Skip to main content
CVE-2019-18836 HIGH POC This Week

Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection being able to keep a worker thread in an infinite busy loop when. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Envoy Istio
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2019-18862 HIGH POC This Week

maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Mailutils
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.1%
CVE-2019-18857 HIGH PATCH This Week

darylldoyle svg-sanitizer before 0.12.0 mishandles script and data values in attributes, as demonstrated by unexpected whitespace such as in the javascript	:alert substring. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Svg Sanitizer
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-18856 HIGH PATCH This Week

A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Denial Of Service Svg Sanitizer
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-18855 HIGH This Week

A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to potentially unwanted elements or attributes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service WordPress Safe Svg
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2019-18854 HIGH This Week

A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '<use ... Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service WordPress Safe Svg
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2019-18841 HIGH PATCH This Week

Chartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem before 3.3.0 for Ruby, allows prototype pollution. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Chartkick Js
NVD GitHub
CVSS 3.1
7.3
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy