Skip to main content
CVE-2019-10709 CRITICAL POC THREAT Act Now

AsusPTPFilter.sys on Asus Precision TouchPad 11.0.0.25 hardware has a Pool Overflow associated with the \\.\AsusTP device, leading to a DoS or potentially privilege escalation via a crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Precision Touchpad
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
11.5%
CVE-2019-15813 HIGH POC THREAT This Week

Multiple file upload restriction bypass vulnerabilities in Sentrifugo 3.2 could allow authenticated users to execute arbitrary code via a webshell. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Sentrifugo
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
33.2%
CVE-2019-12587 HIGH POC PATCH This Week

The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 allows the installation of a zero Pairwise Master Key (PMK) after the completion of any. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Esp Idf Esp8266 Nonos Sdk
NVD GitHub
CVSS 3.0
8.1
EPSS
0.8%
CVE-2019-15903 HIGH POC PATCH This Week

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libexpat Python
NVD GitHub
CVSS 3.1
7.5
EPSS
6.7%
CVE-2019-12586 MEDIUM POC This Month

The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Arduino Esp32 Esp Idf Esp8266 Nonos Sdk
NVD GitHub
CVSS 3.0
6.5
EPSS
1.4%
CVE-2019-12588 MEDIUM POC This Month

The client 802.11 mac implementation in Espressif ESP8266_NONOS_SDK 2.2.0 through 3.1.0 does not validate correctly the RSN AuthKey suite list count in beacon frames, probe responses, and association. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Arduino Esp8266 Esp8266 Nonos Sdk
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-14470 MEDIUM POC THREAT This Month

cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php error_description parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Instagram Php Api User Pro
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
83.0%
CVE-2019-13976 CRITICAL Act Now

eGain Chat 15.0.3 allows unrestricted file upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Chat
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-15902 MEDIUM POC This Month

A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Rated medium severity (CVSS 5.6). Public exploit code available and no vendor patch available.

Linux Information Disclosure Linux Kernel Active Iq Performance Analytics Services Service Processor +3
NVD
CVSS 3.1
5.6
EPSS
0.6%
CVE-2019-15924 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.0.11. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Linux Intel Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.5%
CVE-2019-15923 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.0.9. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.6%
CVE-2019-15922 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.0.9. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.5%
CVE-2019-6644 CRITICAL Act Now

Similar to the issue identified in CVE-2018-12120, on versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, and 12.1.0-12.1.4 BIG-IP will bind a debug nodejs process to all interfaces when. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Big Ip Local Traffic Manager Big Ip Advanced Firewall Manager Big Ip Application Acceleration Manager Big Ip Analytics +9
NVD
CVSS 3.1
9.4
EPSS
1.4%
CVE-2019-15814 MEDIUM POC This Month

Multiple stored XSS vulnerabilities in Sentrifugo 3.2 could allow authenticated users to inject arbitrary web script or HTML. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sentrifugo
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
1.6%
CVE-2019-15926 CRITICAL PATCH Act Now

An issue was discovered in the Linux kernel before 5.2.3. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Linux Information Disclosure Linux Kernel Debian Linux +1
NVD
CVSS 3.1
9.1
EPSS
5.2%
CVE-2019-6646 HIGH This Week

On BIG-IP 11.5.2-11.6.4 and Enterprise Manager 3.1.1, REST users with guest privileges may be able to escalate their privileges and run commands with admin privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +10
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2019-15921 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.0.6. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Linux Information Disclosure Linux Kernel Leap
NVD GitHub
CVSS 3.1
4.7
EPSS
0.5%
CVE-2019-15718 MEDIUM POC PATCH This Month

In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Systemd Fedora Openshift Container Platform Enterprise Linux +10
NVD
CVSS 3.1
4.4
EPSS
0.5%
CVE-2019-15920 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.0.10. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +1
NVD GitHub
CVSS 3.1
4.3
EPSS
1.8%
CVE-2019-15927 HIGH PATCH This Week

An issue was discovered in the Linux kernel before 4.20.2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Linux Information Disclosure Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-15925 HIGH PATCH This Week

An issue was discovered in the Linux kernel before 5.2.3. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Linux Information Disclosure Linux Kernel Ubuntu Linux
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-15918 HIGH PATCH This Week

An issue was discovered in the Linux kernel before 5.0.10. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Linux Information Disclosure Linux Kernel Ubuntu Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2019-13522 HIGH This Week

An attacker could use a specially crafted project file to corrupt the memory and execute code under the privileges of the EZ PLC Editor Versions 1.8.41 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ez Plc Editor
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2019-13518 HIGH This Week

An attacker could use a specially crafted project file to overflow the buffer and execute code under the privileges of the EZ Touch Editor Versions 2.1.0 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Ez Touch Editor
NVD
CVSS 3.0
7.8
EPSS
1.4%
CVE-2019-6643 HIGH This Week

On versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4.1, and 11.5.2-11.6.4, an attacker sending specifically crafted DHCPv6 requests through a BIG-IP virtual server configured. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Local Traffic Manager Big Ip Advanced Firewall Manager Big Ip Application Acceleration Manager Big Ip Analytics +9
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-6645 HIGH This Week

On BIG-IP 14.0.0-14.1.0.5, 13.0.0-13.1.2, 12.1.0-12.1.4.1, 11.5.2-11.6.4, FTP traffic passing through a Virtual Server with both an active FTP profile associated and connection mirroring configured. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Local Traffic Manager Big Ip Advanced Firewall Manager Big Ip Application Acceleration Manager Big Ip Analytics +9
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-15916 HIGH PATCH This Week

An issue was discovered in the Linux kernel before 5.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
7.5
EPSS
3.8%
CVE-2019-15917 HIGH PATCH This Week

An issue was discovered in the Linux kernel before 5.0.5. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +2
NVD GitHub
CVSS 3.1
7.0
EPSS
0.7%
CVE-2019-14319 MEDIUM This Month

The TikTok (formerly Musical.ly) application 12.2.0 for Android and iOS performs unencrypted transmission of images, videos, and likes. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Apple Information Disclosure Tiktok
NVD GitHub
CVSS 3.0
6.5
EPSS
1.1%
CVE-2019-13975 MEDIUM This Month

eGain Chat 15.0.3 allows HTML Injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Chat
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-13209 MEDIUM PATCH This Month

Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Kubernetes Rancher
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2019-6647 MEDIUM This Month

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4.1, 11.5.2-11.6.4, when processing authentication attempts for control-plane users MCPD leaks a small amount of memory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Local Traffic Manager Big Ip Advanced Firewall Manager Big Ip Application Acceleration Manager Big Ip Analytics +9
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2019-6648 MEDIUM This Month

On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Kubernetes Red Hat Container Ingress Service Openshift
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2019-10988 LOW Monitor

In Philips HDI 4000 Ultrasound Systems, all versions running on old, unsupported operating systems such as Windows 2000, the HDI 4000 Ultrasound System is built on an old operating system that is no. Rated low severity (CVSS 3.4), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Hdi 4000 Firmware
NVD
CVSS 3.1
3.4
EPSS
0.3%
CVE-2019-15919 LOW PATCH Monitor

An issue was discovered in the Linux kernel before 5.0.10. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +1
NVD GitHub
CVSS 3.1
3.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy