Skip to main content
CVE-2019-13028 HIGH POC This Week

An incorrect implementation of a local web server in eID client (Windows version before 3.1.2, Linux version before 3.0.3) allows remote attackers to execute arbitrary code (.cgi, .pl, or .php) or. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Microsoft RCE PHP Electronic Identification Cards Client
NVD
CVSS 3.0
8.8
EPSS
3.7%
CVE-2019-9846 HIGH POC This Week

RockOA 1.8.7 allows remote attackers to obtain sensitive information because the webmain/webmainAction.php publictreestore method constructs a SQL WHERE clause unsafely by using the pidfields and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Rockoa
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2019-12997 HIGH POC This Week

In Loopchain through 2.2.1.3, an attacker can escalate privileges from a low-privilege shell by changing the environment (aka injection in the DEFAULT_SCORE_HOST environment variable). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Loopchain
NVD GitHub
CVSS 3.0
8.8
EPSS
2.1%
CVE-2019-10993 CRITICAL Act Now

In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Webaccess
NVD
CVSS 3.1
9.8
EPSS
10.7%
CVE-2019-10991 CRITICAL Act Now

In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Webaccess
NVD
CVSS 3.1
9.8
EPSS
9.0%
CVE-2019-10989 CRITICAL Act Now

In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Webaccess
NVD
CVSS 3.1
9.8
EPSS
8.6%
CVE-2019-10985 CRITICAL Act Now

In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnerability is caused by a lack of proper validation of a user-supplied path prior to use in file operations. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Webaccess
NVD
CVSS 3.1
9.1
EPSS
3.1%
CVE-2019-10987 HIGH This Week

In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds write vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Webaccess
NVD
CVSS 3.1
8.8
EPSS
5.7%
CVE-2019-13031 HIGH This Week

LemonLDAP::NG before 1.9.20 has an XML External Entity (XXE) issue when submitting a notification to the notification server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XXE Lemonldap Debian Linux
NVD
CVSS 3.0
8.1
EPSS
1.9%
CVE-2019-10983 HIGH This Week

In WebAccess/SCADA Versions 8.3.5 and prior, an out-of-bounds read vulnerability is caused by a lack of proper validation of user-supplied data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Webaccess
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2019-9843 HIGH PATCH This Week

In DiffPlug Spotless before 1.20.0 (library and Maven plugin) and before 3.20.0 (Gradle plugin), the XML parser would resolve external entities over both HTTP and HTTPS and didn't respect the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XXE Gradle Maven
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2019-4269 HIGH This Week

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console could allow a remote attacker to obtain sensitive information when a specially crafted url causes a stack trace to be dumped. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Application Server
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2019-13012 HIGH PATCH This Week

The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Glib
NVD
CVSS 3.0
7.5
EPSS
3.2%
CVE-2019-12995 HIGH This Week

Istio before 1.2.2 mishandles certain access tokens, leading to "Epoch 0 terminated with an error" in Envoy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Istio
NVD GitHub
CVSS 3.0
7.5
EPSS
2.2%
CVE-2019-10964 HIGH This Week

Medtronic MiniMed Insulin Pumps are designed to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices. Rated high severity (CVSS 7.1), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Minimed 508 Firmware Minimed Paradigm 511 Firmware Minimed Paradigm 512 Firmware Minimed Paradigm 712 Firmware +15
NVD
CVSS 3.1
7.1
EPSS
1.2%
CVE-2019-10175 MEDIUM This Month

A flaw was found in the containerized-data-importer in virt-cdi-cloner, version 1.4, where the host-assisted cloning feature does not determine whether the requesting user has permission to access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Containerized Data Importer
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-12932 MEDIUM This Month

A stored XSS vulnerability was found in SeedDMS 5.1.11 due to poorly escaping the search result in the autocomplete search form placed in the header of out/out.Viewfolder.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Seeddms
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-13032 MEDIUM This Month

An issue was discovered in FlightCrew v0.9.2 and earlier. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Flightcrew
NVD GitHub
CVSS 3.0
5.5
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy