Skip to main content
CVE-2019-15023 HIGH This Week

A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that results in passwords for 3rd party integrations being stored in cleartext in device configuration. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Inspector
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2019-15022 HIGH This Week

A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that allows for the Inspector to be susceptible to ARP spoofing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Inspector
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-15018 HIGH This Week

A security vulnerability exists in the Zingbox Inspector versions 1.280 and earlier, where authentication is not required when binding the Inspector instance to a different customer tenant. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Inspector
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2019-0075 HIGH This Week

A vulnerability in the srxpfe process on Protocol Independent Multicast (PIM) enabled SRX series devices may lead to crash of the srxpfe process and an FPC reboot while processing (PIM) messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-0068 HIGH This Week

The SRX flowd process, responsible for packet forwarding, may crash and restart when processing specific multicast packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-0066 HIGH This Week

An unexpected status return value weakness in the Next-Generation Multicast VPN (NG-mVPN) service of Juniper Networks Junos OS allows attacker to cause a Denial of Service (DoS) condition and core. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-0065 HIGH This Week

On MX Series, when the SIP ALG is enabled, receipt of a certain malformed SIP packet may crash the MS-PIC component on MS-MIC or MS-MPC. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-0064 HIGH This Week

On SRX5000 Series devices, if 'set security zones security-zone <zone> tcp-rst' is configured, the flowd process may crash when a specific TCP packet is received by the device and triggers a new. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-0063 HIGH This Week

When an MX Series Broadband Remote Access Server (BRAS) is configured as a Broadband Network Gateway (BNG) with DHCPv6 enabled, jdhcpd might crash when receiving a specific crafted DHCP response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-0060 HIGH This Week

The flowd process, responsible for forwarding traffic in SRX Series services gateways, may crash and restart when processing specific transit IP packets through an IPSec tunnel. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-0059 HIGH This Week

A memory leak vulnerability in the of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending specific commands from a peered BGP host and having. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-0056 HIGH This Week

This issue only affects devices with three (3) or more MPC10's installed in a single chassis with OSPF enabled and configured on the device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-0055 HIGH This Week

A vulnerability in the SIP ALG packet processing service of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending specific types of valid SIP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-0051 HIGH This Week

SSL-Proxy feature on SRX devices fails to handle a hardware resource limitation which can be exploited by remote SSL/TLS servers to crash the flowd daemon. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-0050 HIGH This Week

Under certain heavy traffic conditions srxpfe process can crash and result in a denial of service condition for the SRX1500 device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-17389 HIGH PATCH This Week

In RIOT 2019.07, the MQTT-SN implementation (asymcute) mishandles errors occurring during a read operation on a UDP socket. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Riot
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-6469 HIGH This Week

An error in the EDNS Client Subnet (ECS) feature for recursive resolvers can cause BIND to exit with an assertion failure when processing a response that has malformed RRSIGs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bind
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2019-6468 HIGH This Week

In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can occur in versions which support EDNS Client Subnet (ECS) features. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bind
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2019-6467 HIGH This Week

A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bind
NVD
CVSS 3.1
7.5
EPSS
5.4%
CVE-2019-17128 HIGH This Week

Netreo OmniCenter through 12.1.1 allows unauthenticated SQL Injection (Boolean Based Blind) in the redirect parameters and parameter name of the login page through a GET request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Omnicenter
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2019-15226 HIGH PATCH This Week

Upon receiving each incoming request header data, Envoy will iterate over existing request headers to verify that the total size of the headers stays below a maximum limit. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
65.4%
CVE-2019-0054 HIGH This Week

An Improper Certificate Validation weakness in the SRX Series Application Identification (app-id) signature update client of Juniper Networks Junos OS allows an attacker to perform Man-in-the-Middle. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Juniper Information Disclosure Junos
NVD
CVSS 3.1
7.4
EPSS
0.6%
CVE-2019-17401 LOW POC Monitor

libyal liblnk 20191006 has a heap-based buffer over-read in the network_share_name_offset>20 code block of liblnk_location_information_read_data in liblnk_location_information.c, a different issue. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Liblnk
NVD GitHub
CVSS 3.1
3.3
EPSS
0.4%
CVE-2019-0073 HIGH This Week

The PKI keys exported using the command "run request security pki key-pair export" on Junos OS may have insecure file permissions. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2019-14808 MEDIUM This Month

An issue was discovered in the RENPHO application 3.0.0 for iOS. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Renpho
NVD
CVSS 3.1
6.8
EPSS
1.3%
CVE-2019-17109 MEDIUM PATCH This Month

Koji through 1.18.0 allows remote Directory Traversal, with resultant Privilege Escalation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Path Traversal Koji
NVD
CVSS 3.1
6.5
EPSS
2.8%
CVE-2019-0067 MEDIUM This Month

Receipt of a specific link-local IPv6 packet destined to the RE may cause the system to crash and restart (vmcore). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2019-17402 MEDIUM This Month

Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Exiv2 Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2019-17092 MEDIUM This Month

An XSS vulnerability in project list in OpenProject before 9.0.4 and 10.x before 10.0.2 allows remote attackers to inject arbitrary web script or HTML via the sortBy parameter because error messages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Openproject
NVD
CVSS 3.1
6.1
EPSS
1.7%
CVE-2019-17385 MEDIUM This Month

The animate-it plugin before 2.3.5 for WordPress has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Animate It
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-17384 MEDIUM This Month

The animate-it plugin before 2.3.4 for WordPress has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Animate It
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-17380 MEDIUM This Month

cPanel before 82.0.15 allows self XSS in the WHM Update Preferences interface (SEC-528). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cpanel
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-17379 MEDIUM This Month

cPanel before 82.0.15 allows self stored XSS in the WHM SSL Storage Manager interface (SEC-527). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cpanel
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-17378 MEDIUM This Month

cPanel before 82.0.15 allows self XSS in the SSL Key Delete interface (SEC-526). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cpanel
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-17377 MEDIUM This Month

cPanel before 82.0.15 allows self XSS in LiveAPI example scripts (SEC-524). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cpanel
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-17376 MEDIUM This Month

cPanel before 82.0.15 allows self XSS in the SSL Certificate Upload interface (SEC-521). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cpanel
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2019-5506 MEDIUM This Month

Clustered Data ONTAP versions 9.0 and higher do not enforce hostname verification under certain circumstances making them susceptible to impersonation via man-in-the-middle attacks. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Clustered Data Ontap
NVD
CVSS 3.1
5.9
EPSS
0.8%
CVE-2019-6471 MEDIUM This Month

A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Denial Of Service Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager +14
NVD
CVSS 3.1
5.9
EPSS
3.3%
CVE-2019-0074 MEDIUM This Month

A path traversal vulnerability in NFX150 Series and QFX10K Series, EX9200 Series, MX Series and PTX Series devices with Next-Generation Routing Engine (NG-RE) allows a local authenticated user to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Juniper Path Traversal Junos
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-0072 MEDIUM This Month

An Unprotected Storage of Credentials vulnerability in the identity and access management certificate generation procedure allows a local attacker to gain access to confidential information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Juniper Information Disclosure Sbr Carrier
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-0069 MEDIUM This Month

On EX4600, QFX5100 Series, NFX Series, QFX10K Series, QFX5110, QFX5200 Series, QFX5110, QFX5200, QFX10K Series, vSRX, SRX1500, SRX4000 Series, vSRX, SRX1500, SRX4000, QFX5110, QFX5200, QFX10K Series,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-5507 MEDIUM This Month

SnapManager for Oracle prior to version 3.4.2P1 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oracle Snapmanager
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-3653 MEDIUM This Month

Improper access control vulnerability in Configuration tool in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to gain access to security configuration via. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Endpoint Security
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-11212 MEDIUM This Month

The MDM server component of TIBCO Software Inc's TIBCO MDM contains multiple vulnerabilities that theoretically allow an authenticated user with specific roles to perform cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Master Data Management
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-15021 MEDIUM This Month

A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that can allow an attacker to easily identify instances of Zingbox Inspectors in a local area network. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Inspector
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2019-6465 MEDIUM This Month

Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 ->. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bind Enterprise Linux
NVD
CVSS 3.1
5.3
EPSS
3.7%
CVE-2019-3652 MEDIUM This Month

Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to get their malicious code installed by the ENS installer via code. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Code Injection RCE Endpoint Security
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2019-17112 MEDIUM This Month

An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Zoho Information Disclosure Manageengine Datasecurity Plus
NVD
CVSS 3.1
4.3
EPSS
2.1%
CVE-2019-4512 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Maximo Asset Management Control Desk Maximo For Aviation +7
NVD
CVSS 3.1
4.3
EPSS
1.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy