Skip to main content
CVE-2019-1936 HIGH POC THREAT Act Now

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Information Disclosure Integrated Management Controller Supervisor Ucs Director Ucs Director Express For Big Data
NVD
CVSS 3.1
7.2
EPSS
39.5%
CVE-2019-13477 HIGH POC This Week

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, CSRF in the forgot password function allows an attacker to change the password for the root account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Webpanel
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-14257 HIGH POC This Week

pyraw in Zenoss 2.5.3 allows local privilege escalation by modifying environment variables to redirect execution before privileges are dropped, aka ZEN-31765. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Zenoss
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2019-14258 HIGH POC This Week

The XML-RPC subsystem in Zenoss 2.5.3 allows XXE attacks that lead to unauthenticated information disclosure via port 9988. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Information Disclosure Zenoss
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2019-15316 HIGH POC This Week

Valve Steam Client for Windows through 2019-08-20 has weak folder permissions, leading to privilege escalation (to NT AUTHORITY\SYSTEM) via crafted use of CreateMountPoint.exe and SetOpLock.exe to. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Steam Client
NVD
CVSS 3.0
7.0
EPSS
0.4%
CVE-2019-1907 HIGH This Week

A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to set sensitive configuration values and gain elevated privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Unified Computing System Integrated Management Controller Supervisor
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-1865 HIGH This Week

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Unified Computing System Integrated Management Controller Supervisor
NVD
CVSS 3.1
8.8
EPSS
3.6%
CVE-2019-1864 HIGH This Week

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Unified Computing System Integrated Management Controller Supervisor
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2019-12624 HIGH POC THREAT This Week

A vulnerability in the web-based management interface of Cisco IOS XE New Generation Wireless Controller (NGWC) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Apple CSRF Ios Xe
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
18.7%
CVE-2019-5041 HIGH This Week

An exploitable Stack Based Buffer Overflow vulnerability exists in the EnumMetaInfo function of Aspose Aspose.Words library, version 18.11.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Aspose Words
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2019-5033 HIGH This Week

An exploitable out-of-bounds read vulnerability exists in the Number record parser of Aspose Aspose.Cells 19.1.0 library. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Aspose Cells
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2019-5032 HIGH This Week

An exploitable out-of-bounds read vulnerability exists in the LabelSst record parser of Aspose Aspose.Cells 19.1.0 library. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Aspose Cells
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2019-5638 HIGH This Week

Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nexpose
NVD
CVSS 3.1
8.7
EPSS
1.0%
CVE-2019-11897 HIGH This Week

A Server-Side Request Forgery (SSRF) vulnerability in the backup & restore functionality in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.3.0 allows a remote attacker. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Iot Gateway Software Prosyst Mbs Sdk
NVD
CVSS 3.0
8.6
EPSS
1.8%
CVE-2019-1863 HIGH This Week

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to make unauthorized changes to the system. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Unified Computing System Integrated Management Controller Supervisor
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2019-15315 HIGH This Week

Valve Steam Client for Windows through 2019-08-16 allows privilege escalation (to NT AUTHORITY\SYSTEM) because local users can replace the current versions of SteamService.exe and SteamService.dll. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Steam Client
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2019-14686 HIGH This Week

A DLL hijacking vulnerability exists in the Trend Micro Security's 2019 consumer family of products (v15) Folder Shield component and the standalone Trend Micro Ransom Buster (1.0) tool in which, if. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Antivirus Security 2019 Internet Security 2019 Maximum Security 2019 +2
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-14685 HIGH This Week

A local privilege escalation vulnerability exists in Trend Micro Security 2019 (v15.0) in which, if exploited, would allow an attacker to manipulate a specific product feature to load a malicious. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Antivirus Security 2019 Internet Security 2019 Maximum Security 2019 +1
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2019-1883 HIGH This Week

A vulnerability in the command-line interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker with read-only credentials to inject arbitrary commands that. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Unified Computing System Integrated Management Controller Supervisor
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-15295 HIGH This Week

An Untrusted Search Path vulnerability in the ServiceInstance.dll library versions 1.0.15.119 and lower, as used in Bitdefender Antivirus Free 2020 versions prior to 1.0.15.138, allows an attacker to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Antivirus 2020
NVD
CVSS 3.0
7.8
EPSS
1.4%
CVE-2019-15296 HIGH PATCH This Week

An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Freeware Advanced Audio Decoder 2 Debian Linux
NVD GitHub
CVSS 3.0
7.8
EPSS
1.3%
CVE-2019-15293 HIGH This Week

An issue was discovered in ACDSee Photo Studio Standard 22.1 Build 1159. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Photo Studio
NVD GitHub
CVSS 3.0
7.8
EPSS
0.5%
CVE-2019-11603 HIGH This Week

A HTTP Traversal Attack in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.0.2 allows remote attackers to read files outside the http root. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Iot Gateway Software Prosyst Mbs Sdk
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2019-11601 HIGH This Week

A directory traversal vulnerability in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to write or delete. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Iot Gateway Software Prosyst Mbs Sdk
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2019-1908 HIGH This Week

A vulnerability in the Intelligent Platform Management Interface (IPMI) implementation of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to view. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Unified Computing System Integrated Management Controller Supervisor
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2019-1900 HIGH This Week

A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to cause the web server process to crash, causing a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Cisco Unified Computing System Integrated Management Controller Supervisor
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2019-12634 HIGH This Week

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Denial Of Service Cisco Integrated Management Controller Supervisor +2
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2019-12627 HIGH This Week

A vulnerability in the application policy configuration of the Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain unauthorized read access to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Information Disclosure Firepower Threat Defense
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2019-12621 HIGH This Week

A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Information Disclosure Hyperflex Hx220C M5 Firmware Hyperflex Hx240C M5 Firmware Hyperflex Hx220C Af M5 Firmware +2
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2019-1896 HIGH This Week

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands and obtain root. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Unified Computing System Integrated Management Controller Supervisor
NVD
CVSS 3.1
7.2
EPSS
1.8%
CVE-2019-1885 HIGH This Week

A vulnerability in the Redfish protocol of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Unified Computing System Integrated Management Controller Supervisor
NVD
CVSS 3.1
7.2
EPSS
3.8%
CVE-2019-1871 HIGH This Week

A vulnerability in the Import Cisco IMC configuration utility of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to cause a denial of service (DoS). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Cisco RCE Unified Computing System +1
NVD
CVSS 3.0
7.2
EPSS
3.3%
CVE-2019-1850 HIGH This Week

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Unified Computing System Integrated Management Controller Supervisor
NVD
CVSS 3.0
7.2
EPSS
3.5%
CVE-2019-1634 HIGH This Week

A vulnerability in the Intelligent Platform Management Interface (IPMI) of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands that. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Unified Computing System Integrated Management Controller Supervisor
NVD
CVSS 3.1
7.2
EPSS
2.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy