Skip to main content
CVE-2019-5448 HIGH POC PATCH This Week

Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Yarn
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
CVE-2019-5459 HIGH POC This Week

An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Information Disclosure Vlc Media Player Backports Sle Backports +1
NVD
CVSS 3.1
7.1
EPSS
2.8%
CVE-2019-5455 MEDIUM POC This Month

Bypassing lock protection exists in Nextcloud Android app 3.6.0 when creating a multi-account and aborting the process. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Google Nextcloud
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2019-5450 MEDIUM POC This Month

Improper sanitization of HTML in directory names in the Nextcloud Android app prior to version 3.7.0 allowed to style the directory name in the header bar when using basic HTML. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nextcloud Google
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2019-14443 MEDIUM POC This Month

An issue was discovered in Libav 12.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libav Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-14442 MEDIUM POC This Month

In mpc8_read_header in libavformat/mpc8.c in Libav 12.3, an input file can result in an avio_seek infinite loop and hang, with 100% CPU consumption. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libav Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-14441 MEDIUM POC This Month

An issue was discovered in Libav 12.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libav
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-5453 MEDIUM POC This Month

Bypass lock protection in the Nextcloud Android app prior to version 3.3.0 allowed access to files when being prompted for the lock protection and switching to the Nextcloud file provider. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Google Nextcloud
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2019-14318 MEDIUM POC PATCH This Month

Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Crypto
NVD GitHub
CVSS 3.0
5.9
EPSS
3.2%
CVE-2019-5454 CRITICAL PATCH Act Now

SQL Injection in the Nextcloud Android app prior to version 3.0.0 allows to destroy a local cache when a harmful query is executed requiring to resetup the account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Nextcloud Google
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2019-13026 CRITICAL Act Now

OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Injection via a crafted URL, leading to full access by an attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Eshop
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-14313 CRITICAL PATCH Act Now

A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi WordPress PHP Photo Gallery
NVD
CVSS 3.1
9.8
EPSS
4.5%
CVE-2019-11202 CRITICAL PATCH Act Now

An issue was discovered that affects the following versions of Rancher: v2.0.0 through v2.0.13, v2.1.0 through v2.1.8, and v2.2.0 through 2.2.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rancher
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-5460 MEDIUM POC This Month

Double Free in VLC versions <= 3.0.6 leads to a crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Vlc Media Player Backports Leap
NVD
CVSS 3.1
5.5
EPSS
2.5%
CVE-2019-14444 MEDIUM POC This Month

apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Binutils Leap Ubuntu Linux +2
NVD
CVSS 3.1
5.5
EPSS
1.5%
CVE-2019-5458 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in http-file-server (all versions) allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Http File Server
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-5457 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in min-http-server (all versions) allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Min Http Server
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-10141 CRITICAL PATCH Act Now

A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Denial Of Service Ironic Inspector Openstack
NVD
CVSS 3.0
9.1
EPSS
2.5%
CVE-2019-13635 CRITICAL PATCH Act Now

The WP Fastest Cache plugin through 0.8.9.5 for WordPress allows wpFastestCache.php and inc/cache.php Directory Traversal. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

PHP Path Traversal WordPress Wp Fastest Cache
NVD
CVSS 3.0
9.1
EPSS
44.4%
CVE-2019-10138 HIGH PATCH This Week

A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Python Red Hat Novajoin
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2019-14405 HIGH This Week

cPanel before 78.0.18 allows demo accounts to execute code via securitypolicy.cg (SEC-487). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2019-14401 HIGH This Week

cPanel before 78.0.18 allows code execution via an addforward API1 call (SEC-480). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cpanel
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2019-14398 HIGH This Week

cPanel before 80.0.5 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-498). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cpanel
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2019-14392 HIGH This Week

cPanel before 80.0.22 allows remote code execution by a demo account because of incorrect URI dispatching (SEC-501). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cpanel
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2019-5456 HIGH This Week

SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version <= 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Ubiquiti Information Disclosure Unifi Controller
NVD
CVSS 3.1
8.1
EPSS
1.3%
CVE-2019-10161 HIGH PATCH This Week

It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Denial Of Service Libvirt Enterprise Linux Virtualization +2
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-10142 HIGH This Week

A flaw was found in the Linux kernel's freescale hypervisor manager implementation, kernel versions 5.0.x up to, excluding 5.0.17. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Linux Linux Kernel
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2019-14400 HIGH This Week

cPanel before 78.0.18 allows local users to escalate to root access because of userdata cache misparsing (SEC-479). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cpanel
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2019-14389 HIGH This Week

cPanel before 82.0.2 allows local users to discover the MySQL root password (SEC-510). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2019-10162 HIGH PATCH This Week

A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Authoritative Leap
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-14388 HIGH This Week

cPanel before 82.0.2 allows unauthenticated file creation because Exim log parsing is mishandled (SEC-507). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2019-14381 HIGH This Week

libopenmpt before 0.4.3 allows a crash due to a NULL pointer dereference when doing a portamento from an OPL instrument to an empty instrument note map slot. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Libopenmpt
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-14439 HIGH PATCH This Week

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Jackson Databind Debian Linux Fedora Drill +14
NVD GitHub
CVSS 3.1
7.5
EPSS
10.8%
CVE-2019-7615 HIGH PATCH This Week

A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Elastic Information Disclosure Apm Agent Ruby
NVD
CVSS 3.1
7.4
EPSS
0.6%
CVE-2019-11775 HIGH This Week

All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Openj9 Satellite Enterprise Linux Desktop Enterprise Linux Server +1
NVD
CVSS 3.1
7.4
EPSS
1.5%
CVE-2019-10152 HIGH PATCH This Week

A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. Rated high severity (CVSS 7.2).

Path Traversal Libpod Leap
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2019-14399 HIGH This Week

The SSL certificate-storage feature in cPanel before 78.0.18 allows unsafe file operations in the context of the root account (SEC-477). Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.0
7.1
EPSS
0.3%
CVE-2019-4456 HIGH This Week

IBM Daeja ViewONE Professional, Standard & Virtual 5.0.5 and 5.0.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE IBM Daeja Viewone
NVD
CVSS 3.1
7.1
EPSS
1.9%
CVE-2019-4062 HIGH This Week

IBM i2 Intelligent Analyis Platform 9.0.0 through 9.1.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE IBM I2 Intelligent Analysis Platform
NVD
CVSS 3.1
7.1
EPSS
1.6%
CVE-2019-14242 MEDIUM This Month

An issue was discovered in Bitdefender products for Windows (Bitdefender Endpoint Security Tool versions prior to 6.6.8.115; and Bitdefender Antivirus Plus, Bitdefender Internet Security, and. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Microsoft Antivirus Plus Endpoint Security Tool Internet Security +1
NVD
CVSS 3.0
6.7
EPSS
0.6%
CVE-2019-14383 MEDIUM PATCH This Month

J2B in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libopenmpt Leap
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2019-14382 MEDIUM PATCH This Month

DSM in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libopenmpt
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-14380 MEDIUM PATCH This Month

libopenmpt before 0.4.5 allows a crash during playback due to an out-of-bounds read in XM and MT2 files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Libopenmpt Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-10129 MEDIUM This Month

A vulnerability was found in postgresql versions 11.x prior to 11.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PostgreSQL Buffer Overflow Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2019-14327 MEDIUM This Month

A CSRF vulnerability in Settings form in the Custom Simple Rss plugin 2.0.6 for WordPress allows attackers to change the plugin settings. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Custom Simple Rss
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2019-5452 LOW POC Monitor

Bypass lock protection in the Nextcloud Android app prior to version 3.6.2 causes leaking of thumbnails when requesting the Android content provider although the lock protection was not solved. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Nextcloud Google
NVD
CVSS 3.1
2.4
EPSS
0.4%
CVE-2019-14406 MEDIUM This Month

cPanel before 78.0.18 has stored XSS in the BoxTrapper Queue Listing (SEC-493). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cpanel
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2019-14387 MEDIUM This Month

cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cpanel
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-7614 MEDIUM PATCH This Month

A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Elastic Information Disclosure Elasticsearch
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2019-14409 MEDIUM This Month

cPanel before 78.0.2 allows arbitrary file-read operations via Passenger adminbin (SEC-466). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.0
5.5
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy