Skip to main content
CVE-2019-15741 CRITICAL POC Act Now

An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Gitlab Omnibus
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2019-16366 CRITICAL POC Act Now

In XS 9.0.0 in Moddable SDK OS180329, there is a heap-based buffer overflow in fxBeginHost in xsAPI.c when called from fxRunDefine in xsRun.c, as demonstrated by crafted JavaScript code to xst. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Moddable Xs
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2019-16264 CRITICAL POC Act Now

In Escuela de Gestion Publica Plurinacional (EGPP) Sistema Integrado de Gestion Academica (GESAC) v1, the username parameter of the authentication form is vulnerable to SQL injection, allowing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Sistema Integrado De Gestion Academica
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-16057 CRITICAL POC KEV THREAT Act Now

The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 320 Firmware
NVD
CVSS 3.1
9.8
EPSS
87.2%
CVE-2019-13474 CRITICAL POC Act Now

TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt, and Imperial i600. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Bobs Rock Radio Firmware Dabman D10 Firmware Dabman I30 Stereo Firmware Imperial I110 Firmware +7
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2019-16346 HIGH POC PATCH This Week

ngiflib 0.4 has a heap-based buffer overflow in WritePixel() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Ngiflib
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2019-16371 HIGH POC This Week

LogMeIn LastPass before 4.33.0 allows attackers to construct a crafted web site that captures the credentials for a victim's account on a previously visited web site, because do_popupregister can be. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lastpass
NVD
CVSS 3.1
8.2
EPSS
1.2%
CVE-2019-16353 HIGH POC This Week

Emerson GE Automation Proficy Machine Edition 8.0 allows an access violation and application crash via crafted traffic from a remote device, as demonstrated by an RX7i device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Proficy
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-8371 HIGH POC This Week

OpenEMR v5.0.1-6 allows code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Openemr
NVD
CVSS 3.1
7.2
EPSS
2.6%
CVE-2019-5482 CRITICAL PATCH Act Now

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow Curl Fedora Leap +14
NVD VulDB
CVSS 3.1
9.8
EPSS
6.9%
CVE-2019-13140 MEDIUM POC This Month

Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Eg200 Firmware
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
2.0%
CVE-2019-16352 MEDIUM POC This Month

ffjpeg before 2019-08-21 has a heap-based buffer overflow in jfif_load() at jfif.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Ffjpeg
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2019-16351 MEDIUM POC This Month

ffjpeg before 2019-08-18 has a NULL pointer dereference in huffman_decode_step() at huffman.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ffjpeg
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2019-16350 MEDIUM POC This Month

ffjpeg before 2019-08-18 has a NULL pointer dereference in idct2d8x8() at dct.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ffjpeg
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2019-16348 MEDIUM POC This Month

marc-q libwav through 2017-04-20 has a NULL pointer dereference in gain_file() at wav_gain.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libwav
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-5481 CRITICAL PATCH Act Now

Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Curl Fedora Cloud Backup Steelstore +8
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2019-8368 MEDIUM POC THREAT This Month

OpenEMR v5.0.1-6 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openemr
NVD
CVSS 3.1
6.1
EPSS
46.9%
CVE-2019-15950 MEDIUM POC This Month

The CRM Plugin before 4.2.4 for Redmine allows XSS via crafted vCard data. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Crm
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-16197 MEDIUM POC PATCH This Month

In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dolibarr Erp Crm
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
3.0%
CVE-2019-16370 MEDIUM POC PATCH This Month

The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Gradle
NVD GitHub
CVSS 3.1
5.9
EPSS
1.0%
CVE-2019-10071 CRITICAL PATCH Act Now

The code which checks HMAC in form submissions used String.equals() for comparisons, which results in a timing side channel for the comparison of the HMAC signatures. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Tapestry
NVD
CVSS 3.1
9.8
EPSS
8.8%
CVE-2019-0195 CRITICAL PATCH Act Now

Manipulating classpath asset file URLs, an attacker could guess the path to a known file in the classpath and have it downloaded. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Deserialization Tapestry
NVD
CVSS 3.1
9.8
EPSS
14.9%
CVE-2019-16355 MEDIUM POC PATCH This Month

The File Session Manager in Beego 1.10.0 allows local users to read session files because of weak permissions for individual files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Beego
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-16349 MEDIUM POC This Month

Bento4 1.5.1-628 has a NULL pointer dereference in AP4_ByteStream::ReadUI32 in Core/Ap4ByteStream.cpp when called from the AP4_TrunAtom class. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Bento4
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2019-16347 HIGH PATCH This Week

ngiflib 0.4 has a heap-based buffer overflow in WritePixels() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Ngiflib
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2019-15736 HIGH This Week

An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2019-15730 HIGH This Week

An issue was discovered in GitLab Community and Enterprise Edition 8.14 through 12.2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian SSRF Gitlab
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-15728 HIGH This Week

An issue was discovered in GitLab Community and Enterprise Edition 10.1 through 12.2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes SSRF Gitlab
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-15725 HIGH This Week

An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2019-15722 HIGH This Week

An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2019-0207 HIGH PATCH This Week

Tapestry processes assets `/assets/ctx` using classes chain `StaticFilesFilter -> AssetDispatcher -> ContextResource`, which doesn't filter the character `\`, so attacker can perform a path traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Microsoft Tapestry
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2019-4147 HIGH PATCH This Week

IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Sterling File Gateway
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2019-16170 HIGH This Week

An issue was discovered in GitLab Enterprise Edition 11.x and 12.x before 12.0.9, 12.1.x before 12.1.9, and 12.2.x before 12.2.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
7.1
EPSS
1.0%
CVE-2019-11166 MEDIUM PATCH This Month

Improper file permissions in the installer for Intel(R) Easy Streaming Wizard before version 2.1.0731 may allow an authenticated user to potentially enable escalation of privilege via local attack. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Privilege Escalation Intel Easy Streaming Wizard
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2019-15737 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-15739 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition 8.1 through 12.2.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2019-15724 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.2.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2019-15721 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition 10.8 through 12.2.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2019-15740 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition 7.9 through 12.2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2019-15738 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2019-15732 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition 12.2 through 12.2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2019-15731 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Gitlab
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2019-15727 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition 11.2 through 12.2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2019-15726 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2019-15723 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition 11.9.x and 11.10.x before 11.10.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2019-11184 MEDIUM This Month

A race condition in specific microprocessors using Intel (R) DDIO cache allocation and RDMA may allow an authenticated user to potentially enable partial information disclosure via adjacent access. Rated medium severity (CVSS 4.8). No vendor patch available.

Race Condition Intel Information Disclosure 6138 Firmware 6130T Firmware +240
NVD
CVSS 3.1
4.8
EPSS
0.8%
CVE-2019-16354 MEDIUM PATCH This Month

The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Information Disclosure Beego
NVD GitHub
CVSS 3.1
4.7
EPSS
0.2%
CVE-2019-15734 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition 8.6 through 12.2.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2019-15733 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition 7.12 through 12.2.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy