Skip to main content
CVE-2019-18858 CRITICAL POC Act Now

CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Control For Beaglebone Control For Empc A Imx6 Control For Iot2000 Control For Linux +10
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2019-10765 CRITICAL POC PATCH Act Now

iobroker.admin before 3.6.12 allows attacker to include file contents from outside the `/log/file1/` directory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Iobroker Admin
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2019-3466 HIGH POC This Week

The pg_ctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation PostgreSQL Postgresql Common Ubuntu Linux Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-16200 HIGH POC This Week

GNU Serveez through 0.2.2 has an Information Leak. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Serveez
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-5541 CRITICAL PATCH Act Now

VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an out-of-bounds write vulnerability in the e1000e virtual network adapter. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow VMware RCE Memory Corruption Workstation +1
NVD
CVSS 3.1
9.1
EPSS
1.4%
CVE-2019-4561 HIGH This Week

IBM Security Identity Manager 6.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM RCE Deserialization Security Identity Manager
NVD
CVSS 3.1
8.8
EPSS
3.5%
CVE-2019-6186 HIGH PATCH This Week

A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an authenticated user to execute code as another user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Lenovo Information Disclosure System Interface Foundation
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2019-6191 HIGH This Week

A potential vulnerability in the discontinued LenovoPaper software version 1.0.0.22 may allow local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Paper
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-6189 HIGH This Week

A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an administrative user to load an unsigned DLL. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Information Disclosure System Interface Foundation
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-6184 HIGH This Week

A potential vulnerability in the discontinued Customer Engagement Service (CCSDK) software version 2.0.21.1 may allow local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Customer Engagement Service
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-5542 HIGH PATCH This Week

VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain a denial-of-service vulnerability in the RPC handler. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

VMware Information Disclosure Fusion Workstation
NVD
CVSS 3.1
7.7
EPSS
0.9%
CVE-2019-5540 HIGH PATCH This Week

VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an information disclosure vulnerability in vmnetdhcp. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

VMware Information Disclosure Workstation Fusion
NVD
CVSS 3.1
7.7
EPSS
1.2%
CVE-2019-6852 HIGH This Week

A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bmx P34X Firmware Bmx Noe 0100 Firmware Bmx Noe 0110 Firmware Bmx Noc 0401 Firmware +6
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2019-6176 HIGH PATCH This Week

A potential vulnerability reported in ThinkPad USB-C Dock Firmware version 3.7.2 may allow a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Thinkpad Usb C Dock Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-4530 MEDIUM This Month

IBM Maximo Asset Management 7.6, 7.6.1, and 7.6.1.1 could allow an authenticated user to delete a record that they should not normally be able to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Maximo Asset Management
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2019-6187 MEDIUM PATCH This Month

A stored CSV Injection vulnerability was reported in Lenovo XClarity Controller (XCC) that could allow an administrative or other appropriately permissioned user to store malformed data in certain. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Lenovo Xclarity Controller
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-6853 MEDIUM This Month

A CWE-79: Failure to Preserve Web Page Structure vulnerability exists in Andover Continuum (models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702) , which could enable a successful. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Andover Continuum 9680 Firmware Andover Continuum 5740 Firmware Andover Continuum 5720 Firmware Andover Continuum Bcx4040 Firmware +7
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2019-15073 MEDIUM This Month

An Open Redirect vulnerability for all browsers in MAIL2000 through version 6.0 and 7.0, which will redirect to a malicious site without authentication. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Mail2000
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-15072 MEDIUM This Month

The login feature in "/cgi-bin/portal" in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via any parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE Mail2000
NVD GitHub
CVSS 3.1
6.1
EPSS
1.5%
CVE-2019-15071 MEDIUM This Month

The "/cgi-bin/go" page in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via ACTION parameter without authentication. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE Mail2000
NVD GitHub
CVSS 3.1
6.1
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy