Skip to main content
CVE-2019-14530 HIGH POC PATCH THREAT This Week

An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Path Traversal Openemr
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
66.9%
CVE-2019-14986 HIGH POC This Week

eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installed allow administrative operations by unauthenticated attackers with access to the web interface, because features such as. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Homematic Ccu2 Firmware Homematic Ccu3 Firmware
NVD
CVSS 3.0
8.1
EPSS
2.5%
CVE-2019-14984 HIGH POC This Week

eQ-3 Homematic CCU2 and CCU3 with the XML-API through 1.2.0 AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because the undocumented. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Homematic Ccu2 Firmware Homematic Ccu3 Firmware
NVD
CVSS 3.0
8.1
EPSS
5.8%
CVE-2019-14993 HIGH POC PATCH This Week

Istio before 1.1.13 and 1.2.x before 1.2.4 mishandles regular expressions for long URIs, leading to a denial of service during use of the JWT, VirtualService, HTTPAPISpecBinding, or QuotaSpecBinding. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Istio
NVD GitHub
CVSS 3.0
7.5
EPSS
2.3%
CVE-2019-14516 HIGH POC This Week

The mAadhaar application 1.2.7 for Android lacks SSL Certificate Validation, leading to man-in-the-middle attacks against requests for FAQs or Help. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google Information Disclosure Maadhaar
NVD GitHub
CVSS 3.0
7.4
EPSS
0.7%
CVE-2019-11207 HIGH This Week

The web server component of TIBCO Software Inc.'s TIBCO LogLogic Enterprise Virtual Appliance, and TIBCO LogLogic Log Management Intelligence contains multiple vulnerabilities that theoretically. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Loglogic Enterprise Virtual Appliance Loglogic Log Management Intelligence Loglogic Lx825 Firmware +19
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-12806 HIGH This Week

UniSign 2.0.4.0 and earlier version contains a stack-based buffer overflow vulnerability which can overwrite the stack with arbitrary data, due to a buffer overflow in a library. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Unisign
NVD
CVSS 3.1
8.8
EPSS
4.1%
CVE-2019-10942 HIGH This Week

A vulnerability has been identified in SCALANCE X-200 switch family (incl. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Siemens Scalance X 200 Firmware Scalance X 200Irt Firmware Scalance X 200Rna Firmware
NVD
CVSS 3.1
8.6
EPSS
1.4%
CVE-2019-5299 HIGH This Week

Huawei mobile phones Hima-AL00Bhave with Versions earlier than HMA-AL00C00B175 have a signature verification bypass vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Huawei RCE Hima Al00B Firmware
NVD
CVSS 3.0
7.8
EPSS
0.7%
CVE-2019-5223 HIGH This Week

PCManager 9.1.3.1 has an improper authentication vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Pcmanager
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2019-12808 HIGH This Week

ALTOOLS update service 18.1 and earlier versions contains a local privilege escalation vulnerability due to insecure permission. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Altools
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-12807 HIGH This Week

Alzip 10.83 and earlier version contains a stack-based buffer overflow vulnerability, caused by improper bounds checking during the parsing of crafted ISO archive file format. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Alzip
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2019-5681 HIGH This Week

NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in the custom NVIDIA API used in the mount system service where user data could be overridden, which may lead to code execution,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Denial Of Service Information Disclosure RCE Shield Experience
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2019-9518 HIGH This Week

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Swiftnio Traffic Server Ubuntu Linux Debian Linux +14
NVD GitHub
CVSS 3.1
7.5
EPSS
25.4%
CVE-2019-9517 HIGH PATCH This Week

Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Swiftnio Http Server Traffic Server Ubuntu Linux +19
NVD GitHub
CVSS 3.1
7.5
EPSS
27.0%
CVE-2019-9515 HIGH This Week

Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Swiftnio Traffic Server Ubuntu Linux Debian Linux +18
NVD GitHub
CVSS 3.1
7.5
EPSS
87.8%
CVE-2019-9514 HIGH PATCH This Week

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Swiftnio Traffic Server Debian Linux Ubuntu Linux +24
NVD GitHub
CVSS 3.1
7.5
EPSS
82.8%
CVE-2019-9513 HIGH This Week

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Swiftnio Traffic Server Ubuntu Linux Debian Linux +16
NVD GitHub
CVSS 3.1
7.5
EPSS
82.0%
CVE-2019-9512 HIGH PATCH This Week

Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Swiftnio Traffic Server Debian Linux Node Js
NVD GitHub
CVSS 3.1
7.5
EPSS
83.4%
CVE-2019-9511 HIGH PATCH This Week

Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Swiftnio Traffic Server Ubuntu Linux Debian Linux +16
NVD GitHub
CVSS 3.1
7.5
EPSS
58.4%
CVE-2019-10943 HIGH This Week

A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Simatic Et 200Sp Open Controller Cpu 1515Sp Pc Firmware Simatic Et 200Sp Open Controller Cpu 1515Sp Pc2 Firmware Simatic S7 1200 Cpu 1211C Firmware Simatic S7 1200 Cpu 1212C Firmware +8
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-13419 HIGH This Week

Search Guard versions before 23.1 had an issue that for aggregations clear text values of anonymised fields were leaked. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Search Guard
NVD
CVSS 3.0
7.5
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy