Skip to main content
CVE-2019-3010 HIGH POC KEV PATCH THREAT Act Now

Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Oracle Solaris
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
13.4%
CVE-2019-17665 HIGH POC This Week

NSA Ghidra before 9.0.2 is vulnerable to DLL hijacking because it loads jansi.dll from the current working directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ghidra
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-17624 HIGH POC This Week

"" In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption X Server
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
3.7%
CVE-2019-12636 HIGH This Week

A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco CSRF Sf250 24 Firmware Sf250 24P Firmware +106
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2019-3028 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Information Disclosure Oracle Vm Virtualbox
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2019-10449 HIGH PATCH This Week

Jenkins Fortify on Demand Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Fortify On Demand
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2019-10448 HIGH This Week

Jenkins Extensive Testing Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Extensive Testing
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2019-10443 HIGH PATCH This Week

Jenkins iceScrum Plugin 1.1.4 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Icescrum
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2019-10440 HIGH PATCH This Week

Jenkins NeoLoad Plugin 2.2.5 and earlier stored credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they could be viewed by users with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Neoload
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2019-10437 HIGH PATCH This Week

A cross-site request forgery vulnerability in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Crx Content Package Deployer
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2019-15261 HIGH This Week

A vulnerability in the Point-to-Point Tunneling Protocol (PPTP) VPN packet processing functionality in Cisco Aironet Access Points (APs) could allow an unauthenticated, remote attacker to cause an. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Aironet 1810 Firmware Aironet 1830 Firmware Aironet 1850 Firmware
NVD
CVSS 3.1
8.6
EPSS
1.4%
CVE-2019-2905 HIGH PATCH This Week

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Business Intelligence
NVD
CVSS 3.1
8.6
EPSS
2.0%
CVE-2019-3017 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity.

Information Disclosure Oracle Vm Virtualbox
NVD
CVSS 3.1
8.2
EPSS
0.9%
CVE-2019-3000 HIGH PATCH This Week

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Marketing
NVD
CVSS 3.1
8.2
EPSS
1.5%
CVE-2019-2995 HIGH PATCH This Week

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Marketing
NVD
CVSS 3.1
8.2
EPSS
1.5%
CVE-2019-2994 HIGH PATCH This Week

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Marketing
NVD
CVSS 3.1
8.2
EPSS
1.5%
CVE-2019-2990 HIGH PATCH This Week

Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Order Tracker). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Istore
NVD
CVSS 3.1
8.2
EPSS
1.3%
CVE-2019-2942 HIGH PATCH This Week

Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: User Interface). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Advanced Outbound Telephony
NVD
CVSS 3.1
8.2
EPSS
1.4%
CVE-2019-2906 HIGH PATCH This Week

Vulnerability in the BI Publisher (formerly XML Publisher) product of Oracle Fusion Middleware (component: Mobile Service). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Business Intelligence Publisher
NVD
CVSS 3.1
8.2
EPSS
1.7%
CVE-2019-10446 HIGH PATCH This Week

Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Cadence Vmanager
NVD
CVSS 3.1
8.2
EPSS
1.0%
CVE-2019-2937 HIGH PATCH This Week

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Hospitality Reporting And Analytics
NVD
CVSS 3.1
8.1
EPSS
1.6%
CVE-2019-2934 HIGH PATCH This Week

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Hospitality Reporting And Analytics
NVD
CVSS 3.1
8.1
EPSS
1.4%
CVE-2019-2891 HIGH PATCH This Week

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Oracle Weblogic Server
NVD
CVSS 3.1
8.1
EPSS
1.6%
CVE-2019-15252 HIGH This Week

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Spa112 Firmware Spa122 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.6%
CVE-2019-15251 HIGH This Week

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Spa112 Firmware Spa122 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.6%
CVE-2019-15250 HIGH This Week

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Spa112 Firmware Spa122 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.6%
CVE-2019-15249 HIGH This Week

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Spa112 Firmware Spa122 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.6%
CVE-2019-15248 HIGH This Week

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Spa112 Firmware Spa122 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.6%
CVE-2019-15247 HIGH This Week

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Spa112 Firmware Spa122 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.6%
CVE-2019-15246 HIGH This Week

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Spa112 Firmware Spa122 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.6%
CVE-2019-15245 HIGH This Week

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Spa112 Firmware Spa122 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.6%
CVE-2019-15244 HIGH This Week

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Spa112 Firmware Spa122 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.6%
CVE-2019-15243 HIGH This Week

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Spa112 Firmware Spa122 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.6%
CVE-2019-15242 HIGH This Week

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Spa112 Firmware Spa122 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.6%
CVE-2019-15241 HIGH This Week

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Spa112 Firmware Spa122 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.6%
CVE-2019-15240 HIGH This Week

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Spa112 Firmware Spa122 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.6%
CVE-2019-17664 HIGH This Week

NSA Ghidra through 9.0.4 uses a potentially untrusted search path. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Java Python Information Disclosure Ghidra
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-10453 HIGH This Week

Jenkins Delphix Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Delphix
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-4031 HIGH This Week

IBM Workload Scheduler Distributed 9.2, 9.3, 9.4, and 9.5 contains a vulnerability that could allow a local user to write files as root in the file system, which could allow the attacker to gain root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Tivoli Workload Scheduler
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-2986 HIGH PATCH This Week

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: LLVM Interpreter). Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Graalvm
NVD
CVSS 3.1
7.7
EPSS
1.3%
CVE-2019-2932 HIGH PATCH This Week

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Tree Manager). Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
7.7
EPSS
1.3%
CVE-2019-15262 HIGH This Week

A vulnerability in the Secure Shell (SSH) session management for Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco 5520 Wireless Lan Controller Firmware 5508 Wireless Lan Controller Firmware
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-2965 HIGH PATCH This Week

Vulnerability in the Siebel Core - DB Deployment and Configuration product of Oracle Siebel CRM (component: Install - Configuration). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Siebel Crm
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2019-2900 HIGH PATCH This Week

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Business Intelligence
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-2895 HIGH PATCH This Week

Vulnerability in the Enterprise Manager for Exadata product of Oracle Enterprise Manager (component: Exadata Plug-In Deploy and Ins). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Information Disclosure Oracle Enterprise Manager
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2019-16682 HIGH PATCH This Week

The url_redirect (aka URL redirect) extension through 1.2.1 for TYPO3 fails to properly sanitize user input and is susceptible to SQL Injection. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Url Redirect
NVD
CVSS 3.1
7.3
EPSS
0.8%
CVE-2019-2972 HIGH PATCH This Week

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Outside In Technology
NVD
CVSS 3.1
7.3
EPSS
1.4%
CVE-2019-2971 HIGH PATCH This Week

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Outside In Technology
NVD
CVSS 3.1
7.3
EPSS
1.4%
CVE-2019-2970 HIGH PATCH This Week

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Outside In Technology
NVD
CVSS 3.1
7.3
EPSS
1.4%
CVE-2019-2944 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Denial Of Service Oracle Vm Virtualbox
NVD
CVSS 3.1
7.3
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy