Skip to main content
CVE-2019-19307 CRITICAL POC THREAT Act Now

An integer overflow in parse_mqtt in mongoose.c in Cesanta Mongoose 6.16 allows an attacker to achieve remote DoS (infinite loop), or possibly cause an out-of-bounds write, by sending a crafted MQTT. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Mongoose
NVD GitHub
CVSS 3.1
9.8
EPSS
41.6%
CVE-2019-12489 CRITICAL POC Act Now

An issue was discovered on Fastweb Askey RTV1907VW 0.00.81_FW_200_Askey 2018-10-02 18:08:18 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Askey Rtv1907Vw Firmware
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
6.2%
CVE-2019-17590 HIGH POC This Week

The csrf_callback function in the CSRF Magic library through 2016-03-27 is vulnerable to CSRF protection bypass as it allows one to tamper with the csrf token values. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Csrf Magic
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2019-16387 HIGH POC This Week

PEGA Platform 8.3.0 is vulnerable to a direct prweb/sso/random_token/!STANDARD?pyActivity=Data-Admin-DB-Name.DBSchema_ListDatabases request while using a low-privilege account. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pega Platform
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2019-16255 HIGH POC PATCH This Week

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Code Injection RCE Ruby Debian Linux Leap +1
NVD
CVSS 3.1
8.1
EPSS
4.2%
CVE-2019-16242 MEDIUM POC This Month

On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an engineering application named omamock that is vulnerable to OS command injection. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cingular Flip 2 Firmware
NVD
CVSS 3.1
6.8
EPSS
1.1%
CVE-2019-16241 MEDIUM POC This Month

On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, PIN authentication can be bypassed by creating a special file within the /data/local/tmp/ directory. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Cingular Flip 2 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2019-15276 MEDIUM POC THREAT This Month

A vulnerability in the web interface of Cisco Wireless LAN Controller Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service (DoS) condition on an affected. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Cisco Wireless Lan Controller Software
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
46.3%
CVE-2019-16243 MEDIUM POC This Month

On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an undocumented web API that allows unprivileged JavaScript, including JavaScript running within the KaiOS browser, to view and edit the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cingular Flip 2 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-18580 CRITICAL Act Now

Dell EMC Storage Monitoring and Reporting version 4.3.1 contains a Java RMI Deserialization of Untrusted Data vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Dell RCE Deserialization Emc Storage Monitoring And Reporting
NVD
CVSS 3.1
10.0
EPSS
4.9%
CVE-2019-17392 CRITICAL Act Now

Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sitefinity
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2019-12526 CRITICAL Act Now

An issue was discovered in Squid before 4.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Squid Ubuntu Linux Fedora +2
NVD
CVSS 3.1
9.8
EPSS
20.3%
CVE-2019-14842 CRITICAL PATCH Act Now

Structured reply is a feature of the newstyle NBD protocol allowing the server to send a reply in chunks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Libnbd
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2019-6675 CRITICAL Act Now

BIG-IP configurations using Active Directory, LDAP, or Client Certificate LDAP for management authentication with multiple servers are exposed to a vulnerability which allows an authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Big Ip Link Controller Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-15958 CRITICAL Act Now

A vulnerability in the REST API of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated remote attacker to execute arbitrary code with. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco RCE Prime Infrastructure Evolved Programmable Network Manager
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2019-18250 CRITICAL Act Now

In all versions of ABB Power Generation Information Manager (PGIM) and Plant Connect, the affected product is vulnerable to authentication bypass, which may allow an attacker to remotely bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Abb Plant Connect Power Generation Information Manager
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2019-19306 MEDIUM POC This Month

The Zoho CRM Lead Magnet plugin 1.6.9.1 for WordPress allows XSS via module, EditShortcode, or LayoutName. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho WordPress Lead Magnet
NVD GitHub
CVSS 3.1
5.4
EPSS
1.1%
CVE-2019-12523 CRITICAL Act Now

An issue was discovered in Squid before 4.9. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Squid Ubuntu Linux Fedora Leap +1
NVD
CVSS 3.1
9.1
EPSS
4.3%
CVE-2019-4387 HIGH This Week

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.2.0 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi IBM Sterling B2b Integrator
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2019-18457 HIGH This Week

An issue was discovered in GitLab Community and Enterprise Edition 11.8 through 12.4 when handling Security tokens.. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2019-15972 HIGH This Week

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Unified Communications Manager
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2019-15956 HIGH This Week

A vulnerability in the web management interface of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform an unauthorized system reset. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service Cisco Asyncos Web Security Appliance
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2019-15288 HIGH This Week

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE), Cisco TelePresence Codec (TC), and Cisco RoomOS Software could allow an authenticated, remote attacker to escalate. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Telepresence Codec Telepresence Collaboration Endpoint Roomos
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2019-15271 HIGH KEV THREAT This Week

A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker to execute arbitrary commands with root. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Deserialization Rv016 Multi Wan Vpn Firmware Rv042 Dual Wan Vpn Firmware Rv042G Dual Gigabit Wan Vpn Firmware +1
NVD
CVSS 3.1
8.8
EPSS
6.0%
CVE-2019-18251 HIGH This Week

In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Supervisor ships with Teamviewer Version 5.0.8703 QS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cx Supervisor Teamviewer
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2019-15595 HIGH This Week

A privilege escalation exists in UniFi Video Controller =<3.10.6 that would allow an attacker on the local machine to run arbitrary commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Ubiquiti Command Injection Unifi Video Controller
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2019-14890 HIGH This Week

A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ansible Tower
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2019-16388 MEDIUM POC This Month

PEGA Platform 8.3.0 is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyStream=MyAlerts request to get Audit Log information while using a low-privilege account. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pega Platform
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2019-16386 MEDIUM POC This Month

PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyActivity=GetWebInfo&target=popup&pzHarnessID=random_harness_id request to get. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pega Platform
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2019-7319 HIGH This Week

An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cdh
NVD
CVSS 3.1
8.3
EPSS
1.0%
CVE-2019-15286 HIGH This Week

Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE Cisco Webex Business Suite +2
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2019-15284 HIGH This Week

Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE Cisco Webex Business Suite +2
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2019-16201 HIGH This Week

WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service Ruby Debian Linux
NVD
CVSS 3.1
7.5
EPSS
5.1%
CVE-2019-18679 HIGH PATCH This Week

An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

RCE Information Disclosure Squid Ubuntu Linux Debian Linux +1
NVD GitHub
CVSS 3.1
7.5
EPSS
41.0%
CVE-2019-18676 HIGH PATCH This Week

An issue was discovered in Squid 3.x and 4.x through 4.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Denial Of Service Buffer Overflow Memory Corruption Squid Ubuntu Linux +2
NVD GitHub
CVSS 3.1
7.5
EPSS
9.2%
CVE-2019-18455 HIGH This Week

An issue was discovered in GitLab Community and Enterprise Edition 11 through 12.4 when building Nested GraphQL queries. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-6477 HIGH This Week

With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bind Fedora
NVD
CVSS 3.1
7.5
EPSS
4.0%
CVE-2019-19275 HIGH PATCH This Week

typed_ast 1.3.0 and 1.3.1 has an ast_for_arguments out-of-bounds read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Python Information Disclosure Typed Ast
NVD GitHub
CVSS 3.1
7.5
EPSS
3.3%
CVE-2019-19274 HIGH PATCH This Week

typed_ast 1.3.0 and 1.3.1 has a handle_keywordonly_args out-of-bounds read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Python Information Disclosure Typed Ast
NVD GitHub
CVSS 3.1
7.5
EPSS
3.3%
CVE-2019-18460 HIGH This Week

An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.4 in the Comments Search feature provided by the Elasticsearch integration. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Elastic Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2019-14853 HIGH PATCH This Week

An error-handling flaw was found in python-ecdsa before version 0.13.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Python Python Ecdsa
NVD GitHub
CVSS 3.1
7.5
EPSS
2.5%
CVE-2019-19272 HIGH This Week

An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Proftpd
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2019-19271 HIGH PATCH This Week

An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Proftpd
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-19270 HIGH PATCH This Week

An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Proftpd Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-11290 HIGH This Week

Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query parameters to tomcat’s access file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Information Disclosure Cf Deployment User Account And Authentication
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-15997 MEDIUM This Month

A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to perform a command injection attack and execute arbitrary commands on the underlying operating system as. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Dna Spaces
NVD
CVSS 3.1
6.7
EPSS
0.7%
CVE-2019-15996 MEDIUM This Month

A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cisco Dna Spaces
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2019-15986 MEDIUM This Month

A vulnerability in the CLI of Cisco Unity Express could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Unity Express
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2019-18448 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition before 12.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-15845 MEDIUM This Month

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ruby Ubuntu Linux
NVD
CVSS 3.1
6.5
EPSS
3.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy