Skip to main content
CVE-2019-12258 HIGH POC THREAT This Week

Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Session Fixation Information Disclosure Vxworks Sonicos Siprotec 5 Firmware +9
NVD GitHub
CVSS 3.1
7.5
EPSS
23.4%
CVE-2019-11042 HIGH POC This Week

When PHP EXIF extension is parsing EXIF information from an image, e.g. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Buffer Overflow Information Disclosure Debian Linux Ubuntu Linux +4
NVD
CVSS 3.1
7.1
EPSS
4.4%
CVE-2019-11041 HIGH POC This Week

When PHP EXIF extension is parsing EXIF information from an image, e.g. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Buffer Overflow Information Disclosure Debian Linux Ubuntu Linux +4
NVD
CVSS 3.1
7.1
EPSS
4.4%
CVE-2019-5404 HIGH This Week

A remote script injection vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection 3Par Storeserv Management Console
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2019-12257 HIGH This Week

Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Vxworks Sonicos Siprotec 5 Firmware E Series Santricity Os Controller +6
NVD
CVSS 3.1
8.8
EPSS
84.2%
CVE-2019-5395 HIGH This Week

A remote arbitrary file upload vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload 3Par Service Processor Firmware
NVD
CVSS 3.0
8.8
EPSS
2.3%
CVE-2019-12805 HIGH This Week

NCSOFT Game Launcher, NC Launcher2 2.4.1.691 and earlier versions have a vulnerability in the custom protocol handler that could allow remote attacker to execute arbitrary command. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Nc Launcher2
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2019-12263 HIGH This Week

Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Buffer Overflow Vxworks Sonicos Siprotec 5 Firmware +9
NVD
CVSS 3.1
8.1
EPSS
3.2%
CVE-2019-3744 HIGH This Week

Dell/Alienware Digital Delivery versions prior to 4.0.41 contain a privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Path Traversal Microsoft Dell Digital Delivery
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-3742 HIGH This Week

Dell/Alienware Digital Delivery versions prior to 3.5.2013 contain a privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Deserialization Digital Delivery
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-12259 HIGH This Week

Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Vxworks Sonicos Siprotec 5 Firmware +8
NVD
CVSS 3.1
7.5
EPSS
15.9%
CVE-2019-14806 HIGH PATCH This Week

Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Docker Information Disclosure Werkzeug Leap
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2019-14794 HIGH This Week

The Meta Box plugin before 4.16.2 for WordPress mishandles the uploading of files to custom folders. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Meta Box
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-5405 HIGH This Week

A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass 3Par Storeserv Management Console
NVD
CVSS 3.0
7.3
EPSS
1.6%
CVE-2019-5406 HIGH This Week

A remote session reuse vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure 3Par Storeserv Management Console
NVD
CVSS 3.0
7.2
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy