Skip to main content
CVE-2019-18884 HIGH POC This Week

index.php/team_members/add_team_member in RISE Ultimate Project Manager 2.3 has CSRF for adding authorized users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Rise Ultimate Project Manager
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2019-18931 HIGH POC This Week

Western Digital My Cloud EX2 Ultra firmware 2.31.195 allows a Buffer Overflow with Extended Instruction Pointer (EIP) control via crafted GET/POST parameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow My Cloud Ex2 Ultra Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.2%
CVE-2019-18930 HIGH POC This Week

Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest account) to remotely execute arbitrary code via a stack-based buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption My Cloud Ex2 Ultra Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
3.2%
CVE-2019-18929 HIGH POC This Week

Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest accounts) to remotely execute arbitrary code via a download_mgr.cgi stack-based buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption My Cloud Ex2 Ultra Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.9%
CVE-2019-15948 HIGH POC This Week

Texas Instruments CC256x and WL18xx dual-mode Bluetooth controller devices, when LE scan mode is used, allow remote attackers to trigger a buffer overflow via a malformed Bluetooth Low Energy. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow RCE Cc256Xc Bt Sp Firmware Cc256Xb Bt Sp Firmware +1
NVD GitHub
CVSS 3.1
8.8
EPSS
2.5%
CVE-2019-18951 HIGH POC THREAT This Week

SibSoft Xfilesharing through 2.5.1 allows op=page&tmpl=../ directory traversal to read arbitrary files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Xfilesharing
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
19.8%
CVE-2019-3660 HIGH This Week

Improper Neutralization of HTTP requests in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute commands on the server remotely via carefully constructed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Advanced Threat Defense
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-3651 HIGH This Week

Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to ePO as an administrator via using the atduser. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Advanced Threat Defense
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2019-0389 HIGH This Week

An administrator of SAP NetWeaver Application Server Java (J2EE-Framework), (corrected in versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), may change privileges for all or some functions in Java Server, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure SAP Netweaver Application Server Java
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2019-2206 HIGH This Week

In rw_i93_sm_set_read_only of rw_i93.cc, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-18279 HIGH This Week

In Phoenix SCT WinFlash 1.1.12.0 through 1.5.74.0, the included drivers could be used by a malicious Windows application to gain elevated privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Securecore Technology
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2019-5233 HIGH This Week

Huawei smartphones with versions earlier than Taurus-AL00B 10.0.0.41(SP2C00E41R3P2) have an improper authentication vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei Taurus Al00B Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2019-18837 HIGH This Week

An issue was discovered in crun before 0.10.5. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Crun Fedora
NVD GitHub
CVSS 3.1
8.6
EPSS
1.4%
CVE-2019-2210 HIGH This Week

In load_logging_config of qmi_vs_service.cc, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-2214 HIGH This Week

In binder_transaction of binder.c, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Privilege Escalation Memory Corruption Android +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-2207 HIGH This Week

In nfa_hci_handle_admin_gate_rsp of nfa_hci_act.cc, there is a possible out of bound write due to missing bounds checks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-2203 HIGH This Week

In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-2202 HIGH This Week

In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-2201 HIGH This Week

In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow RCE Memory Corruption Android +1
NVD
CVSS 3.1
7.8
EPSS
2.5%
CVE-2019-2195 HIGH This Week

In tokenize of sqlite3_android.cpp, there is a possible attacker controlled INSERT statement due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-2193 HIGH This Week

In WelcomeActivity.java and related files, there is a possible permissions bypass due to a partially provisioned Device Policy Client. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Java Google Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-2192 HIGH This Week

In call of SliceProvider.java, there is a possible permissions bypass due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-5288 HIGH This Week

P30 smart phones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an integer overflow vulnerability due to insufficient check on specific parameters. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE P30 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2019-5287 HIGH This Week

P30 smart phones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an integer overflow vulnerability due to insufficient check on specific parameters. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE P30 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2019-5282 HIGH This Week

Bastet module of some Huawei smartphones with Versions earlier than Emily-AL00A 9.0.0.182(C00E82R1P21), Versions earlier than Emily-TL00B 9.0.0.182(C01E82R1P21), Versions earlier than Emily-L09C. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei RCE Emily Al00A Firmware Emily Tl00B Firmware Emily L09C Firmware +4
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2019-18397 HIGH PATCH This Week

A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Denial Of Service Buffer Overflow RCE Fribidi Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
2.2%
CVE-2019-18844 HIGH PATCH This Week

The Device Model in ACRN before 2019w25.5-140000p relies on assert calls in devicemodel/hw/pci/core.c and devicemodel/include/pci_core.h (instead of other mechanisms for propagating error information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Acrn
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-2211 HIGH This Week

In createProjectionMapForQuery of TvProvider.java, there is possible SQL injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Information Disclosure Google Android
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2019-2208 HIGH This Week

In PromiseBuiltinsAssembler::NewPromiseCapability of builtins-promise.cc, there is a possible out of bounds read in v8 JIT code due to a bug in code generation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-5294 HIGH This Week

There is an out of bound read vulnerability in some Huawei products. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Buffer Overflow Information Disclosure Ar120 S Firmware Ar1200 Firmware +14
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2019-5289 HIGH This Week

Gauss100 OLTP database in ManageOne with versions of 6.5.0 have an out-of-bounds read vulnerability due to the insufficient checks of the specific packet length. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Manageone
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2019-2213 HIGH This Week

In binder_free_transaction of binder.c, there is a possible use-after-free due to a race condition. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Race Condition Privilege Escalation Google Android
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2019-0396 HIGH This Week

SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), corrected in versions 4.1 and 4.2, does not sufficiently validate an XML document accepted from an untrusted. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
7.1
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy