Skip to main content
CVE-2019-11704 CRITICAL POC THREAT Act Now

A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email messages, resulting in a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Mozilla Memory Corruption Thunderbird
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
10.5%
CVE-2019-11703 CRITICAL POC THREAT Act Now

A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Mozilla Memory Corruption Thunderbird
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
10.5%
CVE-2019-1010153 CRITICAL POC Act Now

zzcms 8.3 and earlier is affected by: SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zzcms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-1010152 CRITICAL POC Act Now

zzcms 8.3 and earlier is affected by: File Delete to Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE PHP Zzcms
NVD GitHub
CVSS 3.0
9.8
EPSS
2.4%
CVE-2019-1010150 CRITICAL POC Act Now

zzcms 8.3 and earlier is affected by: File Delete to Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE PHP Zzcms
NVD GitHub
CVSS 3.0
9.8
EPSS
2.4%
CVE-2019-1010149 CRITICAL POC Act Now

zzcms version 8.3 and earlier is affected by: File Delete to Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE PHP Zzcms
NVD GitHub
CVSS 3.0
9.8
EPSS
2.4%
CVE-2019-1010148 CRITICAL POC Act Now

zzcms version 8.3 and earlier is affected by: SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi RCE Zzcms
NVD GitHub
CVSS 3.0
9.8
EPSS
2.3%
CVE-2019-1010155 CRITICAL POC Act Now

D-Link DSL-2750U 1.11 is affected by: Authentication Bypass. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Denial Of Service D-Link Dsl 2750U Firmware
NVD
CVSS 3.1
9.1
EPSS
8.6%
CVE-2019-9811 HIGH POC This Week

As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird +3
NVD
CVSS 3.1
8.3
EPSS
2.6%
CVE-2019-11696 HIGH POC This Week

Files with the .JNLP extension used for "Java web start" applications are not treated as executable content for download prompts even though they can be executed if Java is installed on the local. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Mozilla Information Disclosure Firefox
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2019-14243 HIGH POC PATCH This Week

headerv2.go in mastercactapus proxyprotocol before 0.0.2, as used in the mastercactapus caddy-proxyprotocol plugin through 0.0.2 for Caddy, allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Proxyprotocol
NVD GitHub
CVSS 3.1
7.5
EPSS
4.3%
CVE-2019-1010173 HIGH POC This Week

Jsish 2.4.84 2.0484 is affected by: Reachable Assertion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jsish
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2019-1010209 HIGH POC PATCH This Week

GoUrl.io GoURL Wordpress Plugin 1.4.13 and earlier is affected by: CWE-434. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP File Upload WordPress Gourl
NVD GitHub
CVSS 3.0
7.5
EPSS
2.1%
CVE-2019-1010171 HIGH POC This Week

Jsish 2.4.83 2.0483 is affected by: Nullpointer dereference. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Jsish
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2019-1010170 HIGH POC This Week

Jsish 2.4.77 2.0477 is affected by: Use After Free. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free Memory Corruption Jsish
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2019-1010169 HIGH POC This Week

Jsish 2.4.77 2.0477 is affected by: Out-of-bounds Read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Jsish
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-14241 HIGH POC THREAT This Week

HAProxy through 2.0.2 allows attackers to cause a denial of service (ha_panic) via vectors related to htx_manage_client_side_cookies in proto_htx.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Haproxy
NVD GitHub
CVSS 3.0
7.5
EPSS
70.2%
CVE-2019-1010123 HIGH POC This Week

MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Upload of File with Dangerous Type. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Modx Revolution
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2019-2767 HIGH POC PATCH This Week

Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Bi Publisher
NVD
CVSS 3.0
7.2
EPSS
5.2%
CVE-2019-11721 MEDIUM POC This Month

The unicode latin 'kra' character can be used to spoof a standard 'k' character in the addressbar. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Firefox Leap
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-1010202 MEDIUM POC This Month

Jeesite 1.2.7 is affected by: XML External Entity (XXE). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Java Information Disclosure Jeesite
NVD GitHub
CVSS 3.0
6.5
EPSS
1.3%
CVE-2019-11724 MEDIUM POC This Month

Application permissions give additional remote troubleshooting permission to the site input.mozilla.org, which has been retired and now redirects to another site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mozilla Firefox Leap
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-11708 CRITICAL POC KEV THREAT Act Now

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Firefox Thunderbird
NVD Exploit-DB
CVSS 3.1
10.0
EPSS
55.9%
CVE-2019-2856 CRITICAL PATCH Act Now

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Application Container - JavaEE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Oracle Weblogic Server
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2019-12164 CRITICAL PATCH Act Now

ubuntu-server.js in Status React Native Desktop before v0.57.8_mobile_ui allows Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Ubuntu RCE React Native Desktop
NVD GitHub
CVSS 3.0
9.8
EPSS
4.1%
CVE-2019-1010200 CRITICAL PATCH Act Now

Voice Builder Prior to commit c145d4604df67e6fc625992412eef0bf9a85e26b and f6660e6d8f0d1d931359d591dbdec580fef36d36 is affected by: CWE-78: Improper Neutralization of Special Elements used in an OS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Google RCE Command Injection Voice Builder
NVD GitHub
CVSS 3.0
9.8
EPSS
1.9%
CVE-2019-9820 CRITICAL Act Now

A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Google Use After Free Mozilla +3
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-9819 CRITICAL Act Now

A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Memory Corruption Firefox Firefox Esr +1
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-9814 CRITICAL Act Now

Mozilla developers and community members reported memory safety bugs present in Firefox 66. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla RCE Memory Corruption Firefox
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2019-9800 CRITICAL Act Now

Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla RCE Memory Corruption Firefox +2
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2019-11714 CRITICAL Act Now

Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Firefox
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-11713 CRITICAL Act Now

A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Mozilla Memory Corruption Firefox +1
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2019-11710 CRITICAL Act Now

Mozilla developers and community members reported memory safety bugs present in Firefox 67. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla RCE Memory Corruption Firefox +1
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2019-11709 CRITICAL Act Now

Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla RCE Memory Corruption Firefox +4
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2019-11705 CRITICAL POC Act Now

A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email messages, resulting in a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Memory Corruption Thunderbird
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
9.9%
CVE-2019-11693 CRITICAL Act Now

The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Memory Corruption Firefox Thunderbird
NVD
CVSS 3.0
9.8
EPSS
2.4%
CVE-2019-11692 CRITICAL Act Now

A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Mozilla Memory Corruption Firefox +1
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-11691 CRITICAL Act Now

A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Mozilla Memory Corruption Firefox +2
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-10173 CRITICAL PATCH Act Now

It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Deserialization Xstream Banking Platform +8
NVD
CVSS 3.1
9.8
EPSS
94.8%
CVE-2019-2828 CRITICAL PATCH Act Now

Vulnerability in the Oracle Field Service component of Oracle E-Business Suite (subcomponent: Wireless). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Oracle Field Service
NVD
CVSS 3.0
9.6
EPSS
1.6%
CVE-2019-1010162 MEDIUM POC This Month

jsish 2.4.74 2.0474 is affected by: CWE-476: NULL Pointer Dereference. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Jsish
NVD
CVSS 3.0
5.5
EPSS
0.8%
CVE-2019-1010124 MEDIUM POC This Month

WebAppick WooCommerce Product Feed 2.2.18 and earlier is affected by: Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Woocommerce Product Feed
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
3.2%
CVE-2019-11717 MEDIUM POC This Month

A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Firefox Thunderbird Debian Linux +2
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2019-2775 CRITICAL PATCH Act Now

Vulnerability in the Oracle Payments component of Oracle E-Business Suite (subcomponent: File Transmission). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Payments
NVD
CVSS 3.0
9.1
EPSS
1.6%
CVE-2019-2859 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Information Disclosure Oracle Vm Virtualbox Leap
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2019-2844 HIGH PATCH This Week

Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: LDAP Client Tools). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Information Disclosure Oracle Solaris
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2019-2832 HIGH PATCH This Week

Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Common Desktop Environment). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Information Disclosure Oracle Solaris
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2019-11712 HIGH This Week

POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla CSRF Firefox Thunderbird
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2019-11711 HIGH This Week

When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Mozilla Firefox Thunderbird Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2019-11707 HIGH POC KEV THREAT This Week

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Memory Corruption Firefox Thunderbird
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
38.0%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy