Skip to main content
CVE-2019-14777 HIGH PATCH This Week

The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Vlc Media Player Debian Linux
NVD
CVSS 3.0
7.8
EPSS
1.5%
CVE-2019-14776 HIGH PATCH This Week

A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Vlc Media Player Debian Linux
NVD
CVSS 3.0
7.8
EPSS
1.5%
CVE-2019-14533 HIGH PATCH This Week

The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Vlc Media Player Debian Linux
NVD
CVSS 3.0
7.8
EPSS
1.5%
CVE-2019-14535 HIGH PATCH This Week

A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Vlc Media Player Debian Linux
NVD
CVSS 3.0
7.8
EPSS
1.5%
CVE-2019-14498 HIGH PATCH This Week

A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Vlc Media Player Debian Linux
NVD
CVSS 3.0
7.8
EPSS
1.5%
CVE-2019-14438 HIGH PATCH This Week

A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Vlc Media Player Debian Linux
NVD
CVSS 3.0
7.8
EPSS
1.8%
CVE-2019-14437 HIGH PATCH This Week

The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Vlc Media Player Debian Linux
NVD
CVSS 3.0
7.8
EPSS
1.5%
CVE-2019-5530 HIGH This Week

Windows binaries generated with InstallBuilder versions earlier than 19.7.0 are vulnerable to tampering even if they contain a valid Authenticode signature. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Installbuilder
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2019-15787 HIGH PATCH This Week

libZetta.rs through 0.1.2 has an integer overflow in the zpool parser (for error stats) that leads to a panic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Libzetta Rs
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-11364 HIGH This Week

An OS Command Injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to inject arbitrary OS commands via the ServerConf/DataManagement/DiskManager.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection Snare Central
NVD
CVSS 3.0
7.2
EPSS
2.2%
CVE-2019-11363 HIGH This Week

A SQL injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to execute arbitrary SQL commands via the AgentConsole/UserGroupQuery.php ShowUser parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Snare Central
NVD
CVSS 3.0
7.2
EPSS
1.1%
CVE-2019-11250 MEDIUM PATCH This Month

The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Kubernetes Openshift Container Platform
NVD GitHub
CVSS 3.1
6.5
EPSS
1.8%
CVE-2019-11249 MEDIUM PATCH This Month

The kubectl cp command allows copying files between containers and the user machine. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Kubernetes Openshift Container Platform
NVD GitHub
CVSS 3.1
6.5
EPSS
3.7%
CVE-2019-11246 MEDIUM PATCH This Month

The kubectl cp command allows copying files between containers and the user machine. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Kubernetes
NVD GitHub
CVSS 3.1
6.5
EPSS
3.6%
CVE-2019-10724 MEDIUM This Month

There is a vulnerability with the Dolby DAX2 API system services in which a low-privileged user can terminate arbitrary processes that are running at a higher privilege. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Legion Y520T Z370 Firmware Aio310 20Iap Firmware Aio510 22Ish Firmware Aio510 23Ish Firmware +104
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2019-4536 MEDIUM PATCH This Month

IBM i 7.4 users who have done a Restore User Profile (RSTUSRPRF) on a system which has been configured with Db2 Mirror for i might have user profiles with elevated privileges caused by incorrect. Rated medium severity (CVSS 6.3). This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation IBM
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2019-15782 MEDIUM PATCH This Month

WebTorrent before 0.107.6 allows XSS in the HTTP server via a title or file name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Webtorrent
NVD GitHub
CVSS 3.0
6.1
EPSS
1.5%
CVE-2019-14534 MEDIUM PATCH This Month

In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Vlc Media Player Debian Linux
NVD
CVSS 3.0
5.5
EPSS
1.4%
CVE-2019-15778 MEDIUM This Month

The woo-variation-gallery plugin before 1.1.29 for WordPress has XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Additional Variation Images For Woocommerce
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2019-4133 MEDIUM This Month

IBM Cloud Automation Manager 3.1.2 could allow a malicious user on the client side (with access to client computer) to run a custom script. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Automation Manager
NVD
CVSS 3.1
5.2
EPSS
0.3%
CVE-2019-15807 MEDIUM PATCH This Month

In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. Rated medium severity (CVSS 4.7).

Denial Of Service Linux Linux Kernel Debian Linux Enterprise Linux
NVD
CVSS 3.1
4.7
EPSS
0.4%
CVE-2019-4132 LOW Monitor

IBM Cloud Automation Manager 3.1.2 could allow a user to be impropertly redirected and obtain sensitive information rather than receive a 404 error message. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Automation Manager
NVD
CVSS 3.1
3.3
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy