Skip to main content
CVE-2019-7225 HIGH POC This Week

The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Abb Cp620 Firmware Cp620 Web Firmware Cp630 Firmware +13
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2019-5827 HIGH POC PATCH This Week

Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google Integer Overflow Buffer Overflow Chrome Backports +4
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2019-7226 HIGH POC This Week

The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authentication and gain access to privileged functions. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Abb Pb610 Panel Builder 600 Firmware
NVD
CVSS 3.1
8.8
EPSS
5.3%
CVE-2019-7228 HIGH POC PATCH This Week

The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Abb Pb610 Panel Builder 600 Firmware
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2019-1621 HIGH POC THREAT This Week

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to gain access to sensitive files on an affected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Data Center Network Manager
NVD GitHub
CVSS 3.1
7.5
EPSS
29.8%
CVE-2019-7227 HIGH POC PATCH This Week

In the ABB IDAL FTP server, an authenticated attacker can traverse to arbitrary directories on the hard disk with "CWD ../" and then use the FTP server functionality to download and upload files. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available.

Path Traversal Abb Pb610 Panel Builder 600 Firmware
NVD
CVSS 3.1
7.3
EPSS
8.5%
CVE-2019-3632 HIGH This Week

Directory Traversal vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to gain elevated privileges via specially crafted input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Enterprise Security Manager
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2019-5836 HIGH This Week

Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Memory Corruption Chrome Backports +3
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2019-5831 HIGH This Week

Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Memory Corruption Chrome Backports +3
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2019-5829 HIGH This Week

Integer overflow in download manager in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow Buffer Overflow Chrome Backports +3
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2019-5828 HIGH This Week

Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Information Disclosure Memory Corruption Chrome +4
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-5824 HIGH This Week

Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Memory Corruption Chrome Backports +3
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-5822 HIGH This Week

Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome Backports Leap +2
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2019-5821 HIGH This Week

Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow Buffer Overflow Chrome Backports +3
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-5820 HIGH This Week

Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow Buffer Overflow Chrome Backports +3
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2019-5817 HIGH This Week

Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Microsoft Memory Corruption Chrome +4
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-5816 HIGH This Week

Process lifetime issue in Chrome in Google Chrome on Android prior to 74.0.3729.108 allowed a remote attacker to potentially persist an exploited process via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Fedora Backports +1
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2019-5813 HIGH This Week

Use after free in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Use After Free Memory Corruption Chrome +4
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2019-5811 HIGH This Week

Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome Debian Linux Fedora +2
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-5809 HIGH This Week

Use after free in file chooser in Google Chrome prior to 74.0.3729.108 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Memory Corruption Google Use After Free +5
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2019-5808 HIGH This Week

Use after free in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Use After Free Memory Corruption Chrome +4
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-5807 HIGH This Week

Object lifetime issue in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Memory Corruption Chrome Debian Linux +3
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-5806 HIGH This Week

Integer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow Microsoft Buffer Overflow Chrome +4
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2019-3628 HIGH This Week

Privilege escalation in McAfee Enterprise Security Manager (ESM) 11.x prior to 11.2.0 allows authenticated user to gain access to a core system component via incorrect access control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Enterprise Security Manager
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2019-12887 HIGH PATCH This Week

KeyIdentity LinOTP before 2.10.5.3 has Incorrect Access Control (issue 1 of 2). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Linotp
NVD
CVSS 3.0
8.1
EPSS
1.2%
CVE-2019-5819 HIGH This Week

Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allowed a local attacker to execute arbitrary code via a crafted string copied to clipboard. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google RCE Chrome Backports Leap +2
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-4252 HIGH This Week

IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 could allow a remote attacker to traverse directories on the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Path Traversal Rational Collaborative Lifecycle Management Rational Doors Next Generation Rational Engineering Lifecycle Manager +4
NVD
CVSS 3.1
7.5
EPSS
3.4%
CVE-2019-3631 HIGH This Week

Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Enterprise Security Manager
NVD
CVSS 3.1
7.2
EPSS
2.0%
CVE-2019-3630 HIGH This Week

Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Enterprise Security Manager
NVD
CVSS 3.1
7.2
EPSS
2.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy