Skip to main content
CVE-2019-13028 HIGH POC This Week

An incorrect implementation of a local web server in eID client (Windows version before 3.1.2, Linux version before 3.0.3) allows remote attackers to execute arbitrary code (.cgi, .pl, or .php) or. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Microsoft RCE PHP Electronic Identification Cards Client
NVD
CVSS 3.0
8.8
EPSS
3.7%
CVE-2019-9846 HIGH POC This Week

RockOA 1.8.7 allows remote attackers to obtain sensitive information because the webmain/webmainAction.php publictreestore method constructs a SQL WHERE clause unsafely by using the pidfields and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Rockoa
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2019-12997 HIGH POC This Week

In Loopchain through 2.2.1.3, an attacker can escalate privileges from a low-privilege shell by changing the environment (aka injection in the DEFAULT_SCORE_HOST environment variable). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Loopchain
NVD GitHub
CVSS 3.0
8.8
EPSS
2.1%
CVE-2019-10987 HIGH This Week

In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds write vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Webaccess
NVD
CVSS 3.1
8.8
EPSS
5.7%
CVE-2019-13031 HIGH This Week

LemonLDAP::NG before 1.9.20 has an XML External Entity (XXE) issue when submitting a notification to the notification server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XXE Lemonldap Debian Linux
NVD
CVSS 3.0
8.1
EPSS
1.9%
CVE-2019-10983 HIGH This Week

In WebAccess/SCADA Versions 8.3.5 and prior, an out-of-bounds read vulnerability is caused by a lack of proper validation of user-supplied data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Webaccess
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2019-9843 HIGH PATCH This Week

In DiffPlug Spotless before 1.20.0 (library and Maven plugin) and before 3.20.0 (Gradle plugin), the XML parser would resolve external entities over both HTTP and HTTPS and didn't respect the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XXE Gradle Maven
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2019-4269 HIGH This Week

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console could allow a remote attacker to obtain sensitive information when a specially crafted url causes a stack trace to be dumped. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Application Server
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2019-13012 HIGH PATCH This Week

The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Glib
NVD
CVSS 3.0
7.5
EPSS
3.2%
CVE-2019-12995 HIGH This Week

Istio before 1.2.2 mishandles certain access tokens, leading to "Epoch 0 terminated with an error" in Envoy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Istio
NVD GitHub
CVSS 3.0
7.5
EPSS
2.2%
CVE-2019-10964 HIGH This Week

Medtronic MiniMed Insulin Pumps are designed to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices. Rated high severity (CVSS 7.1), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Minimed 508 Firmware Minimed Paradigm 511 Firmware Minimed Paradigm 512 Firmware Minimed Paradigm 712 Firmware +15
NVD
CVSS 3.1
7.1
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy