Skip to main content
CVE-2019-16346 HIGH POC PATCH This Week

ngiflib 0.4 has a heap-based buffer overflow in WritePixel() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Ngiflib
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2019-16371 HIGH POC This Week

LogMeIn LastPass before 4.33.0 allows attackers to construct a crafted web site that captures the credentials for a victim's account on a previously visited web site, because do_popupregister can be. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lastpass
NVD
CVSS 3.1
8.2
EPSS
1.2%
CVE-2019-16353 HIGH POC This Week

Emerson GE Automation Proficy Machine Edition 8.0 allows an access violation and application crash via crafted traffic from a remote device, as demonstrated by an RX7i device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Proficy
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-8371 HIGH POC This Week

OpenEMR v5.0.1-6 allows code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Openemr
NVD
CVSS 3.1
7.2
EPSS
2.6%
CVE-2019-16347 HIGH PATCH This Week

ngiflib 0.4 has a heap-based buffer overflow in WritePixels() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Ngiflib
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2019-15736 HIGH This Week

An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2019-15730 HIGH This Week

An issue was discovered in GitLab Community and Enterprise Edition 8.14 through 12.2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian SSRF Gitlab
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-15728 HIGH This Week

An issue was discovered in GitLab Community and Enterprise Edition 10.1 through 12.2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes SSRF Gitlab
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-15725 HIGH This Week

An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2019-15722 HIGH This Week

An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2019-0207 HIGH PATCH This Week

Tapestry processes assets `/assets/ctx` using classes chain `StaticFilesFilter -> AssetDispatcher -> ContextResource`, which doesn't filter the character `\`, so attacker can perform a path traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Microsoft Tapestry
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2019-4147 HIGH PATCH This Week

IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Sterling File Gateway
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2019-16170 HIGH This Week

An issue was discovered in GitLab Enterprise Edition 11.x and 12.x before 12.0.9, 12.1.x before 12.1.9, and 12.2.x before 12.2.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
7.1
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy