Skip to main content
CVE-2019-16398 MEDIUM POC This Month

On Keeper K5 20.1.0.25 and 20.1.0.63 devices, remote code execution can occur by inserting an SD card containing a file named zskj_script_run.sh that executes a reverse shell. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE K5 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.8%
CVE-2019-9720 MEDIUM POC This Month

A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Libav
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-9717 MEDIUM POC This Month

In Libav 12.3, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c has a complex format. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libav
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2019-16525 MEDIUM POC PATCH This Month

An XSS issue was discovered in the checklist plugin before 1.1.9 for WordPress. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress PHP Checklist
NVD
CVSS 3.1
6.1
EPSS
5.5%
CVE-2019-15032 MEDIUM POC This Month

Pydio 6.0.8 mishandles error reporting when a directory allows unauthenticated uploads, and the remote-upload option is used with the http://localhost:22 URL. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pydio
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2019-11779 MEDIUM This Month

In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Mosquitto Ubuntu Linux Backports Sle Leap +2
NVD
CVSS 3.1
6.5
EPSS
2.7%
CVE-2019-16511 MEDIUM PATCH This Month

An issue was discovered in DTF in FireGiant WiX Toolset before 3.11.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Microsoft Wix Toolset
NVD GitHub
CVSS 3.1
5.5
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy