Skip to main content
CVE-2019-16667 HIGH POC THREAT This Week

diag_command.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as demonstrated by executing OS commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Pfsense
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
54.5%
CVE-2019-16869 HIGH POC PATCH This Week

Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Request Smuggling Information Disclosure Netty Debian Linux Ubuntu Linux +1
NVD GitHub
CVSS 3.1
7.5
EPSS
8.4%
CVE-2019-11279 HIGH This Week

CF UAA versions prior to 74.1.0 can request scopes for a client that shouldn't be allowed by submitting an array of requested scopes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Uaa Release
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2019-11278 HIGH This Week

CF UAA versions prior to 74.1.0, allow external input to be directly queried against. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection User Account And Authentication
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2019-12091 HIGH This Week

The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netskope
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2019-10882 HIGH This Week

The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Netskope
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-15862 HIGH This Week

An issue was discovered in CKFinder through 2.6.2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Ckfinder
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-6175 HIGH PATCH This Week

A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Lenovo System Update
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-6161 HIGH This Week

An internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB (Storage Block) BMC in firmware versions prior to 1908.M. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Session Fixation Cp Storage Block Firmware
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-0203 HIGH PATCH This Week

In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Apache Subversion
NVD
CVSS 3.1
7.5
EPSS
3.4%
CVE-2019-14844 HIGH PATCH This Week

A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Kerberos 5 Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
4.4%
CVE-2019-16901 HIGH This Week

Advantech WebAccess/HMI Designer 2.1.9.31 has Exception Handler Chain corruption starting at Unknown Symbol @ 0x0000000000000000 called from ntdll!RtlRaiseStatus+0x00000000000000b4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Webaccess Hmi Designer
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-16900 HIGH This Week

Advantech WebAccess/HMI Designer 2.1.9.31 has a User Mode Write AV starting at MSVCR90!memcpy+0x000000000000015c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Webaccess Hmi Designer
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-16899 HIGH This Week

In Advantech WebAccess/HMI Designer 2.1.9.31, Data from a Faulting Address controls Code Flow starting at PM_V3!CTagInfoThreadBase::GetNICInfo+0x0000000000512918. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Webaccess Hmi Designer
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-10097 HIGH This Week

In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Apache Buffer Overflow Http Server +6
NVD
CVSS 3.1
7.2
EPSS
52.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy