Skip to main content
CVE-2019-13027 CRITICAL POC Act Now

Realization Concerto Critical Chain Planner (aka CCPM) 5.10.8071 has SQL Injection in at least in the taskupdt/taskdetails.aspx webpage via the projectname parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Concerto Critical Chain Planner
NVD GitHub
CVSS 3.0
9.8
EPSS
2.7%
CVE-2019-13567 HIGH POC This Week

The Zoom Client before 4.4.53932.0709 on macOS allows remote code execution, a different vulnerability than CVE-2019-13450. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Apple Command Injection Zoom
NVD GitHub
CVSS 3.1
8.8
EPSS
3.8%
CVE-2019-13494 HIGH POC This Week

nodeimp.exe in Castle Rock SNMPc before 9.0.12.1 and 10.x before 10.0.9 has a stack-based buffer overflow via a long variable string in a Map Objects text file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Simple Network Management Protocol Console
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
3.9%
CVE-2019-13574 HIGH POC PATCH This Week

In lib/mini_magick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernel#open, which accepts. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Command Injection Minimagick Debian Linux
NVD GitHub
CVSS 3.0
7.8
EPSS
7.6%
CVE-2019-11360 MEDIUM POC PATCH This Month

A buffer overflow in iptables-restore in netfilter iptables 1.8.2 allows an attacker to (at least) crash the program or potentially gain code execution via a specially crafted iptables-save file. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow RCE Memory Corruption Iptables
NVD
CVSS 3.1
4.2
EPSS
1.8%
CVE-2019-11242 HIGH This Week

A man-in-the-middle vulnerability related to vCenter access was found in Cohesity DataPlatform version 5.x and 6.x prior to 6.1.1c. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

VMware Information Disclosure Dataplatform
NVD GitHub
CVSS 3.0
8.1
EPSS
0.5%
CVE-2019-12731 HIGH This Week

The Windows versions of Snapview Mikogo, versions before 5.10.2 are affected by insecure implementations which allow local attackers to escalate privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Mikogo
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2019-8998 HIGH PATCH This Week

An information disclosure vulnerability leading to a potential local escalation of privilege in the procfs service (the /proc filesystem) of BlackBerry QNX Software Development Platform version(s). Rated high severity (CVSS 7.8).

Authentication Bypass Privilege Escalation Information Disclosure Qnx Software Development Platform
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-12827 MEDIUM This Month

Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Asterisk Certified Asterisk
NVD
CVSS 3.0
6.5
EPSS
4.2%
CVE-2019-13161 MEDIUM This Month

An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Null Pointer Dereference Denial Of Service Certified Asterisk Asterisk Debian Linux
NVD
CVSS 3.1
5.3
EPSS
4.0%
CVE-2019-1010310 LOW PATCH Monitor

GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection allowing admins to phish users by putting code in reminder description. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Glpi
NVD GitHub
CVSS 3.0
3.5
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy