Skip to main content
CVE-2019-16199 CRITICAL POC THREAT Act Now

eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remote Code Execution by unauthenticated attackers with access to the web interface via an HTTP POST request to certain URLs related. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Homematic Ccu2 Firmware Homematic Ccu3 Firmware
NVD
CVSS 3.1
9.8
EPSS
13.1%
CVE-2019-16396 HIGH POC This Week

GnuCOBOL 2.2 has a use-after-free in the end_scope_of_program_name() function in cobc/parser.y via crafted COBOL source code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Gnucobol
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2019-16395 HIGH POC This Week

GnuCOBOL 2.2 has a stack-based buffer overflow in the cb_name() function in cobc/tree.c via crafted COBOL source code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Gnucobol
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2019-14835 HIGH POC PATCH This Week

A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Linux Kernel Ubuntu Linux Debian Linux +31
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2019-11559 MEDIUM POC This Month

A reflected Cross-site scripting (XSS) vulnerability in HRworks V 1.16.1 allows remote attackers to inject arbitrary web script or HTML via the URL parameter to the Login component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hrworks
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-6840 CRITICAL Act Now

A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Meg6501 0001 Firmware Meg6501 0002 Firmware Meg6260 0410 Firmware Meg6260 0415 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2019-16378 CRITICAL PATCH Act Now

OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Opendmarc Debian Linux Fedora Ubuntu Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2019-16239 CRITICAL Act Now

process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Openconnect Fedora Debian Linux Ubuntu Linux +1
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2019-15131 CRITICAL Act Now

In Code42 Enterprise 6.7.5 and earlier, 6.8.4 through 6.8.8, and 7.0.0 a vulnerability has been identified that may allow arbitrary files to be uploaded to Code42 servers and executed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Code42
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2019-16394 MEDIUM POC PATCH This Month

SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Spip Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.3
EPSS
7.5%
CVE-2019-6837 CRITICAL Act Now

A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Meg6501 0001 Firmware Meg6501 0002 Firmware Meg6260 0410 Firmware Meg6260 0415 Firmware
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2019-6839 HIGH This Week

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 -. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Meg6501 0001 Firmware Meg6501 0002 Firmware Meg6260 0410 Firmware Meg6260 0415 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2019-6810 HIGH This Week

CWE-284: Improper Access Control vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause the execution of commands by unauthorized users when using IEC 60870-5-104 protocol.

Authentication Bypass Bmxnor0200H Firmware
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2019-11666 HIGH This Week

Insecure deserialization of untrusted data in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Service Manager
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-9008 HIGH This Week

An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Control For Empc A Imx6 Control For Iot2000 Control For Pfc100 +6
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2019-6831 HIGH This Week

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause disconnection of active. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bmxnor0200H Firmware
NVD
CVSS 3.1
8.6
EPSS
1.4%
CVE-2019-13538 HIGH This Week

3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versions prior to 3.5.16.0, allows the system to display active library content without checking its validity, which may allow the. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Codesys
NVD
CVSS 3.1
8.6
EPSS
0.9%
CVE-2019-6832 HIGH This Week

A CWE-287: Authentication vulnerability exists in spaceLYnk (all versions before 2.4.0) and Wiser for KNX (all versions before 2.4.0 - formerly known as homeLYnk), which could cause loss of control. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wiser For Knx Firmware Spacelynk Firmware
NVD
CVSS 3.1
8.3
EPSS
1.5%
CVE-2019-6826 HIGH This Week

A CWE-426: Untrusted Search Path vulnerability exists in SoMachine HVAC v2.4.1 and earlier versions, which could cause arbitrary code execution on the system running SoMachine HVAC when a malicious. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Somachine Hvac
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2019-6829 HIGH This Week

A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90) and Modicon M340 (firmware version prior to V3.10), which could cause a possible denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Modicon M580 Firmware Modicon M340 Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2019-6836 HIGH This Week

A CWE-863: Incorrect Authorization vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Meg6501 0001 Firmware Meg6501 0002 Firmware Meg6260 0410 Firmware Meg6260 0415 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-6828 HIGH This Week

A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmware version prior to V2.90), Modicon M340 (firmware version prior to V3.10), Modicon Premium (all versions), and Modicon Quantum. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Modicon M580 Firmware Modicon M340 Firmware Modicon Premium Firmware Modicon Quantum Firmware
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-6813 HIGH This Week

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions) and Modicon M340 controller (all firmware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Modicon M340 Firmware Bmxnor0200H Firmware
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2019-6811 HIGH This Week

An Improper Check for Unusual or Exceptional Conditions (CWE-754) vulnerability exists in Modicon Quantum 140 NOE771x1 version 6.9 and earlier, which could cause denial of service when the module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Modicon Quantum 140Noe77101 Firmware Modicon Quantum 140Noe77111 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-6809 HIGH This Week

A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware versions prior to V2.90), Modicon M340 (firmware versions prior to V3.10), Modicon Premium (all versions), Modicon Quantum. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Modicon M580 Firmware Modicon M340 Firmware Modicon Premium Firmware Modicon Quantum Firmware
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2019-11665 HIGH This Week

Data exposure in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Service Manager
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-4183 HIGH PATCH This Week

IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a remote user to send specially crafted requests that would consume all available CPU and memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service IBM Cognos Analytics Oncommand Insight
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2019-4175 HIGH PATCH This Week

IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Cognos Controller
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-11667 HIGH This Week

Unauthorized access to contact information in Micro Focus Service Manager, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Service Manager
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-9009 HIGH This Week

An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Control For Beaglebone Control For Empc A Imx6 Control For Iot2000 Control For Pfc100 +10
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-15729 HIGH This Week

An issue was discovered in GitLab Community and Enterprise Edition 8.18 through 12.2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-16391 MEDIUM PATCH This Month

SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

PHP Information Disclosure Spip Ubuntu Linux Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2019-6838 MEDIUM This Month

A CWE-863: Incorrect Authorization vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Meg6501 0001 Firmware Meg6501 0002 Firmware Meg6260 0410 Firmware Meg6260 0415 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2019-6833 MEDIUM This Month

A CWE-754 - Improper Check for Unusual or Exceptional Conditions vulnerability exists in Magelis HMI Panels (all versions of - HMIGTO, HMISTO, XBTGH, HMIGTU, HMIGTUX, HMISCU, HMISTU, XBTGT, XBTGT,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hmigto Firmware Hmisto Firmware Xbtgh Firmware Hmigtu Firmware +5
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-4477 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a user with access to audit logs to obtain sensitive information, caused by improper handling of command line options. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation IBM Websphere Application Server
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2019-13542 MEDIUM This Month

3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Control For Beaglebone Control For Empc A Imx6 Control For Iot2000 +7
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-16393 MEDIUM PATCH This Month

SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

PHP Open Redirect Spip Ubuntu Linux Debian Linux
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-16392 MEDIUM PATCH This Month

SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Spip Ubuntu Linux Debian Linux
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2019-4086 MEDIUM PATCH This Month

IBM Cloud Application Performance Management 8.1.4 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS IBM Application Performance Management
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2019-6830 MEDIUM This Month

A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all versions prior to V2.80, which could cause a possible denial of service when sending an appropriately timed HTTP request to the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Modicon M580 Firmware
NVD
CVSS 3.1
5.9
EPSS
1.1%
CVE-2019-12755 MEDIUM This Month

Norton Password Manager, prior to 6.5.0.2104, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Norton Password Manager
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-6835 MEDIUM This Month

A Cross-Site Scripting (XSS) CWE-79 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Meg6501 0001 Firmware Meg6501 0002 Firmware Meg6260 0410 Firmware Meg6260 0415 Firmware
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2019-4342 MEDIUM PATCH This Month

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Cognos Analytics Oncommand Insight
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2019-4270 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Application Server
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-4268 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

IBM Path Traversal Websphere Application Server
NVD
CVSS 3.1
5.3
EPSS
2.7%
CVE-2019-9681 MEDIUM PATCH This Month

Online upgrade information in some firmware packages of Dahua products is not encrypted. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Dahua Information Disclosure Ipc Hdw1X2X Firmware Ipc Hfw1X2X Firmware Ipc Hdw2X2X Firmware +6
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2019-14826 MEDIUM This Month

A flaw was found in FreeIPA versions 4.5.0 and later. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Freeipa Enterprise Linux
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2019-4442 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a remote attacker to traverse directories on the file system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

IBM Path Traversal Websphere Application Server
NVD
CVSS 3.1
4.3
EPSS
2.1%
CVE-2019-4171 LOW PATCH Monitor

IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 does not set the secure attribute on authorization tokens or session cookies. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

IBM Information Disclosure Cognos Controller
NVD
CVSS 3.1
3.7
EPSS
0.6%
CVE-2019-4271 LOW PATCH Monitor

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console is vulnerable to a Client-side HTTP parameter pollution vulnerability. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Websphere Application Server
NVD
CVSS 3.1
3.5
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy