Skip to main content
CVE-2019-14809 CRITICAL POC PATCH Act Now

net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Google Go Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
8.4%
CVE-2019-14985 CRITICAL POC THREAT Act Now

eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because this interface can access the CMD_EXEC. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Homematic Ccu2 Firmware Homematic Ccu3 Firmware
NVD
CVSS 3.0
9.8
EPSS
11.3%
CVE-2019-12479 CRITICAL POC Act Now

An issue was discovered in 20|20 Storage 2.11.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Twentytwenty Storage
NVD
CVSS 3.0
9.1
EPSS
2.0%
CVE-2019-14530 HIGH POC PATCH THREAT This Week

An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Path Traversal Openemr
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
66.9%
CVE-2019-14986 HIGH POC This Week

eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installed allow administrative operations by unauthenticated attackers with access to the web interface, because features such as. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Homematic Ccu2 Firmware Homematic Ccu3 Firmware
NVD
CVSS 3.0
8.1
EPSS
2.5%
CVE-2019-14984 HIGH POC This Week

eQ-3 Homematic CCU2 and CCU3 with the XML-API through 1.2.0 AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because the undocumented. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Homematic Ccu2 Firmware Homematic Ccu3 Firmware
NVD
CVSS 3.0
8.1
EPSS
5.8%
CVE-2019-14993 HIGH POC PATCH This Week

Istio before 1.1.13 and 1.2.x before 1.2.4 mishandles regular expressions for long URIs, leading to a denial of service during use of the JWT, VirtualService, HTTPAPISpecBinding, or QuotaSpecBinding. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Istio
NVD GitHub
CVSS 3.0
7.5
EPSS
2.3%
CVE-2019-14516 HIGH POC This Week

The mAadhaar application 1.2.7 for Android lacks SSL Certificate Validation, leading to man-in-the-middle attacks against requests for FAQs or Help. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google Information Disclosure Maadhaar
NVD GitHub
CVSS 3.0
7.4
EPSS
0.7%
CVE-2019-11207 HIGH This Week

The web server component of TIBCO Software Inc.'s TIBCO LogLogic Enterprise Virtual Appliance, and TIBCO LogLogic Log Management Intelligence contains multiple vulnerabilities that theoretically. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Loglogic Enterprise Virtual Appliance Loglogic Log Management Intelligence Loglogic Lx825 Firmware +19
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-12806 HIGH This Week

UniSign 2.0.4.0 and earlier version contains a stack-based buffer overflow vulnerability which can overwrite the stack with arbitrary data, due to a buffer overflow in a library. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Unisign
NVD
CVSS 3.1
8.8
EPSS
4.1%
CVE-2019-10942 HIGH This Week

A vulnerability has been identified in SCALANCE X-200 switch family (incl. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Siemens Scalance X 200 Firmware Scalance X 200Irt Firmware Scalance X 200Rna Firmware
NVD
CVSS 3.1
8.6
EPSS
1.4%
CVE-2019-5299 HIGH This Week

Huawei mobile phones Hima-AL00Bhave with Versions earlier than HMA-AL00C00B175 have a signature verification bypass vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Huawei RCE Hima Al00B Firmware
NVD
CVSS 3.0
7.8
EPSS
0.7%
CVE-2019-5223 HIGH This Week

PCManager 9.1.3.1 has an improper authentication vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Pcmanager
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2019-12808 HIGH This Week

ALTOOLS update service 18.1 and earlier versions contains a local privilege escalation vulnerability due to insecure permission. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Altools
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-12807 HIGH This Week

Alzip 10.83 and earlier version contains a stack-based buffer overflow vulnerability, caused by improper bounds checking during the parsing of crafted ISO archive file format. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Alzip
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2019-5681 HIGH This Week

NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in the custom NVIDIA API used in the mount system service where user data could be overridden, which may lead to code execution,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Denial Of Service Information Disclosure RCE Shield Experience
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2019-9518 HIGH This Week

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Swiftnio Traffic Server Ubuntu Linux Debian Linux +14
NVD GitHub
CVSS 3.1
7.5
EPSS
25.4%
CVE-2019-9517 HIGH PATCH This Week

Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Swiftnio Http Server Traffic Server Ubuntu Linux +19
NVD GitHub
CVSS 3.1
7.5
EPSS
27.0%
CVE-2019-9515 HIGH This Week

Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Swiftnio Traffic Server Ubuntu Linux Debian Linux +18
NVD GitHub
CVSS 3.1
7.5
EPSS
87.8%
CVE-2019-9514 HIGH PATCH This Week

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Swiftnio Traffic Server Debian Linux Ubuntu Linux +24
NVD GitHub
CVSS 3.1
7.5
EPSS
82.8%
CVE-2019-9513 HIGH This Week

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Swiftnio Traffic Server Ubuntu Linux Debian Linux +16
NVD GitHub
CVSS 3.1
7.5
EPSS
82.0%
CVE-2019-9512 HIGH PATCH This Week

Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Swiftnio Traffic Server Debian Linux Node Js
NVD GitHub
CVSS 3.1
7.5
EPSS
83.4%
CVE-2019-9511 HIGH PATCH This Week

Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Swiftnio Traffic Server Ubuntu Linux Debian Linux +16
NVD GitHub
CVSS 3.1
7.5
EPSS
58.4%
CVE-2019-10943 HIGH This Week

A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Simatic Et 200Sp Open Controller Cpu 1515Sp Pc Firmware Simatic Et 200Sp Open Controller Cpu 1515Sp Pc2 Firmware Simatic S7 1200 Cpu 1211C Firmware Simatic S7 1200 Cpu 1212C Firmware +8
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-13419 HIGH This Week

Search Guard versions before 23.1 had an issue that for aggregations clear text values of anonymised fields were leaked. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Search Guard
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2019-10928 MEDIUM This Month

A vulnerability has been identified in SCALANCE SC-600 (V2.0). Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Siemens Information Disclosure Scalance Sc 600 Firmware
NVD
CVSS 3.1
6.6
EPSS
0.4%
CVE-2019-9516 MEDIUM This Month

Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Swiftnio Traffic Server Ubuntu Linux Debian Linux +15
NVD GitHub
CVSS 3.1
6.5
EPSS
56.3%
CVE-2019-5280 MEDIUM This Month

The SIP TLS module of Huawei CloudLink Phone 7900 with V600R019C10 has a TLS certificate verification vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Huawei Information Disclosure Cloudlink Phone 7900 Firmware
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2019-13416 MEDIUM This Month

Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users are always authorized on the local cluster ignoring their roles on the remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Search Guard
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-13415 MEDIUM This Month

Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users can gain read access to data they are not authorized to see. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Search Guard
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-10927 MEDIUM PATCH This Month

A vulnerability has been identified in SCALANCE SC-600 (V2.0), SCALANCE XB-200 (V4.1), SCALANCE XC-200 (V4.1), SCALANCE XF-200BA (V4.1), SCALANCE XP-200 (V4.1), SCALANCE XR-300WG (V4.1). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Siemens Information Disclosure Scalance Xb 200 Firmware Scalance Xc 200 Firmware Scalance Xf 200Ba Firmware +2
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-10929 MEDIUM This Month

A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Simatic Et 200Sp Open Controller Cpu 1515Sp Pc Firmware Simatic Et 200Sp Open Controller Cpu 1515Sp Pc2 Firmware Simatic S7 1200 Cpu 1211C Firmware Simatic S7 1200 Cpu 1212C Firmware +16
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2019-13420 MEDIUM This Month

Search Guard versions before 21.0 had an timing side channel issue when using the internal user database. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Search Guard
NVD
CVSS 3.1
5.9
EPSS
1.2%
CVE-2019-8448 MEDIUM This Month

The login.jsp resource in Jira before version 7.13.4, and from version 8.0.0 before version 8.2.2 allows remote attackers to enumerate usernames via an information disclosure vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Jira Server
NVD
CVSS 3.0
5.3
EPSS
1.8%
CVE-2019-14987 MEDIUM This Month

Adive Framework through 2.0.7 is affected by XSS in the Create New Table and Create New Navigation Link functions. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Framework
NVD
CVSS 3.0
4.8
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy