Skip to main content
CVE-2019-13529 HIGH POC This Week

An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform actions with the permissions of the user on the Sunny WebBox Firmware Version 1.6 and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Sunny Webbox Firmware
NVD Exploit-DB VulDB
CVSS 3.1
8.8
EPSS
2.2%
CVE-2019-17372 HIGH POC This Week

Certain NETGEAR devices allow remote attackers to disable all authentication requirements by visiting genieDisableLanChanged.cgi. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Netgear Authentication Bypass Ac1450 Firmware D8500 Firmware Dc112A Firmware +30
NVD GitHub
CVSS 3.1
8.1
EPSS
1.7%
CVE-2019-15719 HIGH POC This Week

Altair PBS Professional through 19.1.2 allows Privilege Escalation because an attacker can send a message directly to pbs_mom, which fails to properly authenticate the message. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE Pbs Professional
NVD
CVSS 3.1
8.0
EPSS
2.0%
CVE-2019-17365 HIGH POC This Week

Nix through 2.3 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Nix
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-5053 HIGH POC This Week

An exploitable use-after-free vulnerability exists in the Length parsing function of NitroPDF. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Nitropdf
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2019-5050 HIGH POC This Week

A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow RCE Nitropdf
NVD
CVSS 3.1
7.8
EPSS
2.6%
CVE-2019-5048 HIGH POC This Week

A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow RCE Nitropdf
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2019-5047 HIGH POC This Week

An exploitable Use After Free vulnerability exists in the CharProcs parsing functionality of NitroPDF. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free Memory Corruption Nitropdf
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2019-5046 HIGH POC This Week

A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow RCE Nitropdf
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2019-5045 HIGH POC This Week

A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow RCE Nitropdf
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2019-16905 HIGH POC PATCH This Week

OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

SSH Integer Overflow RCE Buffer Overflow Openssh +4
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2019-17414 HIGH POC This Week

tinylcy Vino through 2017-12-15 allows remote attackers to cause a denial of service ("vn_get_string error: Resource temporarily unavailable" error and daemon crash) via a long URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Vino
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2019-15715 HIGH POC PATCH THREAT This Week

MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Command Injection Mantisbt
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
30.0%
CVE-2019-17370 HIGH POC This Week

OTCMS v3.85 allows arbitrary PHP Code Execution because admin/sysCheckFile_deal.php blocks "into outfile" in a SELECT statement, but does not block the "into/**/outfile" manipulation. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi RCE PHP Otcms
NVD GitHub
CVSS 3.1
7.2
EPSS
2.1%
CVE-2019-17366 HIGH This Week

Citrix Application Delivery Management (ADM) 12.1 before build 54.13 has Incorrect Access Control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Application Delivery Management
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2019-15016 HIGH This Week

An SQL injection vulnerability exists in the management interface of Zingbox Inspector versions 1.288 and earlier, that allows for unsanitized data provided by an authenticated user to be passed from. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Inspector
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-15014 HIGH This Week

A command injection vulnerability exists in the Zingbox Inspector versions 1.286 and earlier, that allows for an authenticated user to execute arbitrary system commands in the CLI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Inspector
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2019-0070 HIGH This Week

An Improper Input Validation weakness allows a malicious local attacker to elevate their permissions to take control of other portions of the NFX platform they should not be able to access, and. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2019-0062 HIGH This Week

A session fixation vulnerability in J-Web on Junos OS may allow an attacker to use social engineering techniques to fix and hijack a J-Web administrators web session and potentially gain. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Session Fixation Information Disclosure Junos
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2019-0047 HIGH This Week

A persistent Cross-Site Scripting (XSS) vulnerability in Junos OS J-Web interface may allow remote unauthenticated attackers to perform administrative actions on the Junos device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper XSS Junos
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2019-17375 HIGH This Week

cPanel before 82.0.15 allows API token credentials to persist after an account has been renamed or terminated (SEC-517). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2019-13051 HIGH PATCH This Week

Pi-Hole 4.3 allows Command Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Pi Hole
NVD GitHub
CVSS 3.1
8.8
EPSS
12.5%
CVE-2019-15017 HIGH This Week

The SSH service is enabled on the Zingbox Inspector versions 1.294 and earlier, exposing SSH to the local network. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Inspector
NVD
CVSS 3.1
8.4
EPSS
0.4%
CVE-2019-15015 HIGH This Week

In the Zingbox Inspector, versions 1.294 and earlier, hardcoded credentials for root and inspector user accounts are present in the system software, which can result in unauthorized users gaining. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Inspector
NVD
CVSS 3.1
8.4
EPSS
0.4%
CVE-2019-17353 HIGH This Week

An issue discovered on D-Link DIR-615 devices with firmware version 20.05 and 20.07. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dir 615 Firmware
NVD GitHub
CVSS 3.1
8.2
EPSS
3.0%
CVE-2019-3765 HIGH This Week

Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Avamar Server Emc Integrated Data Protection Appliance
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2019-5700 HIGH This Week

NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra software contains a vulnerability in the bootloader, where it does not validate the fields of the boot image, which may lead to code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Denial Of Service Information Disclosure RCE Shield Experience
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2019-5699 HIGH This Week

NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra bootloader contains a vulnerability where the software performs an incorrect bounds check, which may lead to buffer overflow resulting in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Nvidia Buffer Overflow RCE +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-0071 HIGH This Week

Veriexec is a kernel-based file integrity subsystem in Junos OS that ensures only authorized binaries are able to be executed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Juniper Jwt Attack Information Disclosure Junos
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-0061 HIGH This Week

The management daemon (MGD) is responsible for all configuration and management operations in Junos OS. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-0058 HIGH This Week

A vulnerability in the Veriexec subsystem of Juniper Networks Junos OS allowing an attacker to fully compromise the host system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-0057 HIGH This Week

An improper authorization weakness in Juniper Networks Junos OS allows a local authenticated attacker to bypass regular security controls to access the Junos Device Manager (JDM) application and take. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Juniper Authentication Bypass Junos
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-4558 HIGH PATCH This Week

A security vulnerability has been identified in all levels of IBM Spectrum Scale V5.0.0.0 through V5.0.3.2 and IBM Spectrum Scale V4.2.0.0 through V4.2.3.17 that could allow a local attacker to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Code Injection IBM Spectrum Scale
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2019-15023 HIGH This Week

A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that results in passwords for 3rd party integrations being stored in cleartext in device configuration. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Inspector
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2019-15022 HIGH This Week

A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that allows for the Inspector to be susceptible to ARP spoofing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Inspector
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-15018 HIGH This Week

A security vulnerability exists in the Zingbox Inspector versions 1.280 and earlier, where authentication is not required when binding the Inspector instance to a different customer tenant. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Inspector
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2019-0075 HIGH This Week

A vulnerability in the srxpfe process on Protocol Independent Multicast (PIM) enabled SRX series devices may lead to crash of the srxpfe process and an FPC reboot while processing (PIM) messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-0068 HIGH This Week

The SRX flowd process, responsible for packet forwarding, may crash and restart when processing specific multicast packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-0066 HIGH This Week

An unexpected status return value weakness in the Next-Generation Multicast VPN (NG-mVPN) service of Juniper Networks Junos OS allows attacker to cause a Denial of Service (DoS) condition and core. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-0065 HIGH This Week

On MX Series, when the SIP ALG is enabled, receipt of a certain malformed SIP packet may crash the MS-PIC component on MS-MIC or MS-MPC. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-0064 HIGH This Week

On SRX5000 Series devices, if 'set security zones security-zone <zone> tcp-rst' is configured, the flowd process may crash when a specific TCP packet is received by the device and triggers a new. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-0063 HIGH This Week

When an MX Series Broadband Remote Access Server (BRAS) is configured as a Broadband Network Gateway (BNG) with DHCPv6 enabled, jdhcpd might crash when receiving a specific crafted DHCP response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-0060 HIGH This Week

The flowd process, responsible for forwarding traffic in SRX Series services gateways, may crash and restart when processing specific transit IP packets through an IPSec tunnel. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-0059 HIGH This Week

A memory leak vulnerability in the of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending specific commands from a peered BGP host and having. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-0056 HIGH This Week

This issue only affects devices with three (3) or more MPC10's installed in a single chassis with OSPF enabled and configured on the device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-0055 HIGH This Week

A vulnerability in the SIP ALG packet processing service of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending specific types of valid SIP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-0051 HIGH This Week

SSL-Proxy feature on SRX devices fails to handle a hardware resource limitation which can be exploited by remote SSL/TLS servers to crash the flowd daemon. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-0050 HIGH This Week

Under certain heavy traffic conditions srxpfe process can crash and result in a denial of service condition for the SRX1500 device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-17389 HIGH PATCH This Week

In RIOT 2019.07, the MQTT-SN implementation (asymcute) mishandles errors occurring during a read operation on a UDP socket. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Riot
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-6469 HIGH This Week

An error in the EDNS Client Subnet (ECS) feature for recursive resolvers can cause BIND to exit with an assertion failure when processing a response that has malformed RRSIGs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bind
NVD
CVSS 3.1
7.5
EPSS
1.9%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy