Skip to main content
CVE-2019-3959 HIGH POC This Week

Cross-site request forgery in WallacePOS 1.4.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Wallacepos
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2019-5060 HIGH POC This Week

An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Sdl2 Image Backports Sle Leap
NVD
CVSS 3.1
8.8
EPSS
4.0%
CVE-2019-14459 HIGH POC PATCH This Week

nfdump 1.6.17 and earlier is affected by an integer overflow in the function Process_ipfix_template_withdraw in ipfix.c that can be abused in order to crash the process remotely (denial of service). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Integer Overflow Nfdump Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.7%
CVE-2019-3960 HIGH POC This Week

Unrestricted upload of file with dangerous type in WallacePOS 1.4.3 allows a remote, authenticated attacker to execute arbitrary code by uploading a malicious PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload RCE Wallacepos
NVD
CVSS 3.0
7.2
EPSS
3.0%
CVE-2019-10186 HIGH PATCH This Week

A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Moodle
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2019-1901 HIGH This Week

A vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an adjacent, unauthenticated. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Cisco RCE Nx Os
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2019-5059 HIGH This Week

An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Sdl2 Image Backports Sle Leap
NVD
CVSS 3.1
8.8
EPSS
3.6%
CVE-2019-5058 HIGH This Week

An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Sdl2 Image Backports Sle +1
NVD
CVSS 3.1
8.8
EPSS
3.6%
CVE-2019-5057 HIGH This Week

An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Sdl2 Image Backports Sle +1
NVD
CVSS 3.1
8.8
EPSS
3.6%
CVE-2019-13568 HIGH PATCH This Week

CImg through 2.6.7 has a heap-based buffer overflow in _load_bmp in CImg.h because of erroneous memory allocation for a malformed BMP image. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Cimg
NVD GitHub
CVSS 3.0
8.8
EPSS
1.7%
CVE-2019-10356 HIGH PATCH This Week

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins RCE Script Security Openshift Container Platform
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2019-10355 HIGH PATCH This Week

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins RCE Script Security Openshift Container Platform
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2019-10185 HIGH PATCH This Week

It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Icedtea Web Debian Linux Leap
NVD GitHub
CVSS 3.1
8.6
EPSS
4.0%
CVE-2019-10181 HIGH PATCH This Week

It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Code Injection Icedtea Web Debian Linux Leap
NVD GitHub
CVSS 3.1
8.1
EPSS
1.1%
CVE-2019-14465 HIGH PATCH This Week

fmt_mtm_load_song in fmt/mtm.c in Schism Tracker 20190722 has a heap-based buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Schism Tracker
NVD GitHub
CVSS 3.1
7.8
EPSS
1.2%
CVE-2019-12750 HIGH This Week

Symantec Endpoint Protection, prior to 14.2 RU1 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition, prior to 12.1 RU6 MP10c (12.1.7491.7002), may be susceptible to a privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Information Disclosure Endpoint Protection
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-4165 HIGH PATCH This Week

IBM StoreIQ 7.6.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Storediq
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2019-14452 HIGH PATCH This Week

Sigil before 0.9.16 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Sigil Flightcrew Ubuntu Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
3.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy