Skip to main content
CVE-2019-3980 CRITICAL POC Act Now

The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dameware Mini Remote Control
NVD
CVSS 3.1
9.8
EPSS
5.2%
CVE-2019-10757 CRITICAL POC PATCH Act Now

knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Knex
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2019-13336 CRITICAL POC Act Now

The dbell Wi-Fi Smart Video Doorbell DB01-S Gen 1 allows remote attackers to launch commands with no authentication verification via TCP port 81, because the loginuse and loginpass parameters to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Db01 S Firmware
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2019-17186 HIGH POC This Week

/var/WEB-GUI/cgi-bin/telnet.cgi on FiberHome HG2201T 1.00.M5007_JS_201804 devices allows pre-authentication remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Hg2201T Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
5.9%
CVE-2019-17107 HIGH POC PATCH This Week

minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP RCE Command Injection Centreon Web
NVD GitHub
CVSS 3.1
8.8
EPSS
3.6%
CVE-2019-14657 HIGH POC This Week

Yealink phones through 2019-08-04 have an issue with OpenVPN file upload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Path Traversal RCE Vp59 Firmware T49G Firmware +1
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2019-14656 HIGH POC This Week

Yealink phones through 2019-08-04 do not properly check user roles in POST requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Vp59 Firmware T49G Firmware T58V Firmware
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2019-17259 HIGH POC This Week

KMPlayer 4.2.2.31 allows a User Mode Write AV starting at utils!src_new+0x000000000014d6ee. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Kmplayer
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-17187 HIGH POC THREAT This Week

/var/WEB-GUI/cgi-bin/downloadfile.cgi on FiberHome HG2201T 1.00.M5007_JS_201804 devices allows pre-authentication Directory Traversal for reading arbitrary files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Hg2201T Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
10.8%
CVE-2019-17352 HIGH POC PATCH This Week

In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile() function: one can upload any type of file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Jfinal
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-17108 MEDIUM POC PATCH This Month

Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Centreon Web
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2019-10756 MEDIUM POC PATCH This Month

It is possible to inject JavaScript within node-red-dashboard versions prior to version 2.17.0 due to the ui_notification node accepting raw HTML by default. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Node Red Dashboard
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-16417 MEDIUM POC This Month

HRworks FLOW 3.36.9 allows XSS via the purpose of a travel-expense report. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hrworks
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-16416 MEDIUM POC This Month

HRworks 3.36.9 allows XSS via the purpose of a travel-expense report. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hrworks
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-17134 CRITICAL PATCH Act Now

Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 <3.2.0, >=4.0.0 <4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Octavia Ubuntu Linux
NVD
CVSS 3.1
9.1
EPSS
2.3%
CVE-2019-17271 MEDIUM POC PATCH This Month

vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Vbulletin
NVD
CVSS 3.1
4.9
EPSS
1.4%
CVE-2019-17346 HIGH PATCH This Week

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Denial Of Service Xen Debian Linux
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2019-17340 HIGH This Week

An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen Debian Linux
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2019-10963 MEDIUM POC This Month

Moxa EDR 810, all versions 5.1 and prior, allows an unauthenticated attacker to be able to retrieve some log files from the device, which may allow sensitive information disclosure. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Edr 810 Firmware
NVD Exploit-DB
CVSS 3.1
4.3
EPSS
6.3%
CVE-2019-14846 HIGH PATCH This Week

In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Ansible Engine Debian Linux Backports Sle Leap +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-17262 HIGH This Week

XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001fc0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Xnview
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-17261 HIGH This Week

XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001e51. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Xnview
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-17260 HIGH This Week

MPC-HC through 1.7.13 allows a Read Access Violation on a Block Data Move starting at mpc_hc!memcpy+0x000000000000004e. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Mpc Hc
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-17258 HIGH This Week

IrfanView 4.53 allows Data from a Faulting Address to control a subsequent Write Address starting at JPEG_LS+0x000000000000839c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2019-17256 HIGH This Week

IrfanView 4.53 allows a User Mode Write AV starting at DPX!ReadDPX_W+0x0000000000001203. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2019-17255 HIGH This Week

IrfanView 4.53 allows a User Mode Write AV starting at EXR!ReadEXR+0x0000000000010836. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2019-17254 HIGH This Week

IrfanView 4.53 allows Data from a Faulting Address to control a subsequent Write Address starting at FORMATS!Read_BadPNG+0x0000000000000101. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
2.5%
CVE-2019-17253 HIGH This Week

IrfanView 4.53 allows a User Mode Write AV starting at JPEG_LS+0x000000000000a6b8. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2019-17252 HIGH This Week

IrfanView 4.53 allows a User Mode Write AV starting at FORMATS!Read_BadPNG+0x0000000000000115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
2.5%
CVE-2019-17251 HIGH This Week

IrfanView 4.53 allows a User Mode Write AV starting at FORMATS!GetPlugInInfo+0x0000000000007d43. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2019-17250 HIGH This Week

IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x00000000000042f5. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2019-17249 HIGH This Week

IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000d57b. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2019-17248 HIGH This Week

IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x00000000000025b6. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2019-17247 HIGH This Week

IrfanView 4.53 allows Data from a Faulting Address to control a subsequent Write Address starting at JPEG_LS+0x0000000000007da8. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2019-17246 HIGH This Week

IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000258c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2019-17245 HIGH This Week

IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x0000000000004359. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2019-17244 HIGH This Week

IrfanView 4.53 allows Data from a Faulting Address to control Code Flow starting at JPEG_LS+0x0000000000001d8a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2019-17243 HIGH This Week

IrfanView 4.53 allows Data from a Faulting Address to control Code Flow starting at JPEG_LS+0x0000000000003155. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2019-17242 HIGH This Week

IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000966f. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2019-17241 HIGH This Week

IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000d563. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2019-17347 HIGH PATCH This Week

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Xen Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-17341 HIGH PATCH This Week

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a. Rated high severity (CVSS 7.8).

Race Condition Denial Of Service Xen Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-17359 HIGH PATCH This Week

The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Bc Java Tomee Active Iq Unified Manager Oncommand Api Services +17
NVD
CVSS 3.1
7.5
EPSS
8.9%
CVE-2019-17104 HIGH This Week

In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apache Centreon Vm
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2019-16929 HIGH PATCH This Week

Auth0 auth0.net before 6.5.4 has Incorrect Access Control because IdentityTokenValidator can be accidentally used to validate untrusted ID tokens. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Auth0 Net
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2019-10969 HIGH POC This Week

Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Edr 810 Firmware
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
8.7%
CVE-2019-17342 HIGH PATCH This Week

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was. Rated high severity (CVSS 7.0).

Race Condition Denial Of Service Xen Debian Linux
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2019-17343 MEDIUM This Month

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Xen Debian Linux
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2019-0370 MEDIUM This Month

Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection SAP Financial Consolidation
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2019-17106 MEDIUM PATCH This Month

In Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external components. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Centreon Web
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy