Skip to main content
CVE-2019-12148 CRITICAL POC Act Now

The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to an authentication bypass via an argument injection vulnerability involving special characters in the username. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Session Border Controller Firmware
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2019-12147 CRITICAL POC Act Now

The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to Argument Injection via special characters in the username field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP Session Border Controller Firmware
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2019-17424 HIGH POC THREAT This Week

A stack-based buffer overflow in the processPrivilage() function in IOS/process-general.c in nipper-ng 0.11.10 allows remote attackers (serving firewall configuration files) to achieve Remote Code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Apple RCE Memory Corruption +1
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
13.4%
CVE-2019-12967 MEDIUM POC PATCH This Month

Stephan Mooltipass Moolticute through 0.42.1 (and possibly earlier versions) has Incorrect Access Control. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Moolticute
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-17189 MEDIUM POC This Month

totemodata 3.0.0_b936 has XSS via a folder name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Totemodata
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2019-4523 HIGH This Week

IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow IBM RCE Db2 High Performance Unload Load
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-12290 HIGH PATCH This Week

GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Libidn2
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2019-10079 HIGH This Week

Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apache Traffic Server
NVD
CVSS 3.1
7.5
EPSS
4.6%
CVE-2019-16973 MEDIUM PATCH This Month

In FusionPBX up to 4.5.7, the file app\contacts\contact_edit.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Fusionpbx
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-16972 MEDIUM PATCH This Month

In FusionPBX up to 4.5.7, the file app\contacts\contact_addresses.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Fusionpbx
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-16971 MEDIUM PATCH This Month

In FusionPBX up to 4.5.7, the file app\messages\messages_thread.php uses an unsanitized "contact_uuid" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Fusionpbx
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-8089 MEDIUM PATCH This Month

Adobe Experience Manager Forms versions 6.3-6.5 have a reflected cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Information Disclosure Adobe Experience Manager Forms
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2019-11674 MEDIUM This Month

Man-in-the-middle vulnerability in Micro Focus Self Service Password Reset, affecting all versions prior to 4.4.0.4. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Netiq Self Service Password Reset
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2019-15587 MEDIUM PATCH This Month

In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Loofah Fedora Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
5.4
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy