Skip to main content
CVE-2019-12990 CRITICAL POC THREAT Act Now

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Citrix Netscaler Sd Wan Sd Wan
NVD
CVSS 3.0
9.8
EPSS
39.3%
CVE-2019-12989 CRITICAL POC KEV THREAT Act Now

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Citrix Netscaler Sd Wan Sd Wan
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
94.0%
CVE-2019-12988 CRITICAL POC THREAT Act Now

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 4 of 6). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Command Injection Netscaler Sd Wan Sd Wan
NVD
CVSS 3.0
9.8
EPSS
39.5%
CVE-2019-12987 CRITICAL POC THREAT Act Now

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of 6). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Command Injection Netscaler Sd Wan Sd Wan
NVD
CVSS 3.0
9.8
EPSS
42.6%
CVE-2019-12986 CRITICAL POC THREAT Act Now

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 2 of 6). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Command Injection Netscaler Sd Wan Sd Wan
NVD
CVSS 3.0
9.8
EPSS
39.5%
CVE-2019-12985 CRITICAL POC THREAT Act Now

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 1 of 6). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Command Injection Netscaler Sd Wan Sd Wan
NVD
CVSS 3.0
9.8
EPSS
39.5%
CVE-2019-13360 CRITICAL POC THREAT Act Now

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote attackers can bypass authentication in the login process by leveraging knowledge of a valid username. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Webpanel
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
24.4%
CVE-2019-12992 HIGH POC THREAT This Week

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 6 of 6). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Command Injection Netscaler Sd Wan Sd Wan
NVD
CVSS 3.0
8.8
EPSS
48.9%
CVE-2019-12991 HIGH POC KEV THREAT This Week

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Command Injection Netscaler Sd Wan Sd Wan
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
73.9%
CVE-2019-13605 HIGH POC THREAT This Week

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can bypass authentication in the login process by leveraging the knowledge of a valid username. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Webpanel
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
15.3%
CVE-2019-13115 HIGH POC THREAT This Week

In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Libssh2 Debian Linux +5
NVD GitHub
CVSS 3.1
8.1
EPSS
11.7%
CVE-2019-13616 HIGH POC This Week

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Simple Directmedia Layer Debian Linux Backports Sle +10
NVD
CVSS 3.1
8.1
EPSS
3.3%
CVE-2019-13359 HIGH POC THREAT This Week

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

File Upload Webpanel
NVD GitHub Exploit-DB
CVSS 3.0
7.5
EPSS
25.8%
CVE-2019-13618 HIGH POC PATCH This Week

In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a heap-based buffer over-read, as demonstrated by a crash in gf_m2ts_sync in media_tools/mpegts.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Gpac
NVD GitHub
CVSS 3.0
7.5
EPSS
2.3%
CVE-2019-13617 MEDIUM POC This Month

njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxt_vsprintf in nxt/nxt_sprintf.c during error handling, as demonstrated by an njs_regexp_literal call that leads to an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.0
6.5
EPSS
1.3%
CVE-2019-12834 MEDIUM POC This Month

In HT2 Labs Learning Locker 3.15.1, it's possible to inject malicious HTML and JavaScript code into the DOM of the website via the PATH_INFO to the dashboards/ URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Learning Locker
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-1010290 MEDIUM POC This Month

Babel: Multilingual site Babel All is affected by: Open Redirection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Open Redirect Bable
NVD
CVSS 3.0
6.1
EPSS
4.1%
CVE-2019-13603 MEDIUM POC This Month

An issue was discovered in the HID Global DigitalPersona (formerly Crossmatch) U.are.U 4500 Fingerprint Reader Windows Biometric Framework driver 5.0.0.5. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Digital Persona U Are U 4500 Driver Firmware
NVD GitHub
CVSS 3.1
5.9
EPSS
1.1%
CVE-2019-1010292 CRITICAL PATCH Act Now

Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Op Tee
NVD GitHub VulDB
CVSS 3.0
9.8
EPSS
0.4%
CVE-2019-1010043 CRITICAL PATCH Act Now

Quake3e < 5ed740d is affected by: Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Denial Of Service Buffer Overflow RCE Memory Corruption Quake3E
NVD GitHub
CVSS 3.0
9.8
EPSS
2.3%
CVE-2019-1010062 CRITICAL PATCH Act Now

PluckCMS 4.7.4 and earlier is affected by: CWE-434 Unrestricted Upload of File with Dangerous Type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

PHP File Upload Pluckcms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2019-1010060 CRITICAL Act Now

NASA CFITSIO prior to 3.43 is affected by: Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Cfitsio
NVD GitHub
CVSS 3.0
9.8
EPSS
7.2%
CVE-2019-13615 MEDIUM POC This Month

libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Vlc Media Player
NVD GitHub
CVSS 3.0
5.5
EPSS
2.5%
CVE-2019-13383 MEDIUM POC THREAT This Month

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login process allows attackers to check whether a username is valid by reading the HTTP response. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Webpanel
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
14.2%
CVE-2019-1576 HIGH This Week

Command injection in PAN-0S 9.0.2 and earlier may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user’s permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Command Injection Pan Os
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-1575 HIGH This Week

Information disclosure in PAN-OS 7.1.23 and earlier, PAN-OS 8.0.18 and earlier, PAN-OS 8.1.8-h4 and earlier, and PAN-OS 9.0.2 and earlier may allow for an authenticated user with read-only privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2019-13611 HIGH PATCH This Week

An issue was discovered in python-engineio through 3.8.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Python CSRF Python Engineio
NVD GitHub
CVSS 3.0
8.8
EPSS
0.8%
CVE-2019-1010057 HIGH This Week

nfdump 1.6.16 and earlier is affected by: Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow RCE Memory Corruption Nfdump +2
NVD GitHub
CVSS 3.1
7.8
EPSS
1.7%
CVE-2019-6160 HIGH PATCH This Week

A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Px12 350R Firmware Ix12 300R Firmware Home Media Network Hard Drive Firmware Storcenter Ix2 200 Firmware +2
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-10191 HIGH This Week

A vulnerability was discovered in DNS resolver of knot resolver before version 4.1.0 which allows remote attackers to downgrade DNSSEC-secure domains to DNSSEC-insecure state, opening possibility of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Knot Resolver Fedora
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2019-10190 HIGH This Week

A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allows remote attackers to bypass DNSSEC validation for non-existence answer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Knot Resolver Fedora
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2019-13612 HIGH This Week

MDaemon Email Server 19 through 20.0.1 skips SpamAssassin checks by default for e-mail messages larger than 2 MB (and limits checks to 10 MB even with special configuration), which is arguably. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mdaemon Email Server
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2019-1010018 MEDIUM PATCH This Month

Zammad GmbH Zammad 2.3.0 and earlier is affected by: Cross Site Scripting (XSS) - CWE-80. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Java Zammad
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-3571 MEDIUM This Month

An input validation issue affected WhatsApp Desktop versions prior to 0.3.3793 which allows malicious clients to send files to users that would be displayed with a wrong extension. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Whatsapp
NVD
CVSS 3.0
5.3
EPSS
0.8%
CVE-2019-9700 LOW Monitor

Norton Password Manager, prior to 6.3.0.2082, may be susceptible to an address spoofing issue. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Password Manager
NVD
CVSS 3.0
3.9
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy