Skip to main content
CVE-2019-17661 HIGH POC This Week

A CSV injection in the codepress-admin-columns (aka Admin Columns) plugin 3.4.6 for WordPress allows malicious users to gain remote control of other computers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Microsoft WordPress Admin Columns
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2019-3426 HIGH This Week

The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by the input validation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zte Zxupn 9000E Firmware
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2019-3425 HIGH This Week

The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by vulnerability of permission and access control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Information Disclosure Zxupn 9000E Firmware
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2019-16205 HIGH This Week

A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brocade Sannav
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2019-13539 HIGH This Week

Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Valleylab Exchange Client Valleylab Ft10 Energy Platform Firmware Valleylab Fx8 Energy Platform Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-16207 HIGH This Week

Brocade SANnav versions before v2.0 use a hard-coded password, which could allow local authenticated attackers to access a back-end database and gain privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Brocade Sannav
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-13543 HIGH This Week

Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Valleylab Exchange Client Valleylab Ft10 Energy Platform Firmware Valleylab Fx8 Energy Platform Firmware
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2019-12410 HIGH PATCH This Week

While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Python Apache Arrow
NVD
CVSS 3.1
7.5
EPSS
4.7%
CVE-2019-12408 HIGH PATCH This Week

It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Python Apache Arrow
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2019-16208 HIGH This Week

Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brocade Sannav
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2019-10222 HIGH PATCH This Week

A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Ceph Ceph Storage Fedora
NVD
CVSS 3.1
7.5
EPSS
4.6%
CVE-2019-16209 HIGH This Week

A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Brocade Sannav
NVD
CVSS 3.1
7.4
EPSS
0.7%
CVE-2019-17327 HIGH PATCH This Week

JEUS 7 Fix#0~5 and JEUS 8Fix#0~1 versions contains a directory traversal vulnerability caused by improper input parameter check when uploading installation file in administration web page. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal RCE Jeus
NVD
CVSS 3.1
7.2
EPSS
2.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy