Skip to main content
CVE-2019-17186 HIGH POC This Week

/var/WEB-GUI/cgi-bin/telnet.cgi on FiberHome HG2201T 1.00.M5007_JS_201804 devices allows pre-authentication remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Hg2201T Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
5.9%
CVE-2019-17107 HIGH POC PATCH This Week

minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP RCE Command Injection Centreon Web
NVD GitHub
CVSS 3.1
8.8
EPSS
3.6%
CVE-2019-14657 HIGH POC This Week

Yealink phones through 2019-08-04 have an issue with OpenVPN file upload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Path Traversal RCE Vp59 Firmware T49G Firmware +1
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2019-14656 HIGH POC This Week

Yealink phones through 2019-08-04 do not properly check user roles in POST requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Vp59 Firmware T49G Firmware T58V Firmware
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2019-17259 HIGH POC This Week

KMPlayer 4.2.2.31 allows a User Mode Write AV starting at utils!src_new+0x000000000014d6ee. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Kmplayer
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-17187 HIGH POC THREAT This Week

/var/WEB-GUI/cgi-bin/downloadfile.cgi on FiberHome HG2201T 1.00.M5007_JS_201804 devices allows pre-authentication Directory Traversal for reading arbitrary files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Hg2201T Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
10.8%
CVE-2019-17352 HIGH POC PATCH This Week

In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile() function: one can upload any type of file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Jfinal
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-17346 HIGH PATCH This Week

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Denial Of Service Xen Debian Linux
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2019-17340 HIGH This Week

An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen Debian Linux
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2019-14846 HIGH PATCH This Week

In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Ansible Engine Debian Linux Backports Sle Leap +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-17262 HIGH This Week

XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001fc0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Xnview
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-17261 HIGH This Week

XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001e51. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Xnview
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-17260 HIGH This Week

MPC-HC through 1.7.13 allows a Read Access Violation on a Block Data Move starting at mpc_hc!memcpy+0x000000000000004e. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Mpc Hc
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-17258 HIGH This Week

IrfanView 4.53 allows Data from a Faulting Address to control a subsequent Write Address starting at JPEG_LS+0x000000000000839c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2019-17256 HIGH This Week

IrfanView 4.53 allows a User Mode Write AV starting at DPX!ReadDPX_W+0x0000000000001203. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2019-17255 HIGH This Week

IrfanView 4.53 allows a User Mode Write AV starting at EXR!ReadEXR+0x0000000000010836. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2019-17254 HIGH This Week

IrfanView 4.53 allows Data from a Faulting Address to control a subsequent Write Address starting at FORMATS!Read_BadPNG+0x0000000000000101. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
2.5%
CVE-2019-17253 HIGH This Week

IrfanView 4.53 allows a User Mode Write AV starting at JPEG_LS+0x000000000000a6b8. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2019-17252 HIGH This Week

IrfanView 4.53 allows a User Mode Write AV starting at FORMATS!Read_BadPNG+0x0000000000000115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
2.5%
CVE-2019-17251 HIGH This Week

IrfanView 4.53 allows a User Mode Write AV starting at FORMATS!GetPlugInInfo+0x0000000000007d43. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2019-17250 HIGH This Week

IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x00000000000042f5. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2019-17249 HIGH This Week

IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000d57b. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2019-17248 HIGH This Week

IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x00000000000025b6. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2019-17247 HIGH This Week

IrfanView 4.53 allows Data from a Faulting Address to control a subsequent Write Address starting at JPEG_LS+0x0000000000007da8. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2019-17246 HIGH This Week

IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000258c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2019-17245 HIGH This Week

IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x0000000000004359. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2019-17244 HIGH This Week

IrfanView 4.53 allows Data from a Faulting Address to control Code Flow starting at JPEG_LS+0x0000000000001d8a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2019-17243 HIGH This Week

IrfanView 4.53 allows Data from a Faulting Address to control Code Flow starting at JPEG_LS+0x0000000000003155. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2019-17242 HIGH This Week

IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000966f. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2019-17241 HIGH This Week

IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000d563. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2019-17347 HIGH PATCH This Week

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Xen Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-17341 HIGH PATCH This Week

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a. Rated high severity (CVSS 7.8).

Race Condition Denial Of Service Xen Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-17359 HIGH PATCH This Week

The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Bc Java Tomee Active Iq Unified Manager Oncommand Api Services +17
NVD
CVSS 3.1
7.5
EPSS
8.9%
CVE-2019-17104 HIGH This Week

In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apache Centreon Vm
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2019-16929 HIGH PATCH This Week

Auth0 auth0.net before 6.5.4 has Incorrect Access Control because IdentityTokenValidator can be accidentally used to validate untrusted ID tokens. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Auth0 Net
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2019-10969 HIGH POC This Week

Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Edr 810 Firmware
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
8.7%
CVE-2019-17342 HIGH PATCH This Week

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was. Rated high severity (CVSS 7.0).

Race Condition Denial Of Service Xen Debian Linux
NVD
CVSS 3.1
7.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy