Skip to main content
CVE-2019-5448 HIGH POC PATCH This Week

Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Yarn
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
CVE-2019-5459 HIGH POC This Week

An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Information Disclosure Vlc Media Player Backports Sle Backports +1
NVD
CVSS 3.1
7.1
EPSS
2.8%
CVE-2019-10138 HIGH PATCH This Week

A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Python Red Hat Novajoin
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2019-14405 HIGH This Week

cPanel before 78.0.18 allows demo accounts to execute code via securitypolicy.cg (SEC-487). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2019-14401 HIGH This Week

cPanel before 78.0.18 allows code execution via an addforward API1 call (SEC-480). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cpanel
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2019-14398 HIGH This Week

cPanel before 80.0.5 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-498). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cpanel
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2019-14392 HIGH This Week

cPanel before 80.0.22 allows remote code execution by a demo account because of incorrect URI dispatching (SEC-501). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cpanel
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2019-5456 HIGH This Week

SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version <= 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Ubiquiti Information Disclosure Unifi Controller
NVD
CVSS 3.1
8.1
EPSS
1.3%
CVE-2019-10161 HIGH PATCH This Week

It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Denial Of Service Libvirt Enterprise Linux Virtualization +2
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-10142 HIGH This Week

A flaw was found in the Linux kernel's freescale hypervisor manager implementation, kernel versions 5.0.x up to, excluding 5.0.17. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Linux Linux Kernel
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2019-14400 HIGH This Week

cPanel before 78.0.18 allows local users to escalate to root access because of userdata cache misparsing (SEC-479). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cpanel
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2019-14389 HIGH This Week

cPanel before 82.0.2 allows local users to discover the MySQL root password (SEC-510). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2019-10162 HIGH PATCH This Week

A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Authoritative Leap
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-14388 HIGH This Week

cPanel before 82.0.2 allows unauthenticated file creation because Exim log parsing is mishandled (SEC-507). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2019-14381 HIGH This Week

libopenmpt before 0.4.3 allows a crash due to a NULL pointer dereference when doing a portamento from an OPL instrument to an empty instrument note map slot. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Libopenmpt
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-14439 HIGH PATCH This Week

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Jackson Databind Debian Linux Fedora Drill +14
NVD GitHub
CVSS 3.1
7.5
EPSS
10.8%
CVE-2019-7615 HIGH PATCH This Week

A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Elastic Information Disclosure Apm Agent Ruby
NVD
CVSS 3.1
7.4
EPSS
0.6%
CVE-2019-11775 HIGH This Week

All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Openj9 Satellite Enterprise Linux Desktop Enterprise Linux Server +1
NVD
CVSS 3.1
7.4
EPSS
1.5%
CVE-2019-10152 HIGH PATCH This Week

A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. Rated high severity (CVSS 7.2).

Path Traversal Libpod Leap
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2019-14399 HIGH This Week

The SSL certificate-storage feature in cPanel before 78.0.18 allows unsafe file operations in the context of the root account (SEC-477). Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.0
7.1
EPSS
0.3%
CVE-2019-4456 HIGH This Week

IBM Daeja ViewONE Professional, Standard & Virtual 5.0.5 and 5.0.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE IBM Daeja Viewone
NVD
CVSS 3.1
7.1
EPSS
1.9%
CVE-2019-4062 HIGH This Week

IBM i2 Intelligent Analyis Platform 9.0.0 through 9.1.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE IBM I2 Intelligent Analysis Platform
NVD
CVSS 3.1
7.1
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy