Skip to main content
CVE-2019-9827 CRITICAL POC PATCH THREAT Act Now

Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Hawtio
NVD
CVSS 3.0
9.8
EPSS
26.8%
CVE-2019-13207 CRITICAL POC Act Now

nsd-checkzone in NLnet Labs NSD 4.2.0 has a Stack-based Buffer Overflow in the dname_concatenate() function in dname.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Name Server Daemon
NVD GitHub
CVSS 3.0
9.8
EPSS
2.0%
CVE-2019-12852 CRITICAL Act Now

An SSRF attack was possible on a JetBrains YouTrack server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Youtrack
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2019-9873 CRITICAL Act Now

In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task Servers configurations leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Intellij Idea
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-9823 CRITICAL Act Now

In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Intellij Idea
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-9186 CRITICAL Act Now

In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the configuration is running, because a JMX server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Intellij Idea
NVD
CVSS 3.0
9.8
EPSS
4.5%
CVE-2019-5600 CRITICAL Act Now

In FreeBSD 12.0-STABLE before r349622, 12.0-RELEASE before 12.0-RELEASE-p7, 11.3-PRERELEASE before r349624, 11.3-RC3 before 11.3-RC3-p1, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in iconv. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow RCE Memory Corruption Freebsd
NVD
CVSS 3.0
9.8
EPSS
4.9%
CVE-2019-12867 CRITICAL Act Now

Certain actions could cause privilege escalation for issue attachments in JetBrains YouTrack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Youtrack
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2019-12866 CRITICAL Act Now

An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Youtrack
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2019-12850 CRITICAL Act Now

A query injection was possible in JetBrains YouTrack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Youtrack
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2019-10104 CRITICAL Act Now

In several JetBrains IntelliJ IDEA Ultimate versions, an Application Server run configuration (for Tomcat, Jetty, Resin, or CloudBees) with the default setting allowed a remote attacker to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Information Disclosure Intellij Idea
NVD
CVSS 3.0
9.8
EPSS
3.8%
CVE-2019-10100 CRITICAL Act Now

In JetBrains YouTrack Confluence plugin versions before 1.8.1.3, it was possible to achieve Server Side Template Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Atlassian RCE Youtrack Integration
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2019-7165 CRITICAL Act Now

A buffer overflow in DOSBox 0.74-2 allows attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Dosbox Debian Linux Fedora
NVD
CVSS 3.0
9.8
EPSS
3.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy