Skip to main content
CVE-2019-9926 HIGH POC This Week

An issue was discovered in LabKey Server 19.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Labkey Server
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2019-9757 HIGH POC THREAT This Week

An issue was discovered in LabKey Server 19.1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Labkey Server
NVD GitHub
CVSS 3.1
7.5
EPSS
37.3%
CVE-2019-18608 HIGH POC This Week

Cezerin v0.33.0 allows unauthorized order-information modification because certain internal attributes can be overwritten via a conflicting name when processing order requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cezerin
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-16647 HIGH POC This Week

Unquoted Search Path in Maxthon 5.1.0 to 5.2.7 Browser for Windows. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Maxthon Browser
NVD
CVSS 3.1
7.2
EPSS
2.0%
CVE-2019-3976 HIGH This Week

RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mikrotik Information Disclosure Routeros
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2019-10208 HIGH This Week

A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PostgreSQL
NVD VulDB
CVSS 3.1
8.8
EPSS
2.2%
CVE-2019-4546 HIGH This Week

After installing the IBM Maximo Health- Safety and Environment Manager 7.6.1, a user is granted additional privileges that they are not normally allowed to access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Maximo For Oil And Gas Maximo Health Safety And Environment Manager
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2019-6848 HIGH This Week

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 CPU (BMEx58*) and Modicon M580 communication module (BMENOC0311, BMENOC0321) (see notification for version. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Modicon M580 Firmware Modicon Bmenoc 0311 Firmware Modicon Bmenoc 0321 Firmware
NVD
CVSS 3.1
8.6
EPSS
33.0%
CVE-2019-6851 HIGH This Week

A CWE-538: File and Directory Information Exposure vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Modicon M580 Firmware Modicon M340 Firmware Tsxmcpc002M Firmware Tsxmcpc512K Firmware +19
NVD
CVSS 3.1
7.5
EPSS
29.9%
CVE-2019-6850 HIGH This Week

A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when reading specific. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Modicon M580 Firmware Modicon Bmenoc 0311 Firmware Modicon Bmenoc 0321 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-6849 HIGH This Week

A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when using specific. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Modicon M580 Firmware Modicon Bmenoc 0311 Firmware Modicon Bmenoc 0321 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-6845 HIGH This Week

A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Modicon M580 Firmware Modicon M340 Firmware Tsxmcpc002M Firmware Tsxmcpc512K Firmware +19
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-3979 HIGH This Week

RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mikrotik Information Disclosure Routeros
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2019-3978 HIGH POC THREAT This Week

RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mikrotik Routeros
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
10.3%
CVE-2019-3977 HIGH This Week

RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mikrotik Information Disclosure Routeros
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-18602 HIGH This Week

OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an information disclosure vulnerability because uninitialized scalars are sent over the network to a peer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openafs Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-18601 HIGH This Week

OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attackers can make a series of VOTE_Debug RPC calls to crash a database server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Deserialization Openafs
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-15681 HIGH PATCH This Week

LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Libvncserver Ubuntu Linux Debian Linux Simatic Itc1500 Firmware +5
NVD GitHub
CVSS 3.1
7.5
EPSS
3.3%
CVE-2019-15680 HIGH This Week

TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Tightvnc
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2019-0210 HIGH PATCH This Week

In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Apache Information Disclosure Thrift Jboss Enterprise Application Platform +1
NVD
CVSS 3.1
7.5
EPSS
6.8%
CVE-2019-0205 HIGH PATCH This Week

In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Apache Thrift Jboss Enterprise Application Platform Communications Cloud Native Core Network Slice Selection Function
NVD
CVSS 3.1
7.5
EPSS
9.1%
CVE-2019-4339 HIGH PATCH This Week

IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium Big Data Intelligence
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-4314 HIGH PATCH This Week

IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores sensitive information in cleartext within a resource that might be accessible to another control sphere. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium Big Data Intelligence
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-10210 HIGH This Week

Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file. Rated high severity (CVSS 7.0). No vendor patch available.

PostgreSQL Microsoft Information Disclosure
NVD
CVSS 3.1
7.0
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy