Skip to main content
CVE-2019-16059 HIGH POC This Week

Sentrifugo 3.2 lacks CSRF protection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE CSRF Sentrifugo
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2019-13953 HIGH This Week

An exploitable authentication bypass vulnerability exists in the Bluetooth Low Energy (BLE) authentication module of YI M1 Mirrorless Camera V3.2-cn. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Yi M1 Mirrorless Camera Firmware
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2019-13517 HIGH This Week

In Pyxis ES Versions 1.3.4 through to 1.6.1 and Pyxis Enterprise Server, with Windows Server Versions 4.4 through 4.12, a vulnerability has been identified where existing access privileges are not. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Session Fixation Microsoft Information Disclosure Pyxis Enterprise Server Pyxis Es
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2019-9345 HIGH This Week

In the Android kernel in sdcardfs there is a possible violation of the separation of data between profiles due to shared mapping of obb files. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-9270 HIGH This Week

In the Android kernel in unifi and r8180 WiFi drivers there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Ubiquiti Memory Corruption Google +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-2182 HIGH This Week

In the Android kernel in the kernel MMU code there is a possible execution path leaving some kernel text and rodata pages writable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-9854 HIGH This Week

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Python Libreoffice Ubuntu Linux Debian Linux +3
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2019-16058 HIGH PATCH This Week

An issue was discovered in the pam_p11 component 0.2.0 and 0.3.0 for OpenSC. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Opensc
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2019-16056 HIGH PATCH This Week

An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Fedora Debian Linux Ubuntu Linux +6
NVD GitHub
CVSS 3.1
7.5
EPSS
5.4%
CVE-2019-15890 HIGH PATCH This Week

libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Libslirp Qemu
NVD
CVSS 3.1
7.5
EPSS
4.0%
CVE-2019-9458 HIGH PATCH This Week

In the Android kernel in the video driver there is a use after free due to a race condition. Rated high severity (CVSS 7.0).

Race Condition Denial Of Service Privilege Escalation Google Android +1
NVD
CVSS 3.1
7.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy