Skip to main content
CVE-2019-15752 HIGH POC KEV THREAT Act Now

Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Docker Information Disclosure Geode
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
29.6%
CVE-2019-15496 HIGH POC This Week

MyT Project Management 1.5.1 lacks CSRF protection and, for example, allows a user/create CSRF attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE CSRF Myt Project Management
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2019-13348 HIGH POC This Week

In Knowage through 6.1.1, an authenticated user who accesses the datasources page will gain access to any data source credentials in cleartext, which includes databases. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Knowage
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2019-15720 HIGH POC This Week

CloudBerry Backup v6.1.2.34 allows local privilege escalation via a Pre or Post backup action. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Backup
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2019-10056 HIGH POC This Week

An issue was discovered in Suricata 4.1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Suricata Buffer Overflow Memory Corruption
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-10055 HIGH POC This Week

An issue was discovered in Suricata 4.1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Integer Overflow Suricata
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-10054 HIGH POC This Week

An issue was discovered in Suricata 4.1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Suricata
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-10052 HIGH POC This Week

An issue was discovered in Suricata 4.1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Suricata
NVD
CVSS 3.0
7.5
EPSS
2.1%
CVE-2019-10051 HIGH POC This Week

An issue was discovered in Suricata 4.1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Suricata
NVD GitHub
CVSS 3.0
7.5
EPSS
2.1%
CVE-2019-13189 MEDIUM POC This Month

In Knowage through 6.1.1, there is XSS via the start_url or user_id field to the ChangePwdServlet page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Knowage
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-15713 MEDIUM POC This Month

The my-calendar plugin before 3.1.10 for WordPress has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress My Calendar
NVD
CVSS 3.0
6.1
EPSS
2.5%
CVE-2019-12643 CRITICAL Act Now

A vulnerability in the Cisco REST API virtual service container for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on the managed Cisco IOS XE device. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Apple Ios Xe
NVD
CVSS 3.0
10.0
EPSS
5.3%
CVE-2019-9933 CRITICAL Act Now

Various Lexmark products have a Buffer Overflow (issue 3 of 3). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cs31X Firmware Cs41X Firmware Cx310 Firmware Ms310 Firmware +67
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-9932 CRITICAL Act Now

Various Lexmark products have a Buffer Overflow (issue 2 of 3). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cs31X Firmware Cs41X Firmware Cx310 Firmware Ms310 Firmware +67
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-9930 CRITICAL Act Now

Various Lexmark products have an Integer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Cs31X Firmware Cs41X Firmware Cx310 Firmware +68
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-15294 CRITICAL Act Now

An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1092(MR2). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Command Centre
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2019-15716 MEDIUM POC PATCH This Month

WTF before 0.19.0 does not set the permissions of config.yml, which might make it easier for local attackers to read passwords or API keys if the permissions were misconfigured or were based on. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Wtf
NVD GitHub
CVSS 3.0
5.5
EPSS
0.5%
CVE-2019-15230 MEDIUM POC This Month

LibreNMS v1.54 has XSS in the Create User, Inventory, Add Device, Notifications, Alert Rule, Create Maintenance, and Alert Template sections of the admin console. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Librenms
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2019-15753 CRITICAL PATCH Act Now

In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Os Vif
NVD
CVSS 3.0
9.1
EPSS
2.6%
CVE-2019-10058 CRITICAL Act Now

Various Lexmark products have Incorrect Access Control. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cs31X Firmware Cs41X Firmware Cx310 Firmware Ms310 Firmware +70
NVD
CVSS 3.0
9.1
EPSS
1.1%
CVE-2019-10390 HIGH PATCH This Week

A sandbox bypass vulnerability in Jenkins Splunk Plugin 1.7.4 and earlier allowed attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Splunk Jenkins RCE
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2019-10384 HIGH PATCH This Week

Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Jenkins CSRF Communications Cloud Native Core Automated Test Suite Openshift Container Platform
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2019-14694 MEDIUM POC PATCH This Month

A use-after-free flaw in the sandbox container implemented in cmdguard.sys in Comodo Antivirus 12.0.0.6870 can be triggered due to a race condition when handling IRP_MJ_CLEANUP requests in the. Rated medium severity (CVSS 4.7). Public exploit code available.

Race Condition Denial Of Service Antivirus
NVD GitHub
CVSS 3.0
4.7
EPSS
0.4%
CVE-2019-1965 HIGH This Week

A vulnerability in the Virtual Shell (VSH) session management for Cisco NX-OS Software could allow an authenticated, remote attacker to cause a VSH process to fail to delete upon termination. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Nx Os
NVD
CVSS 3.1
7.7
EPSS
1.5%
CVE-2019-9931 HIGH This Week

Various Lexmark printers contain a denial of service vulnerability in the SNMP service that can be exploited to crash the device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cs31X Firmware Cs41X Firmware Cx310 Firmware Ms310 Firmware +67
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2019-1964 HIGH This Week

A vulnerability in the IPv6 traffic processing of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an unexpected restart of the netstack process on an affected device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Nx Os
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2019-1962 HIGH This Week

A vulnerability in the Cisco Fabric Services component of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause process crashes, which can result in a denial of service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Nx Os
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2019-10057 MEDIUM This Month

Various Lexmark products have CSRF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cs31X Firmware Cs41X Firmware Cx310 Firmware Ms310 Firmware +21
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2019-1963 MEDIUM This Month

A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Nx Os Fx Os
NVD
CVSS 3.0
6.5
EPSS
1.6%
CVE-2019-10391 MEDIUM PATCH This Month

Jenkins IBM Application Security on Cloud Plugin 1.2.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Jenkins Information Disclosure Ibm Application Security On Cloud
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2019-5590 MEDIUM This Month

The URL part of the report message is not encoded in Fortinet FortiWeb 6.0.2 and below which may allow an attacker to execute unauthorized code or commands (Cross Site Scripting) via attack reports. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet XSS Fortiweb
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-10059 MEDIUM This Month

The legacy finger service (TCP port 79) is enabled by default on various older Lexmark devices. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cs31X Firmware Cs41X Firmware Cx310 Firmware Ms310 Firmware +67
NVD
CVSS 3.0
5.3
EPSS
0.9%
CVE-2019-9935 MEDIUM This Month

Various Lexmark products have Incorrect Access Control (issue 2 of 2). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cs31X Firmware Cs41X Firmware Cx310 Firmware Ms310 Firmware +21
NVD
CVSS 3.0
5.3
EPSS
0.8%
CVE-2019-9934 MEDIUM This Month

Various Lexmark products have Incorrect Access Control (issue 1 of 2). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cs31X Firmware Cs41X Firmware Cx310 Firmware Ms310 Firmware +21
NVD
CVSS 3.0
5.3
EPSS
0.8%
CVE-2019-15714 MEDIUM This Month

cli/lib/main.js in Entropic before 2019-06-13 does not reject / and \ in command names, which might allow a directory traversal attack in unusual situations. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Entropic
NVD GitHub
CVSS 3.0
5.3
EPSS
1.8%
CVE-2019-10383 MEDIUM PATCH This Month

A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Jenkins Communications Cloud Native Core Automated Test Suite Openshift Container Platform
NVD
CVSS 3.1
4.8
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy