Skip to main content
CVE-2019-5052 HIGH POC This Week

An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Buffer Overflow Sdl2 Image Debian Linux +3
NVD
CVSS 3.1
8.8
EPSS
4.5%
CVE-2019-5051 HIGH POC This Week

An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Sdl2 Image Debian Linux Backports Sle +2
NVD
CVSS 3.1
8.8
EPSS
4.0%
CVE-2019-12570 HIGH POC This Week

A SQL injection vulnerability in the Xpert Solution "Server Status by Hostname/IP" plugin 4.6 for WordPress allows an authenticated user to execute arbitrary SQL commands via GET parameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Server Status By Hostname Ip
NVD GitHub
CVSS 3.0
8.8
EPSS
1.7%
CVE-2019-10101 HIGH POC This Week

JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Kotlin
NVD
CVSS 3.1
8.1
EPSS
1.6%
CVE-2019-13208 HIGH POC This Week

WavesSysSvc in Waves MAXX Audio allows privilege escalation because the General registry key has Full Control access for the Users group, leading to DLL side loading. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Waves Maxx Audio
NVD
CVSS 3.0
7.3
EPSS
0.4%
CVE-2019-10717 HIGH POC PATCH This Week

BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Blogengine Net
NVD GitHub
CVSS 3.0
7.1
EPSS
5.4%
CVE-2019-5602 HIGH This Week

In FreeBSD 12.0-STABLE before r349628, 12.0-RELEASE before 12.0-RELEASE-p7, 11.3-PRERELEASE before r349629, 11.3-RC3 before 11.3-RC3-p1, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the cdrom. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Freebsd
NVD
CVSS 3.0
8.8
EPSS
4.1%
CVE-2019-12851 HIGH This Week

A CSRF vulnerability was detected in one of the admin endpoints of JetBrains YouTrack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Youtrack
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2019-5630 HIGH This Week

A Cross-Site Request Forgery (CSRF) vulnerability was found in Rapid7 Nexpose InsightVM Security Console versions 6.5.0 through 6.5.68. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Nexpose
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2019-6636 HIGH This Week

On BIG-IP (AFM, ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.4, a stored cross-site scripting vulnerability in AFM feed list. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS RCE CSRF Big Ip Advanced Firewall Manager Big Ip Application Security Manager
NVD
CVSS 3.0
8.4
EPSS
0.9%
CVE-2019-10103 HIGH This Week

JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/JVM Server) IDE Template were resolving Gradle artifacts using an http connection, potentially allowing an MITM attack. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Kotlin
NVD
CVSS 3.0
8.1
EPSS
0.9%
CVE-2019-10102 HIGH This Week

JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Kotlin Ktor
NVD
CVSS 3.0
8.1
EPSS
0.9%
CVE-2019-9872 HIGH This Week

In several versions of JetBrains IntelliJ IDEA Ultimate, creating run configurations for cloud application servers leads to saving a cleartext unencrypted record of the server credentials in the IDE. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Intellij Idea
NVD
CVSS 3.0
8.1
EPSS
1.2%
CVE-2019-13164 HIGH PATCH This Week

qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Qemu Debian Linux Leap Ubuntu Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-13074 HIGH This Week

A vulnerability in the FTP daemon on MikroTik routers through 6.44.3 could allow remote attackers to exhaust all available memory, causing the device to reboot because of uncontrolled resource. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mikrotik Routeros
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2019-12841 HIGH This Week

Incorrect handling of user input in ZIP extraction was detected in JetBrains TeamCity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2019-6631 HIGH This Week

On BIG-IP 11.5.1-11.6.4, iRules performing HTTP header manipulation may cause an interruption to service when processing traffic handled by a Virtual Server with an associated HTTP profile, in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager Big Ip Analytics +9
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2019-6630 HIGH This Week

On F5 SSL Orchestrator 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, undisclosed traffic flow may cause TMM to restart under certain circumstances. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ssl Orchestrator
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-6629 HIGH This Week

On BIG-IP 14.1.0-14.1.0.5, undisclosed SSL traffic to a virtual server configured with a Client SSL profile may cause TMM to fail and restart. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager Big Ip Analytics +9
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-6628 HIGH This Week

On BIG-IP PEM 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, under certain conditions, the TMM process may terminate and restart while processing BIG-IP PEM traffic with the OpenVPN classifier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Policy Enforcement Manager
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2019-12847 HIGH This Week

In JetBrains Hub versions earlier than 2018.4.11298, the audit events for SMTPSettings show a cleartext password to the admin user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Hub
NVD
CVSS 3.0
7.2
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy