Skip to main content
CVE-2019-12758 MEDIUM POC This Month

Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to an unsigned code execution vulnerability, which may allow an individual to execute code without a resident proper digital. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Endpoint Protection
NVD
CVSS 3.1
6.7
EPSS
0.7%
CVE-2019-16762 MEDIUM POC PATCH This Month

A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slpjs npm package. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Node.js Information Disclosure Slpjs
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-13582 CRITICAL Act Now

An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow RCE Memory Corruption 88W8688 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2019-13581 CRITICAL Act Now

An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow RCE Memory Corruption 88W8688 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2019-14345 CRITICAL PATCH Act Now

TemaTres 3.0 allows remote unprivileged users to create an administrator account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Tematres
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2019-18985 CRITICAL PATCH Act Now

Pimcore before 6.2.2 lacks brute force protection for the 2FA token. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Pimcore
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2019-18981 CRITICAL PATCH Act Now

Pimcore before 6.2.2 lacks an Access Denied outcome for a certain scenario of an incorrect recipient ID of a notification. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Pimcore
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2019-18928 CRITICAL PATCH Act Now

Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Imap Fedora Debian Linux
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2019-14343 MEDIUM POC PATCH This Month

TemaTres 3.0 has stored XSS via the value parameter to the vocab/admin.php?vocabulario_id=list URI. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS PHP Tematres
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2019-14869 HIGH PATCH This Week

A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER`. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Ghostscript Fedora Leap
NVD
CVSS 3.1
8.8
EPSS
3.4%
CVE-2019-18372 HIGH This Week

Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Endpoint Protection
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-12759 HIGH PATCH This Week

Symantec Endpoint Protection Manager (SEPM) and Symantec Mail Security for MS Exchange (SMSMSE), prior to versions 14.2 RU2 and 7.5.x respectively, may be susceptible to a privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Microsoft Endpoint Protection Manager Mail Security
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-12757 HIGH This Week

Symantec Endpoint Protection (SEP), prior to 14.2 RU2 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to 12.1 RU6 MP10d (12.1.7510.7002), may be susceptible to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Endpoint Protection
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-6664 HIGH This Week

On BIG-IP 15.0.0 and 14.1.0-14.1.0.6, under certain conditions, network protections on the management port do not follow current best practices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +9
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2019-6661 HIGH This Week

When the BIG-IP APM 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.4.1, or 11.5.1-11.6.5 system processes certain requests, the APD/APMD daemon may consume excessive resources. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Access Policy Manager
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-6660 HIGH This Week

On BIG-IP 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.1, undisclosed HTTP requests may consume excessive amounts of systems resources which may lead to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +9
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-6659 HIGH This Week

On version 14.0.0-14.1.0.1, BIG-IP virtual servers with TLSv1.3 enabled may experience a denial of service due to undisclosed incoming messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +9
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2019-18986 HIGH PATCH This Week

Pimcore before 6.2.2 allow attackers to brute-force (guess) valid usernames by using the 'forgot password' functionality as it returns distinct messages for invalid password and non-existing users. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Pimcore
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2019-6662 MEDIUM This Month

On BIG-IP 13.1.0-13.1.1.4, sensitive information is logged into the local log files and/or remote logging targets when restjavad processes an invalid request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +9
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-16761 MEDIUM PATCH This Month

A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slp-validate@1.0.0 npm package. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity.

Node.js Information Disclosure Slp Validate
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-18982 MEDIUM PATCH This Month

bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore before 6.3.0 allows script execution in the Email Log preview window because of the lack of a Content-Security-Policy header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Pimcore
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-6663 MEDIUM This Month

The BIG-IP 15.0.0-15.0.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5.1, BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1 configuration. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +12
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2019-18987 MEDIUM PATCH This Month

An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Abusefilter
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2019-12756 LOW PATCH Monitor

Symantec Endpoint Protection (SEP), prior to 14.2 RU2 may be susceptible to a password protection bypass vulnerability whereby the secondary layer of password protection could by bypassed for. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity.

Authentication Bypass Endpoint Protection
NVD
CVSS 3.1
2.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy