Skip to main content
CVE-2019-12992 HIGH POC THREAT This Week

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 6 of 6). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Command Injection Netscaler Sd Wan Sd Wan
NVD
CVSS 3.0
8.8
EPSS
48.9%
CVE-2019-12991 HIGH POC KEV THREAT This Week

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Command Injection Netscaler Sd Wan Sd Wan
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
73.9%
CVE-2019-13605 HIGH POC THREAT This Week

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can bypass authentication in the login process by leveraging the knowledge of a valid username. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Webpanel
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
15.3%
CVE-2019-13115 HIGH POC THREAT This Week

In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Libssh2 Debian Linux +5
NVD GitHub
CVSS 3.1
8.1
EPSS
11.7%
CVE-2019-13616 HIGH POC This Week

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Simple Directmedia Layer Debian Linux Backports Sle +10
NVD
CVSS 3.1
8.1
EPSS
3.3%
CVE-2019-13359 HIGH POC THREAT This Week

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

File Upload Webpanel
NVD GitHub Exploit-DB
CVSS 3.0
7.5
EPSS
25.8%
CVE-2019-13618 HIGH POC PATCH This Week

In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a heap-based buffer over-read, as demonstrated by a crash in gf_m2ts_sync in media_tools/mpegts.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Gpac
NVD GitHub
CVSS 3.0
7.5
EPSS
2.3%
CVE-2019-1576 HIGH This Week

Command injection in PAN-0S 9.0.2 and earlier may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user’s permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Command Injection Pan Os
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-1575 HIGH This Week

Information disclosure in PAN-OS 7.1.23 and earlier, PAN-OS 8.0.18 and earlier, PAN-OS 8.1.8-h4 and earlier, and PAN-OS 9.0.2 and earlier may allow for an authenticated user with read-only privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2019-13611 HIGH PATCH This Week

An issue was discovered in python-engineio through 3.8.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Python CSRF Python Engineio
NVD GitHub
CVSS 3.0
8.8
EPSS
0.8%
CVE-2019-1010057 HIGH This Week

nfdump 1.6.16 and earlier is affected by: Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow RCE Memory Corruption Nfdump +2
NVD GitHub
CVSS 3.1
7.8
EPSS
1.7%
CVE-2019-6160 HIGH PATCH This Week

A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Px12 350R Firmware Ix12 300R Firmware Home Media Network Hard Drive Firmware Storcenter Ix2 200 Firmware +2
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-10191 HIGH This Week

A vulnerability was discovered in DNS resolver of knot resolver before version 4.1.0 which allows remote attackers to downgrade DNSSEC-secure domains to DNSSEC-insecure state, opening possibility of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Knot Resolver Fedora
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2019-10190 HIGH This Week

A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allows remote attackers to bypass DNSSEC validation for non-existence answer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Knot Resolver Fedora
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2019-13612 HIGH This Week

MDaemon Email Server 19 through 20.0.1 skips SpamAssassin checks by default for e-mail messages larger than 2 MB (and limits checks to 10 MB even with special configuration), which is arguably. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mdaemon Email Server
NVD
CVSS 3.0
7.5
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy