Skip to main content
CVE-2019-16396 HIGH POC This Week

GnuCOBOL 2.2 has a use-after-free in the end_scope_of_program_name() function in cobc/parser.y via crafted COBOL source code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Gnucobol
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2019-16395 HIGH POC This Week

GnuCOBOL 2.2 has a stack-based buffer overflow in the cb_name() function in cobc/tree.c via crafted COBOL source code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Gnucobol
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2019-14835 HIGH POC PATCH This Week

A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Linux Kernel Ubuntu Linux Debian Linux +31
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2019-6839 HIGH This Week

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 -. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Meg6501 0001 Firmware Meg6501 0002 Firmware Meg6260 0410 Firmware Meg6260 0415 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2019-6810 HIGH This Week

CWE-284: Improper Access Control vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause the execution of commands by unauthorized users when using IEC 60870-5-104 protocol.

Authentication Bypass Bmxnor0200H Firmware
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2019-11666 HIGH This Week

Insecure deserialization of untrusted data in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Service Manager
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-9008 HIGH This Week

An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Control For Empc A Imx6 Control For Iot2000 Control For Pfc100 +6
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2019-6831 HIGH This Week

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause disconnection of active. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bmxnor0200H Firmware
NVD
CVSS 3.1
8.6
EPSS
1.4%
CVE-2019-13538 HIGH This Week

3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versions prior to 3.5.16.0, allows the system to display active library content without checking its validity, which may allow the. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Codesys
NVD
CVSS 3.1
8.6
EPSS
0.9%
CVE-2019-6832 HIGH This Week

A CWE-287: Authentication vulnerability exists in spaceLYnk (all versions before 2.4.0) and Wiser for KNX (all versions before 2.4.0 - formerly known as homeLYnk), which could cause loss of control. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wiser For Knx Firmware Spacelynk Firmware
NVD
CVSS 3.1
8.3
EPSS
1.5%
CVE-2019-6826 HIGH This Week

A CWE-426: Untrusted Search Path vulnerability exists in SoMachine HVAC v2.4.1 and earlier versions, which could cause arbitrary code execution on the system running SoMachine HVAC when a malicious. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Somachine Hvac
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2019-6829 HIGH This Week

A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90) and Modicon M340 (firmware version prior to V3.10), which could cause a possible denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Modicon M580 Firmware Modicon M340 Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2019-6836 HIGH This Week

A CWE-863: Incorrect Authorization vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Meg6501 0001 Firmware Meg6501 0002 Firmware Meg6260 0410 Firmware Meg6260 0415 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-6828 HIGH This Week

A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmware version prior to V2.90), Modicon M340 (firmware version prior to V3.10), Modicon Premium (all versions), and Modicon Quantum. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Modicon M580 Firmware Modicon M340 Firmware Modicon Premium Firmware Modicon Quantum Firmware
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-6813 HIGH This Week

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions) and Modicon M340 controller (all firmware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Modicon M340 Firmware Bmxnor0200H Firmware
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2019-6811 HIGH This Week

An Improper Check for Unusual or Exceptional Conditions (CWE-754) vulnerability exists in Modicon Quantum 140 NOE771x1 version 6.9 and earlier, which could cause denial of service when the module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Modicon Quantum 140Noe77101 Firmware Modicon Quantum 140Noe77111 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-6809 HIGH This Week

A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware versions prior to V2.90), Modicon M340 (firmware versions prior to V3.10), Modicon Premium (all versions), Modicon Quantum. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Modicon M580 Firmware Modicon M340 Firmware Modicon Premium Firmware Modicon Quantum Firmware
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2019-11665 HIGH This Week

Data exposure in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Service Manager
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-4183 HIGH PATCH This Week

IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a remote user to send specially crafted requests that would consume all available CPU and memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service IBM Cognos Analytics Oncommand Insight
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2019-4175 HIGH PATCH This Week

IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Cognos Controller
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-11667 HIGH This Week

Unauthorized access to contact information in Micro Focus Service Manager, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Service Manager
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-9009 HIGH This Week

An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Control For Beaglebone Control For Empc A Imx6 Control For Iot2000 Control For Pfc100 +10
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-15729 HIGH This Week

An issue was discovered in GitLab Community and Enterprise Edition 8.18 through 12.2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
7.5
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy