Skip to main content
CVE-2019-19307 CRITICAL POC THREAT Act Now

An integer overflow in parse_mqtt in mongoose.c in Cesanta Mongoose 6.16 allows an attacker to achieve remote DoS (infinite loop), or possibly cause an out-of-bounds write, by sending a crafted MQTT. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Mongoose
NVD GitHub
CVSS 3.1
9.8
EPSS
41.6%
CVE-2019-12489 CRITICAL POC Act Now

An issue was discovered on Fastweb Askey RTV1907VW 0.00.81_FW_200_Askey 2018-10-02 18:08:18 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Askey Rtv1907Vw Firmware
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
6.2%
CVE-2019-18580 CRITICAL Act Now

Dell EMC Storage Monitoring and Reporting version 4.3.1 contains a Java RMI Deserialization of Untrusted Data vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Dell RCE Deserialization Emc Storage Monitoring And Reporting
NVD
CVSS 3.1
10.0
EPSS
4.9%
CVE-2019-17392 CRITICAL Act Now

Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sitefinity
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2019-12526 CRITICAL Act Now

An issue was discovered in Squid before 4.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Squid Ubuntu Linux Fedora +2
NVD
CVSS 3.1
9.8
EPSS
20.3%
CVE-2019-14842 CRITICAL PATCH Act Now

Structured reply is a feature of the newstyle NBD protocol allowing the server to send a reply in chunks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Libnbd
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2019-6675 CRITICAL Act Now

BIG-IP configurations using Active Directory, LDAP, or Client Certificate LDAP for management authentication with multiple servers are exposed to a vulnerability which allows an authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Big Ip Link Controller Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-15958 CRITICAL Act Now

A vulnerability in the REST API of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated remote attacker to execute arbitrary code with. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco RCE Prime Infrastructure Evolved Programmable Network Manager
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2019-18250 CRITICAL Act Now

In all versions of ABB Power Generation Information Manager (PGIM) and Plant Connect, the affected product is vulnerable to authentication bypass, which may allow an attacker to remotely bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Abb Plant Connect Power Generation Information Manager
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2019-12523 CRITICAL Act Now

An issue was discovered in Squid before 4.9. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Squid Ubuntu Linux Fedora Leap +1
NVD
CVSS 3.1
9.1
EPSS
4.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy