Skip to main content
CVE-2019-1937 CRITICAL POC THREAT Emergency

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cisco Integrated Management Controller Supervisor Ucs Director Ucs Director Express For Big Data
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
75.9%
CVE-2019-1935 CRITICAL POC THREAT Emergency

A vulnerability in Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to log in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cisco Integrated Management Controller Supervisor Ucs Director Ucs Director Express For Big Data
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
83.4%
CVE-2019-1936 HIGH POC THREAT Act Now

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Information Disclosure Integrated Management Controller Supervisor Ucs Director Ucs Director Express For Big Data
NVD
CVSS 3.1
7.2
EPSS
39.5%
CVE-2019-10687 CRITICAL POC Act Now

KBPublisher 6.0.2.1 has SQL Injection via the admin/index.php?module=report entry_id[0] parameter, the admin/index.php?module=log id parameter, or an index.php?View=print&id[]= request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Kbpublisher
NVD GitHub
CVSS 3.0
9.8
EPSS
2.9%
CVE-2019-15074 CRITICAL POC PATCH Act Now

The Timeline feature in my_view_page.php in MantisBT through 2.21.1 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS RCE PHP Mantisbt
NVD GitHub
CVSS 3.0
9.6
EPSS
2.1%
CVE-2019-13477 HIGH POC This Week

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, CSRF in the forgot password function allows an attacker to change the password for the root account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Webpanel
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-14257 HIGH POC This Week

pyraw in Zenoss 2.5.3 allows local privilege escalation by modifying environment variables to redirect execution before privileges are dropped, aka ZEN-31765. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Zenoss
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2019-14258 HIGH POC This Week

The XML-RPC subsystem in Zenoss 2.5.3 allows XXE attacks that lead to unauthenticated information disclosure via port 9988. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Information Disclosure Zenoss
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2019-15316 HIGH POC This Week

Valve Steam Client for Windows through 2019-08-20 has weak folder permissions, leading to privilege escalation (to NT AUTHORITY\SYSTEM) via crafted use of CreateMountPoint.exe and SetOpLock.exe to. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Steam Client
NVD
CVSS 3.0
7.0
EPSS
0.4%
CVE-2019-14246 MEDIUM POC This Month

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to discover phpMyAdmin passwords (of any user in /etc/passwd) via an attacker account. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Centos Web Panel
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2019-14245 MEDIUM POC This Month

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases (such as oauthv2) from the server via an attacker account. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Centos Web Panel
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2019-6177 CRITICAL Act Now

A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log files to be written to non-standard locations, potentially leading to privilege. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Information Disclosure Solution Center
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2019-1974 CRITICAL Act Now

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Integrated Management Controller Supervisor Ucs Director Ucs Director Express For Big Data
NVD
CVSS 3.0
9.8
EPSS
4.5%
CVE-2019-1938 CRITICAL Act Now

A vulnerability in the web-based management interface of Cisco UCS Director and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass authentication and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Ucs Director Ucs Director Express For Big Data
NVD
CVSS 3.0
9.8
EPSS
4.6%
CVE-2019-15111 CRITICAL Act Now

The wp-front-end-profile plugin before 0.2.2 for WordPress has a privilege escalation issue. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation WordPress Wp Front End Profile
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2019-13476 MEDIUM POC This Month

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, XSS in the domain parameter allows a low-privilege user to achieve root access via the email list page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webpanel
NVD GitHub
CVSS 3.0
5.4
EPSS
6.5%
CVE-2019-15045 MEDIUM POC This Month

AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Servicedesk Plus
NVD
CVSS 3.0
5.3
EPSS
4.9%
CVE-2019-13599 MEDIUM POC This Month

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.848, the Login process allows attackers to check whether a username is valid by comparing response times. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Webpanel
NVD
CVSS 3.1
5.3
EPSS
4.0%
CVE-2019-1907 HIGH This Week

A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to set sensitive configuration values and gain elevated privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Unified Computing System Integrated Management Controller Supervisor
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-1865 HIGH This Week

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Unified Computing System Integrated Management Controller Supervisor
NVD
CVSS 3.1
8.8
EPSS
3.6%
CVE-2019-1864 HIGH This Week

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Unified Computing System Integrated Management Controller Supervisor
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2019-12624 HIGH POC THREAT This Week

A vulnerability in the web-based management interface of Cisco IOS XE New Generation Wireless Controller (NGWC) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Apple CSRF Ios Xe
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
18.7%
CVE-2019-5041 HIGH This Week

An exploitable Stack Based Buffer Overflow vulnerability exists in the EnumMetaInfo function of Aspose Aspose.Words library, version 18.11.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Aspose Words
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2019-5033 HIGH This Week

An exploitable out-of-bounds read vulnerability exists in the Number record parser of Aspose Aspose.Cells 19.1.0 library. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Aspose Cells
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2019-5032 HIGH This Week

An exploitable out-of-bounds read vulnerability exists in the LabelSst record parser of Aspose Aspose.Cells 19.1.0 library. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Aspose Cells
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2019-5638 HIGH This Week

Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nexpose
NVD
CVSS 3.1
8.7
EPSS
1.0%
CVE-2019-15292 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.0.9. Rated medium severity (CVSS 4.7). Public exploit code available.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +2
NVD
CVSS 3.1
4.7
EPSS
2.6%
CVE-2019-11897 HIGH This Week

A Server-Side Request Forgery (SSRF) vulnerability in the backup & restore functionality in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.3.0 allows a remote attacker. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Iot Gateway Software Prosyst Mbs Sdk
NVD
CVSS 3.0
8.6
EPSS
1.8%
CVE-2019-1863 HIGH This Week

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to make unauthorized changes to the system. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Unified Computing System Integrated Management Controller Supervisor
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2019-15315 HIGH This Week

Valve Steam Client for Windows through 2019-08-16 allows privilege escalation (to NT AUTHORITY\SYSTEM) because local users can replace the current versions of SteamService.exe and SteamService.dll. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Steam Client
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2019-14686 HIGH This Week

A DLL hijacking vulnerability exists in the Trend Micro Security's 2019 consumer family of products (v15) Folder Shield component and the standalone Trend Micro Ransom Buster (1.0) tool in which, if. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Antivirus Security 2019 Internet Security 2019 Maximum Security 2019 +2
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-14685 HIGH This Week

A local privilege escalation vulnerability exists in Trend Micro Security 2019 (v15.0) in which, if exploited, would allow an attacker to manipulate a specific product feature to load a malicious. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Antivirus Security 2019 Internet Security 2019 Maximum Security 2019 +1
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2019-1883 HIGH This Week

A vulnerability in the command-line interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker with read-only credentials to inject arbitrary commands that. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Unified Computing System Integrated Management Controller Supervisor
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-15295 HIGH This Week

An Untrusted Search Path vulnerability in the ServiceInstance.dll library versions 1.0.15.119 and lower, as used in Bitdefender Antivirus Free 2020 versions prior to 1.0.15.138, allows an attacker to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Antivirus 2020
NVD
CVSS 3.0
7.8
EPSS
1.4%
CVE-2019-15296 HIGH PATCH This Week

An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Freeware Advanced Audio Decoder 2 Debian Linux
NVD GitHub
CVSS 3.0
7.8
EPSS
1.3%
CVE-2019-15293 HIGH This Week

An issue was discovered in ACDSee Photo Studio Standard 22.1 Build 1159. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Photo Studio
NVD GitHub
CVSS 3.0
7.8
EPSS
0.5%
CVE-2019-11603 HIGH This Week

A HTTP Traversal Attack in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.0.2 allows remote attackers to read files outside the http root. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Iot Gateway Software Prosyst Mbs Sdk
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2019-11601 HIGH This Week

A directory traversal vulnerability in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to write or delete. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Iot Gateway Software Prosyst Mbs Sdk
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2019-1908 HIGH This Week

A vulnerability in the Intelligent Platform Management Interface (IPMI) implementation of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to view. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Unified Computing System Integrated Management Controller Supervisor
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2019-1900 HIGH This Week

A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to cause the web server process to crash, causing a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Cisco Unified Computing System Integrated Management Controller Supervisor
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2019-12634 HIGH This Week

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Denial Of Service Cisco Integrated Management Controller Supervisor +2
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2019-12627 HIGH This Week

A vulnerability in the application policy configuration of the Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain unauthorized read access to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Information Disclosure Firepower Threat Defense
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2019-12621 HIGH This Week

A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Information Disclosure Hyperflex Hx220C M5 Firmware Hyperflex Hx240C M5 Firmware Hyperflex Hx220C Af M5 Firmware +2
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2019-1896 HIGH This Week

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands and obtain root. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Unified Computing System Integrated Management Controller Supervisor
NVD
CVSS 3.1
7.2
EPSS
1.8%
CVE-2019-1885 HIGH This Week

A vulnerability in the Redfish protocol of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Unified Computing System Integrated Management Controller Supervisor
NVD
CVSS 3.1
7.2
EPSS
3.8%
CVE-2019-1871 HIGH This Week

A vulnerability in the Import Cisco IMC configuration utility of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to cause a denial of service (DoS). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Cisco RCE Unified Computing System +1
NVD
CVSS 3.0
7.2
EPSS
3.3%
CVE-2019-1850 HIGH This Week

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Unified Computing System Integrated Management Controller Supervisor
NVD
CVSS 3.0
7.2
EPSS
3.5%
CVE-2019-1634 HIGH This Week

A vulnerability in the Intelligent Platform Management Interface (IPMI) of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands that. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Unified Computing System Integrated Management Controller Supervisor
NVD
CVSS 3.1
7.2
EPSS
2.8%
CVE-2019-1839 MEDIUM This Month

A vulnerability in Cisco Remote PHY Device Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Remote Phy 120 Firmware Remote Phy 220 Firmware Remote Phy Shelf 7200 Firmware +1
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2019-1984 MEDIUM This Month

A vulnerability in Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) could allow an authenticated, remote attacker with administrator privileges to overwrite files on. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Enterprise Network Function Virtualization Infrastructure Sofware
NVD
CVSS 3.0
6.5
EPSS
1.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy