Skip to main content
CVE-2019-7276 CRITICAL POC THREAT Emergency

Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Enterprise Proton
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
93.4%
CVE-2019-7274 CRITICAL POC THREAT Act Now

Optergy Proton/Enterprise devices allow Authenticated File Upload with Code Execution as root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Enterprise Proton
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
29.0%
CVE-2019-7667 CRITICAL POC Act Now

Prima Systems FlexAir, Versions 2.3.38 and prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Flexair
NVD
CVSS 3.1
9.8
EPSS
4.5%
CVE-2019-13131 CRITICAL POC Act Now

Super Micro SuperDoctor 5, when restrictions are not implemented in agent.cfg, allows remote attackers to execute arbitrary commands via NRPE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Superdoctor 5
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.6%
CVE-2019-7669 HIGH POC THREAT This Week

Prima Systems FlexAir, Versions 2.3.38 and prior. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Flexair
NVD
CVSS 3.1
8.8
EPSS
31.4%
CVE-2019-7666 HIGH POC THREAT This Week

Prima Systems FlexAir, Versions 2.3.38 and prior. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Flexair
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
14.8%
CVE-2019-13024 HIGH POC THREAT This Week

Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web before 2.8.29 allows the attacker to execute arbitrary system commands by using the value "init_script"-"Monitoring Engine Binary". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Centreon
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
32.2%
CVE-2019-12826 HIGH POC This Week

A Cross-Site-Request-Forgery (CSRF) vulnerability in widget_logic.php in the 2by2host Widget Logic plugin before 5.10.2 for WordPress allows remote attackers to execute PHP code via snippets (that. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress CSRF Widget Logic
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2019-13128 HIGH POC This Week

An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
7.7%
CVE-2019-13136 HIGH POC PATCH This Week

ImageMagick before 7.0.8-50 has an integer overflow vulnerability in the function TIFFSeekCustomStream in coders/tiff.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Imagemagick
NVD GitHub
CVSS 3.0
7.8
EPSS
1.5%
CVE-2019-13125 HIGH POC This Week

HaboMalHunter through 2.0.0.3 in Tencent Habo allows attackers to evade dynamic malware analysis via PIE compilation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Habomalhunter
NVD GitHub
CVSS 3.0
7.8
EPSS
1.0%
CVE-2019-13129 HIGH POC This Week

On the Motorola router CX2L MWR04L 1.01, there is a stack consumption (infinite recursion) issue in scopd via TCP port 8010 and UDP port 8080. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cx2L Mwr04L Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-7670 HIGH POC THREAT This Week

Prima Systems FlexAir, Versions 2.3.38 and prior. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Flexair
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
18.3%
CVE-2019-13137 MEDIUM POC PATCH This Month

ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadPSImage in coders/ps.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2019-7275 MEDIUM POC This Month

Optergy Proton/Enterprise devices allow Open Redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Enterprise Proton
NVD
CVSS 3.1
6.1
EPSS
9.1%
CVE-2019-13127 MEDIUM POC PATCH This Month

An issue was discovered in mxGraph through 4.0.0, related to the "draw.io Diagrams" plugin before 8.3.14 for Confluence and other products. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Atlassian XSS Draw Io Diagrams Mxgraph
NVD GitHub
CVSS 3.0
6.1
EPSS
1.5%
CVE-2019-12970 MEDIUM POC This Month

XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1.5.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Squirrelmail
NVD
CVSS 3.0
6.1
EPSS
1.8%
CVE-2019-7271 CRITICAL Act Now

Nortek Linear eMerge 50P/5000P devices have Default Credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Linear Emerge 50P Firmware Linear Emerge 5000P Firmware
NVD
CVSS 3.0
9.8
EPSS
3.6%
CVE-2019-5497 CRITICAL Act Now

NetApp AFF A700s Baseboard Management Controller (BMC) firmware versions 1.22 and higher were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Aff A700S Firmware Clustered Data Ontap
NVD
CVSS 3.0
9.8
EPSS
2.9%
CVE-2019-10979 CRITICAL Act Now

SICK MSC800 all versions prior to Version 4.0, the affected firmware versions contain a hard-coded customer account password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Msc800 Firmware
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2019-7668 CRITICAL Act Now

Prima Systems FlexAir devices have Default Credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Flexair
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-4336 CRITICAL PATCH Act Now

IBM Robotic Process Automation with Automation Anywhere 11 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Robotic Process Automation With Automation Anywhere
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2019-7272 MEDIUM POC THREAT This Month

Optergy Proton/Enterprise devices allow Username Disclosure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Enterprise Proton
NVD Exploit-DB
CVSS 3.1
5.3
EPSS
10.5%
CVE-2019-7273 HIGH POC This Week

Optergy Proton/Enterprise devices allow Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Enterprise Proton
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
4.5%
CVE-2019-6642 HIGH This Week

In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, and 11.5.2-11.6.4, BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, authenticated users with the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Application Acceleration Manager Big Ip Link Controller +12
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-13135 HIGH PATCH This Week

ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Imagemagick Debian Linux Ubuntu Linux Big Ip Application Acceleration Manager +1
NVD GitHub
CVSS 3.1
8.8
EPSS
3.3%
CVE-2019-7281 HIGH This Week

Prima Systems FlexAir, Versions 2.3.38 and prior. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Flexair
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2019-7280 HIGH This Week

Prima Systems FlexAir, Versions 2.3.38 and prior. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Flexair
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2019-9703 HIGH This Week

Symantec Endpoint Encryption, prior to SEE 11.3.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Endpoint Encryption
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-9702 HIGH This Week

Symantec Endpoint Encryption, prior to SEE 11.3.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Endpoint Encryption
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-4322 HIGH PATCH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow IBM Microsoft RCE Db2
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-4154 HIGH PATCH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow IBM Microsoft RCE Db2
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-7279 HIGH This Week

Optergy Proton/Enterprise devices have Hard-coded Credentials. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Enterprise Proton
NVD
CVSS 3.0
7.3
EPSS
1.8%
CVE-2019-4298 HIGH PATCH This Week

IBM Robotic Process Automation with Automation Anywhere 11 uses a high privileged PostgreSQL account for database access which could allow a local user to perform actions they should not have. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

PostgreSQL IBM Information Disclosure Robotic Process Automation With Automation Anywhere
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2019-4383 MEDIUM PATCH This Month

When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle or MongoDB databases, a redirected restore operation may result in an escalation of user privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation IBM Oracle Spectrum Protect Plus
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2019-4357 MEDIUM This Month

When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle, DB2 or MongoDB databases, a redirected restore operation specifying a target path may allow execution of arbitrary. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

IBM RCE Oracle Spectrum Protect Plus
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2019-4057 MEDIUM This Month

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow malicious user with access to the DB2 instance account to leverage a fenced execution process. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

IBM Microsoft RCE Db2
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2019-7278 MEDIUM This Month

Optergy Proton/Enterprise devices have an Unauthenticated SMS Sending Service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Enterprise Proton
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2019-4386 MEDIUM PATCH This Month

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow an authenticated user to execute a function that would cause the server to crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service IBM Microsoft Db2
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2019-1577 MEDIUM This Month

Code injection vulnerability in Palo Alto Networks Traps 5.0.5 and earlier may allow an authenticated attacker to inject arbitrary JavaScript or HTML. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Paloalto RCE Traps
NVD
CVSS 3.0
6.3
EPSS
0.9%
CVE-2019-13117 MEDIUM PATCH This Month

In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Libxslt Debian Linux Ubuntu Linux Fedora +2
NVD VulDB
CVSS 3.1
5.3
EPSS
4.4%
CVE-2019-1578 MEDIUM This Month

Cross-site scripting vulnerability in Palo Alto Networks MineMeld version 0.9.60 and earlier may allow a remote attacker able to convince an authenticated MineMeld admin to type malicious input in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto XSS Minemeld
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2019-4102 MEDIUM PATCH This Month

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

IBM Microsoft Information Disclosure Db2
NVD
CVSS 3.1
5.9
EPSS
1.2%
CVE-2019-13118 MEDIUM PATCH This Month

In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Information Disclosure Memory Corruption Libxslt Leap Active Iq Unified Manager +22
NVD VulDB
CVSS 3.1
5.3
EPSS
1.0%
CVE-2019-13134 MEDIUM PATCH This Month

ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Leap
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2019-13133 MEDIUM PATCH This Month

ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Leap
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2019-4299 MEDIUM PATCH This Month

IBM Robotic Process Automation with Automation Anywhere 11 could allow a local user to obtain highly sensitive information from log files when debugging is enabled. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Robotic Process Automation With Automation Anywhere
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-4101 MEDIUM This Month

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 is vulnerable to a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service IBM Microsoft Db2
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-4410 MEDIUM PATCH This Month

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Automation Workflow Business Process Manager
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2019-4297 MEDIUM PATCH This Month

IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote authenticated attacker to conduct an LDAP injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Authentication Bypass IBM LDAP Robotic Process Automation With Automation Anywhere
NVD
CVSS 3.1
5.4
EPSS
1.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy