Skip to main content
CVE-2019-12255 CRITICAL POC THREAT Act Now

Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Vxworks E Series Santricity Os Controller Sonicos Siprotec 5 Firmware +8
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
75.2%
CVE-2019-11581 CRITICAL POC KEV THREAT Act Now

There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Atlassian Jira Server
NVD
CVSS 3.1
9.8
EPSS
84.6%
CVE-2019-12261 CRITICAL Act Now

Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Vxworks Sonicos Siprotec 5 Firmware E Series Santricity Os Controller +9
NVD
CVSS 3.1
9.8
EPSS
9.0%
CVE-2019-12260 CRITICAL Act Now

Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Vxworks Sonicos Siprotec 5 Firmware E Series Santricity Os Controller +9
NVD
CVSS 3.1
9.8
EPSS
22.8%
CVE-2019-12256 CRITICAL Act Now

Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Vxworks E Series Santricity Os Controller Sonicos Siprotec 5 Firmware +8
NVD
CVSS 3.1
9.8
EPSS
26.6%
CVE-2019-14801 CRITICAL Act Now

The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows email subscription SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi WordPress Fv Flowplayer Video Player
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2019-14234 CRITICAL PATCH Act Now

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PostgreSQL Python Django Fedora +1
NVD
CVSS 3.0
9.8
EPSS
47.7%
CVE-2019-5402 CRITICAL Act Now

A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass 3Par Storeserv Management Console
NVD
CVSS 3.0
9.4
EPSS
4.3%
CVE-2019-5399 CRITICAL Act Now

A remote gain authorized access vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 3Par Service Processor Firmware
NVD
CVSS 3.0
9.4
EPSS
2.4%
CVE-2019-5397 CRITICAL Act Now

A remote bypass of security restrictions vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS 3Par Service Processor Firmware
NVD
CVSS 3.0
9.4
EPSS
4.3%
CVE-2019-5396 CRITICAL Act Now

A remote authentication bypass vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass 3Par Service Processor Firmware
NVD
CVSS 3.0
9.4
EPSS
5.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy