Skip to main content
CVE-2019-10766 CRITICAL POC PATCH Act Now

Pixie versions 1.0.x before 1.0.3, and 2.0.x before 2.0.2 allow SQL Injection in the limit() function due to improper sanitization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Pixie
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-10768 HIGH POC PATCH This Week

In AngularJS before 1.7.9 the function `merge()` could be tricked into adding or modifying properties of `Object.prototype` using a `__proto__` payload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Angularjs
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2019-18934 HIGH POC PATCH This Week

Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Command Injection Unbound Fedora Leap
NVD GitHub
CVSS 3.1
7.3
EPSS
3.2%
CVE-2019-12421 HIGH PATCH This Week

When using an authentication mechanism other than PKI, when the user clicks Log Out in NiFi versions 1.0.0 to 1.9.2, NiFi invalidates the authentication token on the client side but not on the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nifi
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-11289 HIGH PATCH This Week

Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cf Deployment Routing Release
NVD
CVSS 3.1
8.6
EPSS
1.5%
CVE-2019-16861 HIGH This Week

Code42 server through 7.0.2 for Windows has an Untrusted Search Path. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft RCE Code42
NVD
CVSS 3.1
7.3
EPSS
0.4%
CVE-2019-16860 HIGH This Week

Code42 app through version 7.0.2 for Windows has an Untrusted Search Path. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft RCE Code42
NVD
CVSS 3.1
7.3
EPSS
0.4%
CVE-2019-10080 MEDIUM PATCH This Month

The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Apache Nifi
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2019-10083 MEDIUM PATCH This Month

When updating a Process Group via the API in NiFi versions 1.3.0 to 1.9.2, the response to the request includes all of its contents (at the top most level, not recursively). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nifi
NVD
CVSS 3.1
5.3
EPSS
2.8%
CVE-2019-19126 LOW PATCH Monitor

On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Authentication Bypass Glibc Ubuntu Linux Fedora Debian Linux
NVD
CVSS 3.1
3.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy