Skip to main content
CVE-2019-14475 HIGH POC This Week

eQ-3 Homematic CCU2 2.47.15 and prior and CCU3 3.47.15 and prior use session IDs for authentication but lack authorization checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ccu2 Firmware Ccu3 Firmware
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2019-14521 HIGH POC PATCH This Week

The api/admin/logoupload Logo File upload feature in EMCA Energy Logserver 6.1.2 allows attackers to send any kind of file to any location on the server via path traversal in the filename parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload Path Traversal Energy Logserver
NVD GitHub
CVSS 3.0
7.5
EPSS
2.4%
CVE-2019-14654 HIGH This Week

In Joomla!. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Joomla
NVD
CVSS 3.0
8.8
EPSS
2.3%
CVE-2019-10980 HIGH This Week

A type confusion vulnerability may be exploited when LAquis SCADA 4.3.1.71 processes a specially crafted project file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Memory Corruption SCADA
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2019-3800 HIGH This Week

CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cloud Foundry Command Line Interface Cloud Foundry Command Line Interface Release Cloud Foundry Deployment Cloud Foundry Deployment Concourse Tasks +42
NVD
CVSS 3.0
7.8
EPSS
2.1%
CVE-2019-4473 HIGH This Week

Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Java IBM
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-11270 HIGH This Week

Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the restrictions imposed on clients created. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Application Service Cloud Foundry Uaa Operations Manager
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-12264 HIGH This Week

Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect Access Control in IPv4 assignment by the ipdhcpc DHCP client component. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vxworks Hirschmann Hios Garrettcom Magnum Dx940E Firmware Ruggedcom Win7000 Firmware +3
NVD
CVSS 3.1
7.1
EPSS
8.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy