Skip to main content
CVE-2019-17508 CRITICAL POC THREAT Emergency

On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEVICE.TIME.php allows command injection via the $SERVER variable. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link PHP Command Injection Dir 859 A3 Firmware Dir 850L A Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
15.8%
CVE-2019-2215 HIGH POC KEV PATCH THREAT Act Now

A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Linux Information Disclosure Memory Corruption Android +76
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
72.1%
CVE-2019-17510 CRITICAL POC Act Now

D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetWizardConfig with shell. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link PHP Command Injection Dir 846 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2019-17509 CRITICAL POC Act Now

D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetMasterWLanSettings with. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link PHP Command Injection Dir 846 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.5%
CVE-2019-17506 CRITICAL POC THREAT Act Now

There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link PHP Dir 868L B1 Firmware Dir 817Lw A1 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
57.3%
CVE-2019-17059 CRITICAL POC Act Now

A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Sophos Command Injection Cyberoamos
NVD
CVSS 3.1
9.8
EPSS
7.4%
CVE-2019-17499 HIGH POC This Week

The setter.xml component of the Common Gateway Interface on Compal CH7465LG 6.12.18.25-2p4 devices does not properly validate ping command arguments, which allows remote authenticated users to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ch7465Lg Firmware
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2019-17507 HIGH POC This Week

An issue was discovered on D-Link DIR-816 A1 1.06 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dir 816 A1 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2019-17505 HIGH POC This Week

D-Link DAP-1320 A2-V1.21 routers have some web interfaces without authentication requirements, as demonstrated by uplink_info.xml. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dap 1320 A2 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-14510 MEDIUM POC This Month

An issue was discovered in Kaseya VSA RMM through 9.5.0.22. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Vsa
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2019-17176 MEDIUM POC This Month

Genesys PureEngage Digital (eServices) 8.1.x allows XSS via HtmlChatPanel.jsp or HtmlChatFrameSet.jsp (ActionColor, ClientNickNameColor, Email, email, or email_address parameter). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eservices Chat
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-17504 MEDIUM POC This Month

An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dynamic Resource Scheduling
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
2.8%
CVE-2019-17503 MEDIUM POC THREAT This Month

An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dynamic Resource Scheduling
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
49.2%
CVE-2019-2186 HIGH PATCH This Week

In GetMBheader of combined_decode.cpp, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2019-2185 HIGH PATCH This Week

In VlcDequantH263IntraBlock_SH of vlc_dequant.cpp, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2019-2184 HIGH PATCH This Week

In PV_DecodePredictedIntraDC of dec_pred_intra_dc.cpp, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2019-2173 HIGH PATCH This Week

In startActivityMayWait of ActivityStarter.java, there is a possible incorrect Activity launch due to an incorrect permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-2114 HIGH PATCH This Week

In the default privileges of NFC, there is a possible local bypass of user interaction requirements on package installation due to a default permission. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-14570 HIGH This Week

Memory corruption in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Privilege Escalation Buffer Overflow Intel +6
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-14569 HIGH This Week

Pointer corruption in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Privilege Escalation Buffer Overflow Intel +5
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-11167 HIGH This Week

Improper file permission in software installer for Intel(R) Smart Connect Technology for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Smart Connect Technology
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-11120 HIGH This Week

Insufficient path checking in the installer for Intel(R) Active System Console before version 8.0 Build 24 may allow an authenticated user to potentially enable escalation of privilege via local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Active System Console
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-6335 HIGH This Week

A potential security vulnerability has been identified with Samsung Laser Printers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Samsung Samsung Clp680 Firmware Samsung M2070 Firmware Samsung C480 Firmware +1
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2019-6333 MEDIUM This Month

A potential security vulnerability has been identified with certain versions of HP Touchpoint Analytics prior to version 4.1.4.2827. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

HP RCE Touchpoint Analytics
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2019-17497 MEDIUM This Month

Tracker PDF-XChange Editor before 8.0.330.0 has an NTLM SSO hash theft vulnerability using crafted FDF or XFDF files (a related issue to CVE-2018-4993). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pdf Xchange Editor
NVD GitHub
CVSS 3.1
6.5
EPSS
6.5%
CVE-2019-17496 MEDIUM PATCH This Month

Craft CMS before 3.3.8 has stored XSS via a name field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Craft Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-2187 MEDIUM PATCH This Month

In nfc_ncif_decode_rf_params of nfc_ncif.cc, there is a possible out of bounds read due to an integer underflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-2183 MEDIUM PATCH This Month

In generateServicesMap of RegisteredServicesCache.java, there is a possible account protection bypass due to a caching optimization. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-2110 MEDIUM PATCH This Month

In ScreenRotationAnimation of ScreenRotationAnimation.java, there is a possible capture of a secure screen due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Information Disclosure Google Android
NVD
CVSS 3.1
5.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy