 MEDIUM This Month

Incorrect handling of deferred code in V8 in Google Chrome prior to 72.0.3626.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Memory Corruption Chrome
NVD
CVSS 3.0
6.5
EPSS
1.6%
CVE-2019-5823 MEDIUM This Month

Insufficient policy enforcement in service workers in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Open Redirect Chrome Debian Linux Fedora +2
NVD
CVSS 3.1
5.4
EPSS
1.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy