Skip to main content
CVE-2019-17661 HIGH POC This Week

A CSV injection in the codepress-admin-columns (aka Admin Columns) plugin 3.4.6 for WordPress allows malicious users to gain remote control of other computers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Microsoft WordPress Admin Columns
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2019-10219 MEDIUM POC PATCH This Month

A vulnerability was found in Hibernate-Validator. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hibernate Validator Fuse Jboss Data Grid Jboss Enterprise Application Platform +184
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2019-18623 CRITICAL Act Now

Escalation of privileges in EnergyCAP 7 through 7.5.6 allows an attacker to access data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Energycap
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-18835 CRITICAL PATCH Act Now

Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Synapse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-3426 HIGH This Week

The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by the input validation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zte Zxupn 9000E Firmware
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2019-3425 HIGH This Week

The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by vulnerability of permission and access control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Information Disclosure Zxupn 9000E Firmware
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2019-16205 HIGH This Week

A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brocade Sannav
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2019-13539 HIGH This Week

Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Valleylab Exchange Client Valleylab Ft10 Energy Platform Firmware Valleylab Fx8 Energy Platform Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-16207 HIGH This Week

Brocade SANnav versions before v2.0 use a hard-coded password, which could allow local authenticated attackers to access a back-end database and gain privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Brocade Sannav
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-13543 HIGH This Week

Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Valleylab Exchange Client Valleylab Ft10 Energy Platform Firmware Valleylab Fx8 Energy Platform Firmware
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2019-12410 HIGH PATCH This Week

While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Python Apache Arrow
NVD
CVSS 3.1
7.5
EPSS
4.7%
CVE-2019-12408 HIGH PATCH This Week

It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Python Apache Arrow
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2019-16208 HIGH This Week

Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brocade Sannav
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2019-10222 HIGH PATCH This Week

A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Ceph Ceph Storage Fedora
NVD
CVSS 3.1
7.5
EPSS
4.6%
CVE-2019-16209 HIGH This Week

A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Brocade Sannav
NVD
CVSS 3.1
7.4
EPSS
0.7%
CVE-2019-17327 HIGH PATCH This Week

JEUS 7 Fix#0~5 and JEUS 8Fix#0~1 versions contains a directory traversal vulnerability caused by improper input parameter check when uploading installation file in administration web page. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal RCE Jeus
NVD
CVSS 3.1
7.2
EPSS
2.7%
CVE-2019-14860 MEDIUM This Month

It was found that the Syndesis configuration for Cross-Origin Resource Sharing was set to allow all origins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cors Misconfiguration Fuse Syndesis
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-14824 MEDIUM This Month

A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure 389 Directory Server Enterprise Linux Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2019-16210 MEDIUM This Month

Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Brocade Sannav
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-16206 MEDIUM This Month

The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credentials at the ‘trace’ and the 'debug' logging level; which could allow a local authenticated attacker. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Brocade Sannav
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-3866 MEDIUM This Month

An information-exposure vulnerability was discovered where openstack-mistral's undercloud log files containing clear-text information were made world readable. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openstack Mistral
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-13557 MEDIUM This Month

In Tasy EMR, Tasy WebPortal Versions 3.02.1757 and prior, there is an information exposure vulnerability which may allow a remote attacker to access system and configuration information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tasy Emr Tasy Webportal
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2019-13535 MEDIUM This Month

In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN-not available in the United States) version. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Valleylab Ft10 Energy Platform Firmware Valleylab Ls10 Energy Platform Firmware
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2019-13531 MEDIUM This Month

In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN-not available in the United States) version. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Valleylab Ft10 Energy Platform Firmware Valleylab Ls10 Energy Platform Firmware
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2019-15005 MEDIUM This Month

The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Atlassian Troubleshooting And Support Bamboo Bitbucket +5
NVD
CVSS 3.1
4.3
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy