Skip to main content
CVE-2019-17180 HIGH POC PATCH This Week

Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file modifications on Windows in the context of NT AUTHORITY\SYSTEM. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Path Traversal Microsoft Steam Client
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2019-17175 HIGH POC This Week

joyplus-cms 1.6.0 allows manager/admin_pic.php?rootpath= absolute path traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Joyplus Cms
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-17188 HIGH POC This Week

An unrestricted file upload vulnerability was discovered in catalog/productinfo/imageupload in Fecshop FecMall 2.3.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Fecmall
NVD GitHub
CVSS 3.1
7.2
EPSS
1.4%
CVE-2019-11655 HIGH This Week

Unrestricted file upload vulnerability in Micro Focus ArcSight Logger, version 6.7.0 and later. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Arcsight Logger
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2019-6776 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
3.9%
CVE-2019-6775 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Reader Phantompdf
NVD
CVSS 3.1
7.8
EPSS
4.2%
CVE-2019-6774 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.4.1.16828. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Reader Phantompdf
NVD
CVSS 3.1
7.8
EPSS
4.2%
CVE-2019-13320 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Reader Phantompdf
NVD
CVSS 3.1
7.8
EPSS
4.1%
CVE-2019-13319 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Reader Phantompdf
NVD
CVSS 3.1
7.8
EPSS
4.1%
CVE-2019-13317 HIGH This Week

This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Reader Phantompdf
NVD
CVSS 3.1
7.8
EPSS
7.7%
CVE-2019-13316 HIGH This Week

This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
7.7%
CVE-2019-13315 HIGH This Week

This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Reader Phantompdf
NVD
CVSS 3.1
7.8
EPSS
7.7%
CVE-2019-16865 HIGH PATCH This Week

An issue was discovered in Pillow before 6.2.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Pillow Fedora
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2019-17183 HIGH This Week

Foxit Reader before 9.7 allows an Access Violation and crash if insufficient memory exists. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Reader
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-6015 HIGH This Week

FON2601E-SE, FON2601E-RE, FON2601E-FSW-S, and FON2601E-FSW-B with firmware versions 1.1.7 and earlier contain an issue where they may behave as open resolvers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Fon2601E Se Firmware Fon2601E Re Firmware Fon2601E Fsw S Firmware Fon2601E Fsw B Firmware
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2019-17178 HIGH PATCH This Week

HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer (i.e., the first. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Freerdp Lodepng Leap
NVD GitHub
CVSS 3.1
7.5
EPSS
2.6%
CVE-2019-17177 HIGH PATCH This Week

libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Freerdp Leap
NVD GitHub
CVSS 3.1
7.5
EPSS
2.7%
CVE-2019-4227 HIGH This Week

IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 AMQP Listeners could allow an unauthorized user to conduct a session fixation attack due to clients not being. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Session Fixation IBM Mq
NVD
CVSS 3.1
7.3
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy