Skip to main content
CVE-2019-13294 CRITICAL POC THREAT Act Now

AROX School-ERP Pro has a command execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP School Erp
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
18.8%
CVE-2019-13292 CRITICAL POC Act Now

A SQL Injection issue was discovered in webERP 4.15. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Weberp
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
6.5%
CVE-2019-13275 CRITICAL POC PATCH Act Now

An issue was discovered in the VeronaLabs wp-statistics plugin before 12.6.7 for WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi WordPress Wp Statistics
NVD GitHub
CVSS 3.0
9.8
EPSS
2.6%
CVE-2019-13290 HIGH POC This Week

Artifex MuPDF 1.15.0 has a heap-based buffer overflow in fz_append_display_node located at fitz/list-device.c, allowing remote attackers to execute arbitrary code via a crafted PDF file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Mupdf
NVD
CVSS 3.0
7.8
EPSS
3.0%
CVE-2019-13289 HIGH POC This Week

In Xpdf 4.01.01, there is a use-after-free vulnerability in the function JBIG2Stream::close() located at JBIG2Stream.cc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Xpdfreader
NVD GitHub
CVSS 3.0
7.8
EPSS
1.1%
CVE-2019-13283 HIGH POC This Week

In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Xpdfreader Fedora
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2019-13282 HIGH POC This Week

In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in SampledFunction::transform in Function.cc when using a large index for samples. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Xpdfreader Fedora
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2019-13281 HIGH POC This Week

In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DCTStream::decodeImage() in Stream.cc when writing to frameBuf memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption Xpdfreader Fedora
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2019-13262 HIGH POC This Week

XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x00000000003283eb. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xnview
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-13261 HIGH POC This Week

XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000328384. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xnview
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-13260 HIGH POC This Week

XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000327a07. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xnview
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-13259 HIGH POC This Week

XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e566. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xnview
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-13258 HIGH POC This Week

XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000328165. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xnview
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-13257 HIGH POC This Week

XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x00000000003273aa. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xnview
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-13256 HIGH POC This Week

XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e849. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xnview
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-13255 HIGH POC This Week

XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000327464. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Xnview
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-13254 HIGH POC This Week

XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e808. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Xnview
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-13253 HIGH POC This Week

XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000385474. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Xnview
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-13252 HIGH POC This Week

ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP_SetColorProfile+0x00000000001172b0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Acdsee
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-13251 HIGH POC This Week

ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP_SetColorProfile+0x00000000000c47ff. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Acdsee
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-13250 HIGH POC This Week

ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP_SetColorProfile+0x00000000000b9c2f. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Acdsee
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-13249 HIGH POC This Week

ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP_SetColorProfile+0x00000000000b9e7a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Acdsee
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-13248 HIGH POC This Week

ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!JPEGTransW+0x0000000000002450. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Acdsee
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-13247 HIGH POC This Week

ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!JPEGTransW+0x00000000000024ed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Acdsee
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-13246 HIGH POC This Week

FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x00000000001a9601. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Image Viewer
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-13245 HIGH POC This Week

FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x00000000001a95b1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Image Viewer
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-13244 HIGH POC This Week

FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x0000000000002d7d. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Image Viewer
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-13243 HIGH POC This Week

IrfanView 4.52 has a User Mode Write AV starting at image00400000+0x00000000000249c6. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Irfanview
NVD GitHub
CVSS 3.0
7.8
EPSS
1.8%
CVE-2019-13242 HIGH POC This Week

IrfanView 4.52 has a User Mode Write AV starting at image00400000+0x0000000000013a98. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Irfanview
NVD GitHub
CVSS 3.0
7.8
EPSS
2.1%
CVE-2019-13241 HIGH POC This Week

FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Flightcrew Ubuntu Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
1.6%
CVE-2019-13238 HIGH POC This Week

An issue was discovered in Bento4 1.5.1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Bento4
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-13233 HIGH POC PATCH This Week

In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX. Rated high severity (CVSS 7.0). Public exploit code available.

Race Condition Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.0
7.0
EPSS
0.5%
CVE-2019-13239 MEDIUM POC PATCH This Month

inc/user.class.php in GLPI before 9.4.3 allows XSS via a user picture. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Glpi
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-13291 MEDIUM POC This Month

In Xpdf 4.01.01, there is a heap-based buffer over-read in the function DCTStream::readScan() located at Stream.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Xpdfreader
NVD
CVSS 3.0
5.5
EPSS
1.1%
CVE-2019-13288 MEDIUM POC This Month

In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xpdfreader
NVD GitHub
CVSS 3.0
5.5
EPSS
4.6%
CVE-2019-13287 MEDIUM POC This Month

In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath::strokeAdjust() located at splash/SplashXPath.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Xpdfreader
NVD GitHub
CVSS 3.0
5.5
EPSS
1.2%
CVE-2019-13286 MEDIUM POC This Month

In Xpdf 4.01.01, there is a heap-based buffer over-read in the function JBIG2Stream::readTextRegionSeg() located at JBIG2Stream.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Xpdfreader Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2019-1886 HIGH This Week

A vulnerability in the HTTPS decryption feature of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Asyncos Web Security Appliance
NVD
CVSS 3.1
8.6
EPSS
1.3%
CVE-2019-1855 HIGH This Week

A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Jabber for Windows could allow an authenticated, local attacker to perform a DLL preloading attack. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft RCE Cisco Jabber
NVD
CVSS 3.1
7.3
EPSS
2.2%
CVE-2019-1889 HIGH This Week

A vulnerability in the REST API for software device management in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an authenticated, remote attacker to escalate. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Application Policy Infrastructure Controller
NVD
CVSS 3.1
7.2
EPSS
2.8%
CVE-2019-13226 HIGH PATCH This Week

deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/<block-dev-basename> in the Helper::temporaryMountDevice() function to temporarily mount a file system as root. Rated high severity (CVSS 7.0).

Information Disclosure Deepin Clone Fedora
NVD GitHub
CVSS 3.1
7.0
EPSS
0.3%
CVE-2019-1890 MEDIUM This Month

A vulnerability in the fabric infrastructure VLAN connection establishment of the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated,. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Application Policy Infrastructure Controller
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2019-1884 MEDIUM This Month

A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to cause a denial of service (DoS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Asyncos Web Security Appliance
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2019-13229 MEDIUM PATCH This Month

deepin-clone before 1.1.3 uses a fixed path /tmp/partclone.log in the Helper::getPartitionSizeInfo() function to write a log file as root, and follows symlinks there. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Deepin Clone
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2019-13227 MEDIUM PATCH This Month

In GUI mode, deepin-clone before 1.1.3 creates a log file at the fixed path /tmp/.deepin-clone.log as root, and follows symlinks there. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Deepin Clone
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2019-13228 MEDIUM PATCH This Month

deepin-clone before 1.1.3 uses a fixed path /tmp/repo.iso in the BootDoctor::fix() function to download an ISO file, and follows symlinks there. Rated medium severity (CVSS 4.7).

Privilege Escalation Deepin Clone
NVD GitHub
CVSS 3.0
4.7
EPSS
0.4%
CVE-2019-13232 LOW Monitor

Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Unzip Debian Linux
NVD GitHub
CVSS 3.1
3.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy