Skip to main content
CVE-2019-15813 HIGH POC THREAT This Week

Multiple file upload restriction bypass vulnerabilities in Sentrifugo 3.2 could allow authenticated users to execute arbitrary code via a webshell. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Sentrifugo
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
33.2%
CVE-2019-12587 HIGH POC PATCH This Week

The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 allows the installation of a zero Pairwise Master Key (PMK) after the completion of any. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Esp Idf Esp8266 Nonos Sdk
NVD GitHub
CVSS 3.0
8.1
EPSS
0.8%
CVE-2019-15903 HIGH POC PATCH This Week

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libexpat Python
NVD GitHub
CVSS 3.1
7.5
EPSS
6.7%
CVE-2019-6646 HIGH This Week

On BIG-IP 11.5.2-11.6.4 and Enterprise Manager 3.1.1, REST users with guest privileges may be able to escalate their privileges and run commands with admin privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +10
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2019-15927 HIGH PATCH This Week

An issue was discovered in the Linux kernel before 4.20.2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Linux Information Disclosure Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-15925 HIGH PATCH This Week

An issue was discovered in the Linux kernel before 5.2.3. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Linux Information Disclosure Linux Kernel Ubuntu Linux
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-15918 HIGH PATCH This Week

An issue was discovered in the Linux kernel before 5.0.10. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Linux Information Disclosure Linux Kernel Ubuntu Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2019-13522 HIGH This Week

An attacker could use a specially crafted project file to corrupt the memory and execute code under the privileges of the EZ PLC Editor Versions 1.8.41 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ez Plc Editor
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2019-13518 HIGH This Week

An attacker could use a specially crafted project file to overflow the buffer and execute code under the privileges of the EZ Touch Editor Versions 2.1.0 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Ez Touch Editor
NVD
CVSS 3.0
7.8
EPSS
1.4%
CVE-2019-6643 HIGH This Week

On versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4.1, and 11.5.2-11.6.4, an attacker sending specifically crafted DHCPv6 requests through a BIG-IP virtual server configured. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Local Traffic Manager Big Ip Advanced Firewall Manager Big Ip Application Acceleration Manager Big Ip Analytics +9
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-6645 HIGH This Week

On BIG-IP 14.0.0-14.1.0.5, 13.0.0-13.1.2, 12.1.0-12.1.4.1, 11.5.2-11.6.4, FTP traffic passing through a Virtual Server with both an active FTP profile associated and connection mirroring configured. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Local Traffic Manager Big Ip Advanced Firewall Manager Big Ip Application Acceleration Manager Big Ip Analytics +9
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-15916 HIGH PATCH This Week

An issue was discovered in the Linux kernel before 5.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
7.5
EPSS
3.8%
CVE-2019-15917 HIGH PATCH This Week

An issue was discovered in the Linux kernel before 5.0.5. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +2
NVD GitHub
CVSS 3.1
7.0
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy