Skip to main content
CVE-2019-5067 CRITICAL POC Act Now

An uninitialized memory access vulnerability exists in the way Aspose.PDF 19.2 for C++ handles invalid parent object pointers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Use After Free RCE Memory Corruption Aspose Pdf For C
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2019-5066 CRITICAL POC Act Now

An exploitable use-after-free vulnerability exists in the way LZW-compressed streams are processed in Aspose.PDF 19.2 for C++. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Aspose Pdf For C
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2019-14254 CRITICAL POC Act Now

An issue was discovered in the secure portal in Publisure 2.1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Publisure
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-16399 CRITICAL POC Act Now

Western Digital WD My Book World through II 1.02.12 suffers from Broken Authentication, which allows an attacker to access the /admin/ directory without credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Wd My Book Firmware
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
7.1%
CVE-2019-5042 HIGH POC This Week

An exploitable Use-After-Free vulnerability exists in the way FunctionType 0 PDF elements are processed in Aspose.PDF 19.2 for C++. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Aspose Pdf For C
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2019-16403 HIGH POC PATCH This Week

In Webkul Bagisto before 0.1.5, the functionalities for customers to change their own values (such as address, review, orders, etc.) can also be manipulated by other customers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Bagisto
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-14252 HIGH POC This Week

An issue was discovered in the secure portal in Publisure 2.1.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Publisure
NVD GitHub
CVSS 3.1
7.2
EPSS
1.5%
CVE-2019-14253 MEDIUM POC This Month

An issue was discovered in servletcontroller in the secure portal in Publisure 2.1.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Publisure
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-11210 CRITICAL Act Now

The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Enterprise Runtime For R Spotfire Analytics Platform For Aws
NVD
CVSS 3.1
10.0
EPSS
3.7%
CVE-2019-11211 CRITICAL Act Now

The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Enterprise Runtime For R Spotfire Analytics Platform For Aws
NVD
CVSS 3.1
9.9
EPSS
3.7%
CVE-2019-3758 CRITICAL Act Now

RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Archer
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-13558 CRITICAL Act Now

In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, which may allow remote code execution, data exfiltration, or cause a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Webaccess
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2019-15301 CRITICAL Act Now

A SQL injection vulnerability in the method Terrasoft.Core.DB.Column.Const() in Terrasoft Bpm'online CRM-System SDK 7.13 allows attackers to execute arbitrary SQL commands via the value parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Bpm Online Crm System Sdk
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-13550 CRITICAL Act Now

In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an attacker to disclose sensitive information, cause improper control of generation of code, which may allow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Webaccess
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2019-9677 CRITICAL PATCH Act Now

The specific fields of CGI interface of some Dahua products are not strictly verified, an attacker can cause a buffer overflow by constructing malicious packets. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Dahua Ipc Hdw1X2X Firmware Ipc Hfw1X2X Firmware Ipc Hdw2X2X Firmware +6
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2019-13556 HIGH This Week

In WebAccess versions 8.4.1 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Webaccess
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2019-13552 HIGH This Week

In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a lack of proper validation of user-supplied data and may allow arbitrary file deletion and remote code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Webaccess
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2019-9679 HIGH PATCH This Week

Some of Dahua's Debug functions do not have permission separation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Dahua Ipc Hdw1X2X Firmware Ipc Hfw1X2X Firmware Ipc Hdw2X2X Firmware +6
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2019-11661 HIGH This Week

Allow changes to some table by non-SysAdmin in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Service Manager
NVD
CVSS 3.1
8.3
EPSS
1.0%
CVE-2019-5534 HIGH This Week

VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability where Virtual Machines deployed from an OVF could expose. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Information Disclosure Vcenter Server
NVD
CVSS 3.1
7.7
EPSS
1.6%
CVE-2019-5532 HIGH This Week

VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability due to the logging of credentials in plain-text for. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Information Disclosure Vcenter Server
NVD
CVSS 3.1
7.7
EPSS
1.9%
CVE-2019-9678 HIGH PATCH This Week

Some Dahua products have the problem of denial of service during the login process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Dahua Ipc Hdw1X2X Firmware Ipc Hfw1X2X Firmware Ipc Hdw2X2X Firmware +6
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-14458 HIGH This Week

VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of service via a crafted HTTP header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Camera
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2019-15843 HIGH This Week

A malicious file upload vulnerability was discovered in Xiaomi Millet mobile phones 1-6.3.9.3. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

File Upload Xiaomi Millet Firmware
NVD
CVSS 3.1
7.4
EPSS
0.8%
CVE-2019-3756 MEDIUM This Month

RSA Archer, versions prior to 6.6 P3 (6.6.0.3), contain an information disclosure vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Archer
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-3740 MEDIUM PATCH This Month

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Bsafe Cert J Bsafe Crypto J Bsafe Ssl J Application Performance Management +14
NVD
CVSS 3.1
6.5
EPSS
3.8%
CVE-2019-3739 MEDIUM PATCH This Month

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Bsafe Cert J Bsafe Crypto J Bsafe Ssl J Application Performance Management +12
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2019-3738 MEDIUM PATCH This Month

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Bsafe Cert J Bsafe Crypto J Bsafe Ssl J Threat Intelligence Exchange Server +12
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2019-11664 MEDIUM This Month

Clear text password in browser in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Service Manager
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2019-11663 MEDIUM This Month

Clear text credentials are used to access managers app in Tomcat in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Tomcat Information Disclosure Service Manager
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2019-16215 MEDIUM PATCH This Month

The Markdown parser in Zulip server before 2.0.5 used a regular expression vulnerable to exponential backtracking. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Zulip Server
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-1975 MEDIUM This Month

A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack on an affected device. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Hyperflex Hx220C M5 Firmware Hyperflex Hx240C M5 Firmware Hyperflex Hx220C Af M5 Firmware +2
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2019-11778 MEDIUM This Month

If an MQTT v5 client connects to Eclipse Mosquitto versions 1.6.0 to 1.6.4 inclusive, sets a last will and testament, sets a will delay interval, sets a session expiry interval, and the will delay. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Memory Corruption Mosquitto
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2019-5531 MEDIUM This Month

VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG) and VMware vCenter Server (6.7 prior to 6.7 U1b, 6.5 prior to 6.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware Information Disclosure ESXi Vsphere Esxi Vcenter Server
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2019-16216 MEDIUM PATCH This Month

Zulip server before 2.0.5 incompletely validated the MIME types of uploaded files. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Zulip Server
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-9680 MEDIUM PATCH This Month

Some Dahua products have information leakage issues. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Dahua Information Disclosure Ipc Hdw1X2X Firmware Ipc Hfw1X2X Firmware Ipc Hdw2X2X Firmware +6
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2019-12620 MEDIUM This Month

A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Cisco Hyperflex Hx220C M5 Firmware Hyperflex Hx240C M5 Firmware Hyperflex Hx220C Af M5 Firmware +2
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2019-11662 MEDIUM This Month

Class and method names in error message in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Service Manager
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy