Skip to main content
CVE-2019-3959 HIGH POC This Week

Cross-site request forgery in WallacePOS 1.4.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Wallacepos
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2019-5060 HIGH POC This Week

An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Sdl2 Image Backports Sle Leap
NVD
CVSS 3.1
8.8
EPSS
4.0%
CVE-2019-14199 CRITICAL CISA Emergency

An issue was discovered in Das U-Boot through 2019.07. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure U Boot
NVD
CVSS 3.0
9.8
EPSS
0.5%
Threat
4.0
CVE-2019-14193 CRITICAL CISA Emergency

An issue was discovered in Das U-Boot through 2019.07. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow U Boot
NVD
CVSS 3.0
9.8
EPSS
0.5%
Threat
4.0
CVE-2019-14203 CRITICAL CISA Emergency

An issue was discovered in Das U-Boot through 2019.07. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow U Boot
NVD
CVSS 3.0
9.8
EPSS
0.4%
Threat
4.0
CVE-2019-14202 CRITICAL CISA Emergency

An issue was discovered in Das U-Boot through 2019.07. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow U Boot
NVD
CVSS 3.0
9.8
EPSS
0.4%
Threat
4.0
CVE-2019-14201 CRITICAL CISA Emergency

An issue was discovered in Das U-Boot through 2019.07. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow U Boot
NVD
CVSS 3.0
9.8
EPSS
0.4%
Threat
4.0
CVE-2019-14200 CRITICAL CISA Emergency

An issue was discovered in Das U-Boot through 2019.07. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow U Boot
NVD
CVSS 3.0
9.8
EPSS
0.4%
Threat
4.0
CVE-2019-14196 CRITICAL CISA Emergency

An issue was discovered in Das U-Boot through 2019.07. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow U Boot
NVD
CVSS 3.0
9.8
EPSS
0.4%
Threat
4.0
CVE-2019-14198 CRITICAL CISA Emergency

An issue was discovered in Das U-Boot through 2019.07. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow U Boot
NVD
CVSS 3.0
9.8
EPSS
0.4%
Threat
4.0
CVE-2019-14194 CRITICAL CISA Emergency

An issue was discovered in Das U-Boot through 2019.07. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow U Boot
NVD
CVSS 3.0
9.8
EPSS
0.4%
Threat
4.0
CVE-2019-14204 CRITICAL CISA Emergency

An issue was discovered in Das U-Boot through 2019.07. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow U Boot
NVD
CVSS 3.0
9.8
EPSS
0.4%
Threat
4.0
CVE-2019-14192 CRITICAL CISA Emergency

An issue was discovered in Das U-Boot through 2019.07. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure U Boot
NVD
CVSS 3.0
9.8
EPSS
0.3%
Threat
4.0
CVE-2019-14195 CRITICAL CISA Emergency

An issue was discovered in Das U-Boot through 2019.07. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow U Boot
NVD
CVSS 3.0
9.8
EPSS
0.2%
Threat
4.0
CVE-2019-14459 HIGH POC PATCH This Week

nfdump 1.6.17 and earlier is affected by an integer overflow in the function Process_ipfix_template_withdraw in ipfix.c that can be abused in order to crash the process remotely (denial of service). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Integer Overflow Nfdump Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.7%
CVE-2019-3960 HIGH POC This Week

Unrestricted upload of file with dangerous type in WallacePOS 1.4.3 allows a remote, authenticated attacker to execute arbitrary code by uploading a malicious PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload RCE Wallacepos
NVD
CVSS 3.0
7.2
EPSS
3.0%
CVE-2019-14197 CRITICAL CISA Emergency

An issue was discovered in Das U-Boot through 2019.07. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure U Boot
NVD
CVSS 3.0
9.1
EPSS
0.5%
CVE-2019-12797 CRITICAL Act Now

A clone version of an ELM327 OBD2 Bluetooth device has a hardcoded PIN, leading to arbitrary commands to an OBD-II bus of a vehicle. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Elm27 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2019-14464 MEDIUM POC This Month

XMFile::read in XMFile.cpp in milkyplay in MilkyTracker 1.02.00 has a heap-based buffer overflow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Milkytracker Ubuntu Linux Debian Linux +1
NVD GitHub
CVSS 3.1
5.5
EPSS
1.3%
CVE-2019-5020 MEDIUM POC This Month

An exploitable denial of service vulnerability exists in the object lookup functionality of Yara 3.8.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Yara
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2019-14456 MEDIUM POC This Month

Opengear console server firmware releases prior to 4.5.0 have a stored XSS vulnerability related to serial port logging. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opengear
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2019-3958 MEDIUM POC This Month

Insufficient output sanitization in WallacePOS 1.4.3 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks via a crafted sales transaction. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wallacepos
NVD
CVSS 3.0
5.4
EPSS
0.9%
CVE-2019-14463 CRITICAL PATCH Act Now

An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Libmodbus Fedora Debian Linux
NVD GitHub
CVSS 3.1
9.1
EPSS
1.9%
CVE-2019-14462 CRITICAL PATCH Act Now

An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Libmodbus Fedora Debian Linux
NVD GitHub
CVSS 3.1
9.1
EPSS
2.0%
CVE-2019-10186 HIGH PATCH This Week

A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Moodle
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2019-1901 HIGH This Week

A vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an adjacent, unauthenticated. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Cisco RCE Nx Os
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2019-5059 HIGH This Week

An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Sdl2 Image Backports Sle Leap
NVD
CVSS 3.1
8.8
EPSS
3.6%
CVE-2019-5058 HIGH This Week

An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Sdl2 Image Backports Sle +1
NVD
CVSS 3.1
8.8
EPSS
3.6%
CVE-2019-5057 HIGH This Week

An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Sdl2 Image Backports Sle +1
NVD
CVSS 3.1
8.8
EPSS
3.6%
CVE-2019-13568 HIGH PATCH This Week

CImg through 2.6.7 has a heap-based buffer overflow in _load_bmp in CImg.h because of erroneous memory allocation for a malformed BMP image. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Cimg
NVD GitHub
CVSS 3.0
8.8
EPSS
1.7%
CVE-2019-10356 HIGH PATCH This Week

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins RCE Script Security Openshift Container Platform
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2019-10355 HIGH PATCH This Week

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins RCE Script Security Openshift Container Platform
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2019-10185 HIGH PATCH This Week

It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Icedtea Web Debian Linux Leap
NVD GitHub
CVSS 3.1
8.6
EPSS
4.0%
CVE-2019-10181 HIGH PATCH This Week

It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Code Injection Icedtea Web Debian Linux Leap
NVD GitHub
CVSS 3.1
8.1
EPSS
1.1%
CVE-2019-14465 HIGH PATCH This Week

fmt_mtm_load_song in fmt/mtm.c in Schism Tracker 20190722 has a heap-based buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Schism Tracker
NVD GitHub
CVSS 3.1
7.8
EPSS
1.2%
CVE-2019-12750 HIGH This Week

Symantec Endpoint Protection, prior to 14.2 RU1 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition, prior to 12.1 RU6 MP10c (12.1.7491.7002), may be susceptible to a privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Information Disclosure Endpoint Protection
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-4165 HIGH PATCH This Week

IBM StoreIQ 7.6.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Storediq
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2019-14452 HIGH PATCH This Week

Sigil before 0.9.16 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Sigil Flightcrew Ubuntu Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
3.7%
CVE-2019-10198 MEDIUM PATCH This Month

An authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Foreman Tasks Satellite
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2019-10182 MEDIUM PATCH This Month

It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Icedtea Web Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +2
NVD GitHub
CVSS 3.0
6.5
EPSS
2.7%
CVE-2019-10366 MEDIUM PATCH This Month

Jenkins Skytap Cloud CI Plugin 2.06 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Skytap Cloud Ci
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2019-10358 MEDIUM PATCH This Month

Jenkins Maven Integration Plugin 3.3 and earlier did not apply build log decorators to module builds, potentially revealing sensitive build variables in the build log. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Maven
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-10359 MEDIUM PATCH This Month

A cross-site request forgery vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier in the M2ReleaseAction#doSubmit method allowed attackers to perform releases with attacker-specified. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF M2Release
NVD
CVSS 3.1
6.3
EPSS
0.6%
CVE-2019-7000 MEDIUM This Month

A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE Aura Conferencing
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-10364 MEDIUM PATCH This Month

Jenkins Amazon EC2 Plugin 1.43 and earlier wrote the beginning of private keys to the Jenkins system log. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Ec2
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-10361 MEDIUM PATCH This Month

Jenkins Maven Release Plugin 0.14.0 and earlier stored credentials unencrypted on the Jenkins master where they could be viewed by users with access to the master file system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure M2Release
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2019-10345 MEDIUM PATCH This Month

Jenkins Configuration as Code Plugin 1.20 and earlier did not treat the proxy password as a secret to be masked when logging or encrypted for export. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Configuration As Code
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-10362 MEDIUM PATCH This Month

Jenkins Configuration as Code Plugin 1.24 and earlier did not escape values resulting in variable interpolation during configuration import when exporting, allowing attackers with permission to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Configuration As Code
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-10360 MEDIUM PATCH This Month

A stored cross site scripting vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier allowed attackers to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins M2 Release
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-10363 MEDIUM PATCH This Month

Jenkins Configuration as Code Plugin 1.24 and earlier did not reliably identify sensitive values expected to be exported in their encrypted form. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Configuration As Code
NVD
CVSS 3.1
4.9
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy