Skip to main content
CVE-2019-12401 HIGH POC PATCH This Week

Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Solr
NVD GitHub
CVSS 3.1
7.5
EPSS
7.5%
CVE-2019-12105 HIGH PATCH This Week

In Supervisor through 4.0.2, an unauthenticated user can read log files or restart a service. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Supervisor
NVD GitHub
CVSS 3.1
8.2
EPSS
2.3%
CVE-2019-12943 HIGH This Week

TTLock devices do not properly restrict password-reset attempts, leading to incorrect access control and disclosure of sensitive information about valid account names. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Ttlock
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2019-11669 HIGH This Week

Modifiable read only check box In Micro Focus Service Manager, versions 9.60p1, 9.61, 9.62. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Service Manager
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2019-11668 HIGH This Week

HTTP cookie in Micro Focus Service manager, Versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Service Manager Service Manager Chat Server Service Manager Chat Service
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-11497 HIGH This Week

In Couchbase Server 5.0.0, when an invalid Remote Cluster Certificate was entered as part of the reference creation, XDCR did not parse and check the certificate signature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2019-11467 HIGH This Week

In Couchbase Server 4.6.3 and 5.5.0, secondary indexing encodes the entries to be indexed using collatejson. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Couchbase Server
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-0365 HIGH This Week

SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC, before versions 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL before versions 7.21,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service Microsoft SAP Sap Kernel +4
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-0352 HIGH This Week

In SAP Business Objects Business Intelligence Platform, before versions 4.1, 4.2 and 4.3, some dynamic pages (like jsp) are cached, which leads to an attacker can see the sensitive information via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-16106 HIGH This Week

The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to change the password of any user via the recruitment_online/personalData/act_acounttab.cfm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Humatrix
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-0355 HIGH This Week

SAP NetWeaver Application Server Java Web Container, ENGINEAPI (before versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) and SAP-JEECOR (before versions 6.40, 7.0, 7.01), allows an attacker to inject code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Java RCE SAP Netweaver Application Server Java
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2019-0363 HIGH This Week

Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model), before version 1.0.118, to overload the server or retrieve information about internal network. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Hana Extended Application Services
NVD
CVSS 3.1
7.1
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy