Skip to main content
CVE-2019-16891 CRITICAL POC PATCH THREAT Act Now

Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON payload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Liferay Portal
NVD
CVSS 3.1
9.8
EPSS
45.7%
CVE-2019-17180 HIGH POC PATCH This Week

Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file modifications on Windows in the context of NT AUTHORITY\SYSTEM. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Path Traversal Microsoft Steam Client
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2019-17175 HIGH POC This Week

joyplus-cms 1.6.0 allows manager/admin_pic.php?rootpath= absolute path traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Joyplus Cms
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-17188 HIGH POC This Week

An unrestricted file upload vulnerability was discovered in catalog/productinfo/imageupload in Fecshop FecMall 2.3.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Fecmall
NVD GitHub
CVSS 3.1
7.2
EPSS
1.4%
CVE-2019-17184 CRITICAL Act Now

Xerox AtlaLink B8045/B8055/B8065/B8075/B8090 C8030/C8035/C8045/C8055/C8070 printers with software before 101.00x.089.22600 allow an attacker to gain privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Atlalink Firmware
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-17133 CRITICAL PATCH Act Now

In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Linux Linux Kernel Debian Linux Ubuntu Linux +1
NVD
CVSS 3.1
9.8
EPSS
6.7%
CVE-2019-17132 CRITICAL POC THREAT Act Now

vBulletin through 5.5.4 mishandles custom avatars. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vbulletin
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
11.8%
CVE-2019-17113 CRITICAL PATCH Act Now

In libopenmpt before 0.3.19 and 0.4.x before 0.4.9, ModPlug_InstrumentName and ModPlug_SampleName in libopenmpt_modplug.c do not restrict the lengths of libmodplug output-buffer strings in the C API,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Libopenmpt
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-11655 HIGH This Week

Unrestricted file upload vulnerability in Micro Focus ArcSight Logger, version 6.7.0 and later. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Arcsight Logger
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2019-6776 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
3.9%
CVE-2019-6775 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Reader Phantompdf
NVD
CVSS 3.1
7.8
EPSS
4.2%
CVE-2019-6774 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.4.1.16828. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Reader Phantompdf
NVD
CVSS 3.1
7.8
EPSS
4.2%
CVE-2019-13320 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Reader Phantompdf
NVD
CVSS 3.1
7.8
EPSS
4.1%
CVE-2019-13319 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Reader Phantompdf
NVD
CVSS 3.1
7.8
EPSS
4.1%
CVE-2019-13317 HIGH This Week

This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Reader Phantompdf
NVD
CVSS 3.1
7.8
EPSS
7.7%
CVE-2019-13316 HIGH This Week

This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
7.7%
CVE-2019-13315 HIGH This Week

This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Reader Phantompdf
NVD
CVSS 3.1
7.8
EPSS
7.7%
CVE-2019-16865 HIGH PATCH This Week

An issue was discovered in Pillow before 6.2.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Pillow Fedora
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2019-17183 HIGH This Week

Foxit Reader before 9.7 allows an Access Violation and crash if insufficient memory exists. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Reader
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-6015 HIGH This Week

FON2601E-SE, FON2601E-RE, FON2601E-FSW-S, and FON2601E-FSW-B with firmware versions 1.1.7 and earlier contain an issue where they may behave as open resolvers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Fon2601E Se Firmware Fon2601E Re Firmware Fon2601E Fsw S Firmware Fon2601E Fsw B Firmware
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2019-17178 HIGH PATCH This Week

HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer (i.e., the first. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Freerdp Lodepng Leap
NVD GitHub
CVSS 3.1
7.5
EPSS
2.6%
CVE-2019-17177 HIGH PATCH This Week

libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Freerdp Leap
NVD GitHub
CVSS 3.1
7.5
EPSS
2.7%
CVE-2019-4227 HIGH This Week

IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 AMQP Listeners could allow an unauthorized user to conduct a session fixation attack due to clients not being. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Session Fixation IBM Mq
NVD
CVSS 3.1
7.3
EPSS
1.2%
CVE-2019-17130 MEDIUM This Month

vBulletin through 5.5.4 mishandles external URLs within the /core/vb/vurl.php file and the /core/vb/vurl directories. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Path Traversal Information Disclosure Vbulletin
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-17179 MEDIUM PATCH This Month

4.1.0, 4.1.1, 4.1.2, 4.1.2.3, 4.1.2.6, 4.1.2.7, 4.2.0, 4.2.1, 4.2.2, 5.0.0, 5.0.0.5, 5.0.0.6, 5.0.1, 5.0.1.1, 5.0.1.2, 5.0.1.3, 5.0.1.4, 5.0.1.5, 5.0.1.6, 5.0.1.7, 5.0.2, fixed in version 5.0.2.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Openemr
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-4564 MEDIUM This Month

IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Security Key Lifecycle Manager
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-13318 MEDIUM This Month

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 9.5.0.20723. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Reader Phantompdf
NVD
CVSS 3.1
5.5
EPSS
5.8%
CVE-2019-11656 MEDIUM This Month

Stored XSS vulnerability in Micro Focus ArcSight Logger, affects versions prior to Logger 6.7.1 HotFix 6.7.1.8262.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Arcsight Logger
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-17121 MEDIUM This Month

REDCap before 9.3.4 has XSS on the Customize & Manage Locking/E-signatures page via Lock Record Custom Text values. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Redcap
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-4514 MEDIUM This Month

IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 discloses sensitive information to unauthorized users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Key Lifecycle Manager
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2019-17131 MEDIUM This Month

vBulletin before 5.5.4 allows clickjacking. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Vbulletin
NVD
CVSS 3.1
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy