Skip to main content
CVE-2019-18818 CRITICAL POC PATCH THREAT Act Now

strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Strapi
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
97.6%
CVE-2019-17605 HIGH POC This Week

A mass assignment vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to take over another candidate's account (by also exploiting CVE-2019-17604) via a modified candidate id and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Eyecms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2019-12331 HIGH POC PATCH This Week

PHPOffice PhpSpreadsheet before 1.8.0 has an XXE issue. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Phpspreadsheet
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-18804 HIGH POC This Week

DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Djvulibre Debian Linux Fedora +2
NVD GitHub
CVSS 3.1
7.5
EPSS
3.7%
CVE-2019-18816 MEDIUM POC This Month

po-admin/route.php?mod=post&act=edit in PopojiCMS 2.0.1 allows post[1][content]= stored XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Popojicms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-18815 MEDIUM POC This Month

PopojiCMS 2.0.1 allows refer= Open Redirection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Popojicms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-17222 MEDIUM POC This Month

An issue was discovered on Intelbras WRN 150 1.0.17 devices. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Denial Of Service Wrn 150 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-16872 CRITICAL Act Now

Portainer before 1.22.1 has Incorrect Access Control (issue 1 of 4). Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Portainer
NVD
CVSS 3.1
9.9
EPSS
1.4%
CVE-2019-11996 CRITICAL Act Now

Potential security vulnerabilities have been identified with HPE Nimble Storage systems in multi array group configurations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nimbleos
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-18814 CRITICAL PATCH Act Now

An issue was discovered in the Linux kernel through 5.3.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2019-18805 CRITICAL PATCH Act Now

An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Denial Of Service Integer Overflow Linux Linux Kernel Leap +15
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2019-18821 MEDIUM POC This Month

Eximious Logo Designer 3.82 has a User Mode Write AV starting at ExiCustomPathLib!ExiCustomPathLib::CGradientColorsProfile::BuildGradientColorsTable+0x0000000000000053. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Logo Designer
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-18820 MEDIUM POC This Month

Eximious Logo Designer 3.82 has Heap Corruption starting at ntdll!RtlpNtMakeTemporaryKey+0x0000000000001a78. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Logo Designer
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-18819 MEDIUM POC This Month

Eximious Logo Designer 3.82 has a User Mode Write AV starting at ExiVectorRender!StrokeText_Blend+0x00000000000003a7. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Logo Designer
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-3465 HIGH PATCH This Week

Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Jwt Attack Information Disclosure Xmlseclibs Debian Linux Simplesamlphp
NVD GitHub
CVSS 3.1
8.8
EPSS
3.0%
CVE-2019-16877 HIGH This Week

Portainer before 1.22.1 has Incorrect Access Control (issue 4 of 4). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Portainer
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2019-17604 MEDIUM POC This Month

An Insecure Direct Object Reference (IDOR) vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to change other candidates' personal information (first name, last name, email, CV,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Eyecms
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2019-18813 HIGH PATCH This Week

A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel Ubuntu Linux
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2019-18812 HIGH PATCH This Week

A memory leak in the sof_dfsentry_write() function in sound/soc/sof/debug.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-c0a333d842ef. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.1
7.5
EPSS
3.3%
CVE-2019-18810 HIGH PATCH This Week

A memory leak in the komeda_wb_connector_add() function in drivers/gpu/drm/arm/display/komeda/komeda_wb_connector.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel Ubuntu Linux
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2019-18807 HIGH PATCH This Week

Two memory leaks in the sja1105_static_config_upload() function in drivers/net/dsa/sja1105/sja1105_spi.c in the Linux kernel before 5.3.5 allow attackers to cause a denial of service (memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2019-16876 HIGH This Week

Portainer before 1.22.1 allows Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Portainer
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-15004 HIGH This Week

The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Path Traversal Jira Service Desk
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2019-16874 MEDIUM This Month

Portainer before 1.22.1 has Incorrect Access Control (issue 2 of 4). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Portainer
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-3422 MEDIUM This Month

The Sec Consult Security Lab reported an information disclosure vulnerability in MF910S product to ZTE PSIRT in October 2019. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Zte Information Disclosure Mf910S Firmware
NVD
CVSS 3.1
6.2
EPSS
1.0%
CVE-2019-18811 MEDIUM PATCH This Month

A memory leak in the sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Fedora Enterprise Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-18808 MEDIUM PATCH This Month

A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Fedora Leap +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-18806 MEDIUM PATCH This Month

A memory leak in the ql_alloc_large_buffers() function in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux kernel before 5.3.5 allows local users to cause a denial of service (memory consumption). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-16878 MEDIUM This Month

Portainer before 1.22.1 has XSS (issue 2 of 2). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Portainer
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2019-16873 MEDIUM This Month

Portainer before 1.22.1 has XSS (issue 1 of 2). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Portainer
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2019-15003 MEDIUM This Month

The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Path Traversal Jira Service Desk
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2019-6337 MEDIUM This Month

For the printers listed a maliciously crafted print file might cause certain HP Inkjet printers to assert. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

HP Information Disclosure D9l63a Firmware D9l64a Firmware T0g70a Firmware +38
NVD
CVSS 3.1
5.2
EPSS
0.4%
CVE-2019-18809 MEDIUM PATCH This Month

A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel Ubuntu Linux Debian Linux +2
NVD GitHub
CVSS 3.1
4.6
EPSS
0.5%
CVE-2019-3764 MEDIUM This Month

Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Idrac7 Firmware Idrac8 Firmware Idrac9 Firmware
NVD
CVSS 3.1
4.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy