Skip to main content
CVE-2019-17211 CRITICAL POC Act Now

An integer overflow was discovered in the CoAP library in Arm Mbed OS 5.14.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Mbed
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2019-5089 HIGH POC This Week

An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional 4.0.7 x64. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Buffer Overflow Able2Extract
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2019-5088 HIGH POC This Week

An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional 14.0.7 x64. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Able2Extract
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2019-3685 HIGH POC This Week

Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Open Build Service
NVD
CVSS 3.1
7.7
EPSS
0.7%
CVE-2019-17221 HIGH POC This Week

PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Phantomjs
NVD
CVSS 3.1
7.5
EPSS
3.4%
CVE-2019-10223 MEDIUM POC PATCH This Month

A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Kube State Metrics Openshift Container Platform
NVD GitHub
CVSS 3.1
6.5
EPSS
1.8%
CVE-2019-8121 CRITICAL PATCH Act Now

An insecure component vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Adobe Magento
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2019-18780 CRITICAL PATCH Act Now

An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Command Injection Access Access Appliance Flex Appliance +3
NVD
CVSS 3.1
9.8
EPSS
6.1%
CVE-2019-17212 CRITICAL Act Now

Buffer overflows were discovered in the CoAP library in Arm Mbed OS 5.14.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mbed
NVD GitHub
CVSS 3.1
9.8
EPSS
3.1%
CVE-2019-8127 HIGH PATCH This Week

A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Privilege Escalation Adobe Magento
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2019-8122 HIGH PATCH This Week

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Adobe Magento
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2019-8111 HIGH PATCH This Week

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Adobe Magento
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2019-8110 HIGH PATCH This Week

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Adobe Magento
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2019-8093 HIGH PATCH This Week

An arbitrary file access vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Adobe Magento
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2019-17062 HIGH This Week

An issue was discovered in OXID eShop 6.x before 6.0.6 and 6.1.x before 6.1.5, OXID eShop Enterprise Edition Version 5.2.x-5.3.x, OXID eShop Professional Edition Version 4.9.x-4.10.x and OXID eShop. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Session Fixation Eshop
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-5068 MEDIUM POC PATCH This Month

An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Mesa Leap Debian Linux Ubuntu Linux
NVD
CVSS 3.1
4.4
EPSS
0.5%
CVE-2019-8109 HIGH PATCH This Week

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

RCE Adobe CSRF Magento
NVD
CVSS 3.1
8.0
EPSS
0.9%
CVE-2019-18631 HIGH PATCH This Week

The Windows component of Centrify Authentication and Privilege Elevation Services 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.5.0, 3.5.1 (18.8), 3.5.2 (18.11), and 3.6.0 (19.6) does not properly handle an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Microsoft RCE Deserialization Authentication Service Privilege Elevation Service
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2019-15966 HIGH This Week

A vulnerability in the web application of Cisco TelePresence Advanced Media Gateway could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Telepresence Advanced Media Gateway
NVD
CVSS 3.1
7.7
EPSS
1.2%
CVE-2019-8116 HIGH PATCH This Week

Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Session Fixation Information Disclosure Adobe Magento
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2019-8112 HIGH PATCH This Week

A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Adobe Magento
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2019-10084 HIGH This Week

In Apache Impala 2.7.0 to 3.2.0, an authenticated user with access to the IDs of active Impala queries or sessions can interact with those sessions or queries via a specially-constructed request and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Apache Impala
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-1789 HIGH This Week

ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Clamav
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-12625 HIGH This Week

ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Clamav
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2019-17598 HIGH PATCH This Week

An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Play Framework
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2019-8125 HIGH This Week

A remote code execution vulnerability exists in Magento 1 prior to 1.9.x and 1.14.x. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Adobe Magento
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2019-8119 HIGH PATCH This Week

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Adobe Magento
NVD
CVSS 3.1
7.2
EPSS
1.9%
CVE-2019-8114 HIGH PATCH This Week

A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Adobe Magento
NVD
CVSS 3.1
7.2
EPSS
1.9%
CVE-2019-8091 HIGH This Week

A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Adobe Magento
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2019-16284 HIGH This Week

A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE 260 G1 Dm Firmware 280 Pro G1 Firmware 285 G2 Firmware +99
NVD
CVSS 3.1
7.2
EPSS
2.0%
CVE-2019-8108 MEDIUM PATCH This Month

Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Adobe Magento
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-8107 MEDIUM PATCH This Month

An arbitrary file deletion vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Adobe Magento
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2019-8090 MEDIUM PATCH This Month

An arbitrary file deletion vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Adobe Magento
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2019-1877 MEDIUM This Month

A vulnerability in the HTTP API of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to download files attached through chat sessions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Enterprise Chat And Email
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-6142 MEDIUM This Month

It has been reported that XSS is possible in Forcepoint Email Security, versions 8.5 and 8.5.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Email Security Security Manager
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2019-1981 MEDIUM This Month

A vulnerability in the normalization functionality of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Firepower Services Software For Asa Firepower Threat Defense Secure Firewall Management Center
NVD
CVSS 3.1
5.8
EPSS
1.0%
CVE-2019-1978 MEDIUM POC This Month

A vulnerability in the stream reassembly component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Firepower Services Software For Asa Firepower Threat Defense Secure Firewall Management Center
NVD Exploit-DB
CVSS 3.1
5.8
EPSS
9.4%
CVE-2019-1734 MEDIUM This Month

A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to view sensitive system files that. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Firepower Extensible Operating System Nx Os
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-8120 MEDIUM PATCH This Month

A stored cross-site scripting (XSS) vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Adobe Magento
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-8117 MEDIUM PATCH This Month

A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Adobe Magento
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-8092 MEDIUM PATCH This Month

A reflected cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Adobe Magento
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-8123 MEDIUM PATCH This Month

An insufficient logging and monitoring vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Adobe Magento
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2019-8118 MEDIUM PATCH This Month

Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 uses weak cryptographic function to store the failed login attempts for customer accounts. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Adobe Magento
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2019-8113 MEDIUM PATCH This Month

Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1 uses cryptographically weak random number generator to brute-force the confirmation code for customer registration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Adobe Magento
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2019-1982 MEDIUM This Month

A vulnerability in the HTTP traffic filtering component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Firepower Services Software For Asa Firepower Threat Defense Secure Firewall Management Center
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2019-1980 MEDIUM This Month

A vulnerability in the protocol detection component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Firepower Services Software For Asa Firepower Threat Defense Secure Firewall Management Center
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2019-8126 MEDIUM PATCH This Month

An XML entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Information Disclosure Adobe Magento
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2019-8124 MEDIUM PATCH This Month

An insufficient logging and monitoring vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Adobe Magento
NVD
CVSS 3.1
4.9
EPSS
1.0%
CVE-2019-8115 MEDIUM PATCH This Month

A reflected cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.

XSS Adobe Magento
NVD
CVSS 3.1
4.8
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy