Skip to main content
CVE-2019-9811 HIGH POC This Week

As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird +3
NVD
CVSS 3.1
8.3
EPSS
2.6%
CVE-2019-11696 HIGH POC This Week

Files with the .JNLP extension used for "Java web start" applications are not treated as executable content for download prompts even though they can be executed if Java is installed on the local. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Mozilla Information Disclosure Firefox
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2019-14243 HIGH POC PATCH This Week

headerv2.go in mastercactapus proxyprotocol before 0.0.2, as used in the mastercactapus caddy-proxyprotocol plugin through 0.0.2 for Caddy, allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Proxyprotocol
NVD GitHub
CVSS 3.1
7.5
EPSS
4.3%
CVE-2019-1010173 HIGH POC This Week

Jsish 2.4.84 2.0484 is affected by: Reachable Assertion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jsish
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2019-1010209 HIGH POC PATCH This Week

GoUrl.io GoURL Wordpress Plugin 1.4.13 and earlier is affected by: CWE-434. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP File Upload WordPress Gourl
NVD GitHub
CVSS 3.0
7.5
EPSS
2.1%
CVE-2019-1010171 HIGH POC This Week

Jsish 2.4.83 2.0483 is affected by: Nullpointer dereference. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Jsish
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2019-1010170 HIGH POC This Week

Jsish 2.4.77 2.0477 is affected by: Use After Free. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free Memory Corruption Jsish
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2019-1010169 HIGH POC This Week

Jsish 2.4.77 2.0477 is affected by: Out-of-bounds Read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Jsish
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-14241 HIGH POC THREAT This Week

HAProxy through 2.0.2 allows attackers to cause a denial of service (ha_panic) via vectors related to htx_manage_client_side_cookies in proto_htx.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Haproxy
NVD GitHub
CVSS 3.0
7.5
EPSS
70.2%
CVE-2019-1010123 HIGH POC This Week

MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Upload of File with Dangerous Type. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Modx Revolution
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2019-2767 HIGH POC PATCH This Week

Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Bi Publisher
NVD
CVSS 3.0
7.2
EPSS
5.2%
CVE-2019-2859 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Information Disclosure Oracle Vm Virtualbox Leap
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2019-2844 HIGH PATCH This Week

Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: LDAP Client Tools). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Information Disclosure Oracle Solaris
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2019-2832 HIGH PATCH This Week

Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Common Desktop Environment). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Information Disclosure Oracle Solaris
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2019-11712 HIGH This Week

POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla CSRF Firefox Thunderbird
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2019-11711 HIGH This Week

When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Mozilla Firefox Thunderbird Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2019-11707 HIGH POC KEV THREAT This Week

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Memory Corruption Firefox Thunderbird
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
38.0%
CVE-2019-2750 HIGH PATCH This Week

Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Internal Operations). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Denial Of Service Oracle Micros Retail J
NVD
CVSS 3.0
8.6
EPSS
1.5%
CVE-2019-9818 HIGH This Week

A race condition is present in the crash generation server used to generate data for the crash reporter. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Denial Of Service Microsoft Mozilla Firefox +2
NVD
CVSS 3.1
8.3
EPSS
1.0%
CVE-2019-11716 HIGH This Week

Until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to code such as Object.getOwnPropertyNames(window). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mozilla Firefox
NVD
CVSS 3.0
8.3
EPSS
1.4%
CVE-2019-2867 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Oracle Memory Corruption Vm Virtualbox Leap
NVD
CVSS 3.1
8.2
EPSS
0.7%
CVE-2019-2866 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity.

Information Disclosure Oracle Vm Virtualbox Leap
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2019-2837 HIGH PATCH This Week

Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: User Interface). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Crm Technical Foundation
NVD
CVSS 3.0
8.2
EPSS
1.3%
CVE-2019-2829 HIGH PATCH This Week

Vulnerability in the Oracle iSupport component of Oracle E-Business Suite (subcomponent: Service Requests). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Isupport
NVD
CVSS 3.0
8.2
EPSS
1.3%
CVE-2019-2771 HIGH PATCH This Week

Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Bi Publisher
NVD
CVSS 3.0
8.2
EPSS
1.0%
CVE-2019-2763 HIGH PATCH This Week

Vulnerability in the Oracle Hospitality Gift and Loyalty component of Oracle Food and Beverage Applications. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Food And Beverage Applications
NVD
CVSS 3.0
8.2
EPSS
1.4%
CVE-2019-2672 HIGH PATCH This Week

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Print Server). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle One To One Fulfillment
NVD
CVSS 3.0
8.2
EPSS
1.3%
CVE-2019-2668 HIGH PATCH This Week

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Print Server). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle One To One Fulfillment
NVD
CVSS 3.0
8.2
EPSS
1.3%
CVE-2019-2666 HIGH PATCH This Week

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Print Server). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle One To One Fulfillment
NVD
CVSS 3.0
8.2
EPSS
1.3%
CVE-2019-2561 HIGH PATCH This Week

Vulnerability in the Oracle Retail Xstore Office component of Oracle Retail Applications (subcomponent: Internal Operations). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Microsoft Oracle Retail Xstore Office
NVD
CVSS 3.0
8.2
EPSS
1.4%
CVE-2019-2841 HIGH PATCH This Week

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Flexcube Investor Servicing
NVD
CVSS 3.0
8.1
EPSS
1.4%
CVE-2019-2754 HIGH PATCH This Week

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Flexcube Universal Banking
NVD
CVSS 3.0
8.1
EPSS
1.4%
CVE-2019-9821 HIGH This Week

A use-after-free vulnerability can occur in AssertWorkerThread due to a race condition with shared workers. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Denial Of Service Mozilla Firefox
NVD
CVSS 3.0
8.1
EPSS
0.9%
CVE-2019-9815 HIGH This Week

If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Mozilla Apple Information Disclosure Firefox Firefox Esr +1
NVD
CVSS 3.0
8.1
EPSS
1.8%
CVE-2019-14240 HIGH This Week

WCMS v0.3.2 has a CSRF vulnerability, with resultant directory traversal, to modify index.html via the /wex/html.php?finish=../index.html URI. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Path Traversal CSRF Wcms
NVD
CVSS 3.0
8.1
EPSS
0.8%
CVE-2019-12162 HIGH This Week

Upwork Time Tracker 5.2.2.716 doesn't verify the SHA256 hash of the downloaded program update before running it, which could lead to code execution or local privilege escalation by replacing the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Time Tracker
NVD VulDB
CVSS 3.0
7.8
EPSS
0.3%
CVE-2019-2833 HIGH PATCH This Week

Vulnerability in the Oracle Hospitality Simphony component of Oracle Food and Beverage Applications. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Food And Beverage Applications
NVD
CVSS 3.0
7.7
EPSS
1.3%
CVE-2019-2813 HIGH PATCH This Week

Vulnerability in the Oracle GraalVM Enterprise Edition component of Oracle GraalVM (subcomponent: GraalVM). Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Graalvm
NVD
CVSS 3.0
7.7
EPSS
1.3%
CVE-2019-2776 HIGH PATCH This Week

Vulnerability in the Core RDBMS component of Oracle Database Server. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Database Server
NVD
CVSS 3.0
7.6
EPSS
1.1%
CVE-2019-2865 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 7.5).

Information Disclosure Oracle Vm Virtualbox Leap
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2019-2864 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 7.5).

Information Disclosure Oracle Vm Virtualbox Leap
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2019-2838 HIGH PATCH This Week

Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Solaris
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2019-2836 HIGH PATCH This Week

Vulnerability in the Oracle Hospitality Simphony component of Oracle Food and Beverage Applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Food And Beverage Applications
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2019-2822 HIGH PATCH This Week

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Shell: Admin / InnoDB Cluster). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Oracle MySQL
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2019-2799 HIGH PATCH This Week

Vulnerability in the Oracle ODBC Driver component of Oracle Database Server<span class=font-red><b> ***PRIVILEGE CANNOT BE NONE FOR AUTHENTICATED ATTACKS***</b></span>. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Microsoft Information Disclosure Oracle Database Server
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2019-2782 HIGH PATCH This Week

Vulnerability in the Oracle Payments component of Oracle E-Business Suite (subcomponent: File Transmission). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Payments
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2019-2768 HIGH PATCH This Week

Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Bi Publisher
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2019-11729 HIGH This Week

Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Firefox Thunderbird
NVD
CVSS 3.0
7.5
EPSS
2.8%
CVE-2019-11723 HIGH This Week

A vulnerability exists during the installation of add-ons where the initial fetch ignored the origin attributes of the browsing context. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Leap
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2019-11719 HIGH This Week

When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Information Disclosure Firefox Thunderbird
NVD
CVSS 3.0
7.5
EPSS
2.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy