Skip to main content
CVE-2019-13272 HIGH POC KEV PATCH THREAT Act Now

In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel Debian Linux Fedora +19
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
52.2%
CVE-2019-3969 HIGH POC This Week

Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Local Privilege Escalation due to CmdAgent's handling of COM clients. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Antivirus
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2019-13623 HIGH POC This Week

In NSA Ghidra before 9.1, path traversal can occur in RestoreTask.java (from the package ghidra.app.plugin.core.archive) via an archive with an executable file that has an initial ../ in its. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Path Traversal RCE Ghidra
NVD GitHub Exploit-DB
CVSS 3.0
7.8
EPSS
5.0%
CVE-2019-1010283 HIGH POC PATCH This Week

Univention Corporate Server univention-directory-notifier 12.0.1-3 and earlier is affected by: CWE-213: Intentional Information Exposure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Univention Corporate Server
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-13619 HIGH POC This Week

In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Wireshark Fedora Ubuntu Linux Debian Linux +1
NVD
CVSS 3.1
7.5
EPSS
6.1%
CVE-2019-13403 HIGH POC This Week

Temenos CWX version 8.9 has an Broken Access Control vulnerability in the module /CWX/Employee/EmployeeEdit2.aspx, leading to the viewing of user information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cwx
NVD GitHub
CVSS 3.0
7.5
EPSS
1.9%
CVE-2019-12876 HIGH POC This Week

Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Zoho Manageengine Admanager Plus Manageengine Adselfservice Plus Manageengine Desktop Central
NVD
CVSS 3.0
7.3
EPSS
4.6%
CVE-2019-13637 HIGH This Week

In LogMeIn join.me before 3.16.0.5505, an attacker could execute arbitrary commands on a targeted system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Join Me
NVD GitHub
CVSS 3.0
8.8
EPSS
2.6%
CVE-2019-1919 HIGH This Week

A vulnerability in the Cisco FindIT Network Management Software virtual machine (VM) images could allow an unauthenticated, local attacker who has access to the VM console to log in to the device. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cisco Findit Network Manager Findit Network Probe
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2019-11771 HIGH This Week

AIX builds of Eclipse OpenJ9 before 0.15.0 contain unused RPATHs which may facilitate code injection and privilege elevation by local users. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Openj9
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-8932 HIGH This Week

Redbrick Shift through 3.4.3 allows an attacker to extract authentication tokens of services (such as Gmail, Outlook, etc.) used in the application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Shift
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2019-8931 HIGH This Week

Redbrick Shift through 3.4.3 allows an attacker to extract emails of services (such as Gmail, Outlook, etc.) used in the application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Shift
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2019-12914 HIGH This Week

Redbrick Shift through 3.4.3 allows an attacker to extract authentication tokens of services (such as Gmail, Outlook, etc.) used in the application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Shift
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2019-12911 HIGH This Week

Redbrick Shift through 3.4.3 allows an attacker to extract authentication tokens of services (such as Gmail, Outlook, etc.) used in the application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Shift
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2019-12175 HIGH This Week

In Zeek Network Security Monitor (formerly known as Bro) before 2.6.2, a NULL pointer dereference in the Kerberos (aka KRB) protocol parser leads to DoS because a case-type index is mishandled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Zeek
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-10353 HIGH PATCH This Week

CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier did not expire, thereby allowing attackers able to obtain them to bypass CSRF protection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jenkins CSRF
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2019-4430 HIGH PATCH This Week

IBM Maximo Asset Management 7.6 could allow a remote attacker to traverse directories on the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

IBM Path Traversal Maximo Asset Management
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2019-1010083 HIGH PATCH This Week

The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Python Flask
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2019-1920 HIGH This Week

A vulnerability in the 802.11r Fast Transition (FT) implementation for Cisco IOS Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS). Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Apple Aironet 3700E Firmware Aironet 3700I Firmware +2
NVD
CVSS 3.1
7.4
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy