Skip to main content
CVE-2019-17605 HIGH POC This Week

A mass assignment vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to take over another candidate's account (by also exploiting CVE-2019-17604) via a modified candidate id and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Eyecms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2019-12331 HIGH POC PATCH This Week

PHPOffice PhpSpreadsheet before 1.8.0 has an XXE issue. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Phpspreadsheet
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-18804 HIGH POC This Week

DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Djvulibre Debian Linux Fedora +2
NVD GitHub
CVSS 3.1
7.5
EPSS
3.7%
CVE-2019-3465 HIGH PATCH This Week

Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Jwt Attack Information Disclosure Xmlseclibs Debian Linux Simplesamlphp
NVD GitHub
CVSS 3.1
8.8
EPSS
3.0%
CVE-2019-16877 HIGH This Week

Portainer before 1.22.1 has Incorrect Access Control (issue 4 of 4). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Portainer
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2019-18813 HIGH PATCH This Week

A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel Ubuntu Linux
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2019-18812 HIGH PATCH This Week

A memory leak in the sof_dfsentry_write() function in sound/soc/sof/debug.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-c0a333d842ef. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.1
7.5
EPSS
3.3%
CVE-2019-18810 HIGH PATCH This Week

A memory leak in the komeda_wb_connector_add() function in drivers/gpu/drm/arm/display/komeda/komeda_wb_connector.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel Ubuntu Linux
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2019-18807 HIGH PATCH This Week

Two memory leaks in the sja1105_static_config_upload() function in drivers/net/dsa/sja1105/sja1105_spi.c in the Linux kernel before 5.3.5 allow attackers to cause a denial of service (memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2019-16876 HIGH This Week

Portainer before 1.22.1 allows Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Portainer
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-15004 HIGH This Week

The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Path Traversal Jira Service Desk
NVD
CVSS 3.1
7.5
EPSS
3.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy