Skip to main content
CVE-2019-18852 CRITICAL POC Act Now

Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/image_sign or /etc/alpha_config/image_sign. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dir 600 B1 Firmware Dir 615 J1 Firmware Dir 645 A1 Firmware +4
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-18836 HIGH POC This Week

Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection being able to keep a worker thread in an infinite busy loop when. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Envoy Istio
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2019-18849 MEDIUM POC PATCH This Month

In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Tnef Fedora Ubuntu Linux +1
NVD GitHub
CVSS 3.1
5.5
EPSS
1.2%
CVE-2019-18862 HIGH POC This Week

maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Mailutils
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.1%
CVE-2019-18857 HIGH PATCH This Week

darylldoyle svg-sanitizer before 0.12.0 mishandles script and data values in attributes, as demonstrated by unexpected whitespace such as in the javascript	:alert substring. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Svg Sanitizer
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-18856 HIGH PATCH This Week

A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Denial Of Service Svg Sanitizer
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-18855 HIGH This Week

A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to potentially unwanted elements or attributes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service WordPress Safe Svg
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2019-18854 HIGH This Week

A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '<use ... Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service WordPress Safe Svg
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2019-18841 HIGH PATCH This Week

Chartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem before 3.3.0 for Ruby, allows prototype pollution. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Chartkick Js
NVD GitHub
CVSS 3.1
7.3
EPSS
1.4%
CVE-2019-18853 MEDIUM PATCH This Month

ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy