Skip to main content
CVE-2019-19013 HIGH POC This Week

A CSRF vulnerability in Pagekit 1.0.17 allows an attacker to upload an arbitrary file by removing the CSRF token from a request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Pagekit
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2019-18909 HIGH POC This Week

The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

HP Command Injection Thinpro
NVD
CVSS 3.1
8.0
EPSS
2.2%
CVE-2019-18910 MEDIUM POC This Month

The Citrix Receiver wrapper function does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with local user privileges. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Command Injection Thinpro
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2019-9536 MEDIUM POC This Month

Apple iPhone 3GS bootrom malloc implementation returns a non-NULL pointer when unable to allocate memory, aka 'alloc8'. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Apple Iphone 3Gs
NVD GitHub
CVSS 3.1
6.8
EPSS
0.5%
CVE-2019-15593 MEDIUM POC This Month

GitLab 12.2.3 contains a security vulnerability that allows a user to affect the availability of the service through a Denial of Service attack in Issue Comments. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2019-15652 MEDIUM POC This Month

The web interface for NSSLGlobal SatLink VSAT Modem Unit (VMU) devices before 18.1.0 doesn't properly sanitize input for error messages, leading to the ability to inject client-side code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vmu Software
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-18622 CRITICAL PATCH Act Now

An issue was discovered in phpMyAdmin before 4.9.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Phpmyadmin Backports Sle Fedora Leap
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2019-13566 CRITICAL PATCH Act Now

An issue was discovered in the ROS communications-related packages (aka ros_comm or ros-melodic-ros-comm) through 1.14.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Denial Of Service Buffer Overflow RCE Ros Comm
NVD GitHub
CVSS 3.1
9.8
EPSS
3.1%
CVE-2019-19240 MEDIUM POC This Month

Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests with a large Host header. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Goahead
NVD GitHub
CVSS 3.1
5.3
EPSS
1.5%
CVE-2019-18610 HIGH PATCH This Week

An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Asterisk Certified Asterisk Debian Linux
NVD
CVSS 3.1
8.8
EPSS
29.6%
CVE-2019-3654 HIGH This Week

Authentication Bypass vulnerability in the Microsoft Windows client in McAfee Client Proxy (MCP) prior to 3.0.0 allows local user to bypass scanning of web traffic and gain access to blocked sites. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Client Proxy
NVD
CVSS 3.1
8.6
EPSS
0.7%
CVE-2019-17446 HIGH This Week

An issue was discovered in Eracent EPA Agent through 10.2.26. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Epa Agent
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-18976 HIGH This Week

An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Asterisk Certified Asterisk Debian Linux
NVD
CVSS 3.1
7.5
EPSS
6.7%
CVE-2019-13157 HIGH This Week

nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Vaccine
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-3427 HIGH This Week

The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a code injection vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Zte RCE Zxcdn Iamweb Firmware
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2019-16287 MEDIUM This Month

In HP ThinPro Linux 6.2, 6.2.1, 7.0 and 7.1, an attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass HP Thinpro
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2019-16286 MEDIUM This Month

An attacker may be able to bypass the OS application filter meant to restrict applications that can be executed by changing browser preferences to launch a separate process that in turn can execute. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Thinpro Linux
NVD
CVSS 3.1
6.8
EPSS
0.8%
CVE-2019-18790 MEDIUM PATCH This Month

An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Asterisk Certified Asterisk Debian Linux
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2019-3428 MEDIUM This Month

The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a configuration error vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Information Disclosure Zxcdn Iamweb Firmware
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-10206 MEDIUM PATCH This Month

ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ansible Debian Linux Backports Sle Leap
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2019-16763 MEDIUM PATCH This Month

In Pannellum from 2.5.0 through 2.5.4 URLs were not sanitized for data URIs (or vbscript:), allowing for potential XSS attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS CSRF Pannellum
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-4215 MEDIUM This Month

IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Smartcloud Analytics Log Analysis
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-17445 MEDIUM This Month

An issue was discovered in Eracent EDA, EPA, EPM, EUA, FLW, and SUM Agent through 10.2.26. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Eda Agent Epa Agent Epm Agent Eua Agent +2
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-19227 MEDIUM PATCH This Month

In the AppleTalk subsystem in the Linux kernel before 5.1, there is a potential NULL pointer dereference because register_snap_client may return NULL. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2019-4569 MEDIUM This Month

IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.16 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Tivoli Netcool Impact
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-4570 MEDIUM This Month

IBM Tivoli Netcool Impact 7.1.0 through 7.1.0.16 generates an error message that includes sensitive information about its environment, users, or associated data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Tivoli Netcool Impact
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2019-11291 MEDIUM This Month

Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints,. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rabbitmq Server Rabbitmq Openstack
NVD
CVSS 3.1
4.8
EPSS
0.8%
CVE-2019-16285 MEDIUM This Month

If a local user has been configured and logged in, an unauthenticated attacker with physical access may be able to extract sensitive information onto a local drive. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Thinpro Linux
NVD
CVSS 3.1
4.6
EPSS
1.0%
CVE-2019-4216 MEDIUM This Month

IBM SmartCloud Analytics 1.3.1 through 1.3.5 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Smartcloud Analytics Log Analysis
NVD
CVSS 3.1
4.6
EPSS
0.6%
CVE-2019-4243 MEDIUM This Month

IBM SmartCloud Analytics 1.3.1 through 1.3.5 allows unauthorized disclosure of information like accessing solrconfig.xml and could allow an attacker to perform disruptive administrator tasks. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass IBM Smartcloud Analytics Log Analysis
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2019-10203 MEDIUM This Month

PowerDNS Authoritative daemon , pdns versions 4.0.x before 4.0.9, 4.1.x before 4.1.11, exiting when encountering a serial between 2^31 and 2^32-1 while trying to notify a slave leads to DoS. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Authoritative Server
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2019-4214 LOW Monitor

IBM SmartCloud Analytics 1.3.1 through 1.3.5 does not set the secure attribute on authorization tokens or session cookies. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Smartcloud Analytics Log Analysis
NVD
CVSS 3.1
3.7
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy