Skip to main content
CVE-2019-17590 HIGH POC This Week

The csrf_callback function in the CSRF Magic library through 2016-03-27 is vulnerable to CSRF protection bypass as it allows one to tamper with the csrf token values. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Csrf Magic
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2019-16387 HIGH POC This Week

PEGA Platform 8.3.0 is vulnerable to a direct prweb/sso/random_token/!STANDARD?pyActivity=Data-Admin-DB-Name.DBSchema_ListDatabases request while using a low-privilege account. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pega Platform
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2019-16255 HIGH POC PATCH This Week

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Code Injection RCE Ruby Debian Linux Leap +1
NVD
CVSS 3.1
8.1
EPSS
4.2%
CVE-2019-4387 HIGH This Week

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.2.0 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi IBM Sterling B2b Integrator
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2019-18457 HIGH This Week

An issue was discovered in GitLab Community and Enterprise Edition 11.8 through 12.4 when handling Security tokens.. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2019-15972 HIGH This Week

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Unified Communications Manager
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2019-15956 HIGH This Week

A vulnerability in the web management interface of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform an unauthorized system reset. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service Cisco Asyncos Web Security Appliance
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2019-15288 HIGH This Week

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE), Cisco TelePresence Codec (TC), and Cisco RoomOS Software could allow an authenticated, remote attacker to escalate. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Telepresence Codec Telepresence Collaboration Endpoint Roomos
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2019-15271 HIGH KEV THREAT This Week

A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker to execute arbitrary commands with root. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Deserialization Rv016 Multi Wan Vpn Firmware Rv042 Dual Wan Vpn Firmware Rv042G Dual Gigabit Wan Vpn Firmware +1
NVD
CVSS 3.1
8.8
EPSS
6.0%
CVE-2019-18251 HIGH This Week

In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Supervisor ships with Teamviewer Version 5.0.8703 QS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cx Supervisor Teamviewer
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2019-15595 HIGH This Week

A privilege escalation exists in UniFi Video Controller =<3.10.6 that would allow an attacker on the local machine to run arbitrary commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Ubiquiti Command Injection Unifi Video Controller
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2019-14890 HIGH This Week

A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ansible Tower
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2019-7319 HIGH This Week

An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cdh
NVD
CVSS 3.1
8.3
EPSS
1.0%
CVE-2019-15286 HIGH This Week

Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE Cisco Webex Business Suite +2
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2019-15284 HIGH This Week

Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE Cisco Webex Business Suite +2
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2019-16201 HIGH This Week

WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service Ruby Debian Linux
NVD
CVSS 3.1
7.5
EPSS
5.1%
CVE-2019-18679 HIGH PATCH This Week

An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

RCE Information Disclosure Squid Ubuntu Linux Debian Linux +1
NVD GitHub
CVSS 3.1
7.5
EPSS
41.0%
CVE-2019-18676 HIGH PATCH This Week

An issue was discovered in Squid 3.x and 4.x through 4.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Denial Of Service Buffer Overflow Memory Corruption Squid Ubuntu Linux +2
NVD GitHub
CVSS 3.1
7.5
EPSS
9.2%
CVE-2019-18455 HIGH This Week

An issue was discovered in GitLab Community and Enterprise Edition 11 through 12.4 when building Nested GraphQL queries. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-6477 HIGH This Week

With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bind Fedora
NVD
CVSS 3.1
7.5
EPSS
4.0%
CVE-2019-19275 HIGH PATCH This Week

typed_ast 1.3.0 and 1.3.1 has an ast_for_arguments out-of-bounds read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Python Information Disclosure Typed Ast
NVD GitHub
CVSS 3.1
7.5
EPSS
3.3%
CVE-2019-19274 HIGH PATCH This Week

typed_ast 1.3.0 and 1.3.1 has a handle_keywordonly_args out-of-bounds read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Python Information Disclosure Typed Ast
NVD GitHub
CVSS 3.1
7.5
EPSS
3.3%
CVE-2019-18460 HIGH This Week

An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.4 in the Comments Search feature provided by the Elasticsearch integration. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Elastic Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2019-14853 HIGH PATCH This Week

An error-handling flaw was found in python-ecdsa before version 0.13.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Python Python Ecdsa
NVD GitHub
CVSS 3.1
7.5
EPSS
2.5%
CVE-2019-19272 HIGH This Week

An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Proftpd
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2019-19271 HIGH PATCH This Week

An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Proftpd
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-19270 HIGH PATCH This Week

An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Proftpd Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-11290 HIGH This Week

Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query parameters to tomcat’s access file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Information Disclosure Cf Deployment User Account And Authentication
NVD
CVSS 3.1
7.5
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy