Skip to main content
CVE-2019-15151 CRITICAL POC PATCH Act Now

AdPlug 2.3.1 has a double free in the Cu6mPlayer class in u6m.h. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Adplug Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2019-15130 CRITICAL POC Act Now

The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to upload any file type to a candidate's profile picture folder via a crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Humatrix 7
NVD GitHub
CVSS 3.0
9.8
EPSS
2.4%
CVE-2019-15140 HIGH POC PATCH This Week

coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by crafting a Matlab. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Use After Free Memory Corruption Imagemagick
NVD GitHub
CVSS 3.0
8.8
EPSS
4.1%
CVE-2019-15148 MEDIUM POC PATCH This Month

GoPro GPMF-parser 1.2.2 has an out-of-bounds write in OpenMP4Source in demo/GPMF_mp4reader.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Gpmf Parser
NVD GitHub
CVSS 3.0
6.5
EPSS
1.1%
CVE-2019-15147 MEDIUM POC PATCH This Month

GoPro GPMF-parser 1.2.2 has an out-of-bounds read and SEGV in GPMF_Next in GPMF_parser.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Gpmf Parser
NVD GitHub
CVSS 3.0
6.5
EPSS
1.1%
CVE-2019-15146 MEDIUM POC PATCH This Month

GoPro GPMF-parser 1.2.2 has a heap-based buffer over-read (4 bytes) in GPMF_Next in GPMF_parser.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Gpmf Parser
NVD GitHub
CVSS 3.0
6.5
EPSS
1.1%
CVE-2019-15141 MEDIUM POC PATCH This Month

WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Imagemagick Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
2.2%
CVE-2019-15139 MEDIUM POC PATCH This Month

The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (application crash resulting from an out-of-bounds. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
3.5%
CVE-2019-15149 CRITICAL PATCH Act Now

core.py in Mitogen before 0.2.8 has a typo that drops the unidirectional-routing protection mechanism in the case of a child that is initiated by another child. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Mitogen
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-15145 MEDIUM POC PATCH This Month

DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Djvulibre Debian Linux Fedora +2
NVD
CVSS 3.1
5.5
EPSS
1.6%
CVE-2019-15144 MEDIUM POC PATCH This Month

In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Djvulibre Debian Linux Fedora Ubuntu Linux +1
NVD
CVSS 3.1
5.5
EPSS
1.8%
CVE-2019-15143 MEDIUM POC This Month

In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Djvulibre Debian Linux Fedora Ubuntu Linux +1
NVD
CVSS 3.1
5.5
EPSS
1.7%
CVE-2019-15142 MEDIUM POC PATCH This Month

In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Djvulibre Debian Linux Fedora +2
NVD
CVSS 3.1
5.5
EPSS
1.8%
CVE-2019-15129 MEDIUM POC This Month

The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to access all candidates' files in the photo folder on the website by specifying a "user id". Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Humatrix 7
NVD GitHub
CVSS 3.0
5.3
EPSS
1.3%
CVE-2019-15137 HIGH PATCH This Week

The Access Control plugin in eProsima Fast RTPS through 1.9.0 allows fnmatch pattern matches with topic name strings (instead of the permission expressions themselves), which can lead to unintended. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Fast Rtps
NVD GitHub
CVSS 3.0
7.5
EPSS
1.3%
CVE-2019-15136 HIGH PATCH This Week

The Access Control plugin in eProsima Fast RTPS through 1.9.0 does not check partition permissions from remote participant connections, which can lead to policy bypass for a secure Data Distribution. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Fast Rtps
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-15135 HIGH This Week

The handshake protocol in Object Management Group (OMG) DDS Security 1.1 sends cleartext information about all of the capabilities of a participant (including capabilities inapplicable to the current. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dds Security
NVD
CVSS 3.0
7.5
EPSS
2.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy