Skip to main content
CVE-2019-18184 CRITICAL POC Act Now

Crestron DMC-STRO 1.0 devices allow remote command execution as root via shell metacharacters to the ping function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Dmc Stro Firmware
NVD
CVSS 3.1
9.8
EPSS
8.0%
CVE-2019-19319 MEDIUM POC This Month

In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Use After Free Linux Memory Corruption Linux Kernel +2
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2019-19367 MEDIUM POC PATCH This Month

A cross-site scripting (XSS) vulnerability in app/fax/fax_files.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Fusionpbx
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-19366 MEDIUM POC PATCH This Month

A cross-site scripting (XSS) vulnerability in app/xml_cdr/xml_cdr_search.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Fusionpbx
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-19329 MEDIUM POC PATCH This Month

In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07, when mathematical expressions in results are displayed directly, arbitrary JavaScript execution can occur, aka XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Wikidata Query Gui
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2019-18253 CRITICAL Act Now

An attacker could use specially crafted paths in a specific request to read or delete files from Relion 670 Series (versions 1p1r26, 1.2.3.17, 2.0.0.10, RES670 2.0.0.4, 2.1.0.1, and prior) outside. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Relion 670 Firmware
NVD
CVSS 3.1
10.0
EPSS
2.0%
CVE-2019-19330 CRITICAL Act Now

The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Haproxy Ubuntu Linux Debian Linux
NVD
CVSS 3.1
9.8
EPSS
4.0%
CVE-2019-14896 CRITICAL Act Now

A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Linux RCE Heap Overflow +5
NVD
CVSS 3.1
9.8
EPSS
8.7%
CVE-2019-6665 CRITICAL Act Now

On BIG-IP ASM 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, BIG-IQ 6.0.0 and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, an attacker with access to the device. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Application Security Manager Big Iq Centralized Management Enterprise Manager Iworkflow
NVD
CVSS 3.1
9.4
EPSS
1.1%
CVE-2019-10220 HIGH PATCH This Week

Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Linux Linux Kernel Debian Linux Ubuntu Linux
NVD
CVSS 3.1
8.8
EPSS
5.1%
CVE-2019-15300 HIGH PATCH This Week

A problem was found in Centreon Web through 19.04.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi PHP Centreon Web
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2019-15298 HIGH This Week

A problem was found in Centreon Web through 19.04.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection Centreon Web
NVD GitHub
CVSS 3.1
8.8
EPSS
26.6%
CVE-2019-14867 HIGH PATCH This Week

A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was used in some components. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Freeipa Fedora
NVD
CVSS 3.1
8.8
EPSS
6.3%
CVE-2019-14812 HIGH This Week

A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER`. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ghostscript Fedora
NVD
CVSS 3.1
7.8
EPSS
2.5%
CVE-2019-10216 HIGH PATCH This Week

In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Ghostscript 3Scale Api Management Enterprise Linux Enterprise Linux Desktop +5
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2019-18247 HIGH This Week

An attacker may use a specially crafted message to force Relion 650 series (versions 1.3.0.5 and prior) or Relion 670 series (versions 1.2.3.18, 2.0.0.11, 2.1.0.1 and prior) to reboot, which could. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Relion 650 Firmware Relion 670 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2019-6673 HIGH This Week

On versions 15.0.0-15.0.1 and 14.0.0-14.1.2, when the BIG-IP is configured in HTTP/2 Full Proxy mode, specifically crafted requests may cause a disruption of service provided by the Traffic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Application Acceleration Manager Big Ip Application Security Manager +4
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-6672 HIGH This Week

On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, and 13.1.0-13.1.3.1, when bad-actor detection is configured on a wildcard virtual server on platforms with hardware-based sPVA, the performance of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Advanced Firewall Manager
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2019-6671 HIGH This Week

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, under certain conditions tmm may leak memory when processing packet fragments, leading to resource starvation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +9
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-6669 HIGH This Week

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5.1, undisclosed traffic flow may cause TMM to restart under some circumstances. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +9
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-6667 HIGH This Week

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.1.0-13.1.1.5, 12.1.0-12.1.4.1, and 11.5.1-11.6.5, under certain conditions, TMM may consume excessive resources when processing traffic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics +10
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-6666 HIGH This Week

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, and 13.1.0-13.1.1.4, the TMM process may produce a core file when an upstream server or cache sends the BIG-IP an invalid age header value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +9
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-6674 HIGH This Week

On F5 SSL Orchestrator 15.0.0-15.0.1 and 14.0.0-14.1.2, TMM may crash when processing SSLO data in a service-chaining configuration. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ssl Orchestrator
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-15705 HIGH This Week

An Improper Input Validation vulnerability in the SSL VPN portal of FortiOS versions 6.2.1 and below, and 6.0.6 and below may allow an unauthenticated remote attacker to crash the SSL VPN service by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Denial Of Service Fortios
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2019-10195 MEDIUM PATCH This Month

A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API logged operations. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Freeipa Fedora
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-19328 MEDIUM PATCH This Month

ui/editor/tooltip/Rdf.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection in tooltips for entities. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Wikidata Query Gui
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-19327 MEDIUM PATCH This Month

ui/ResultView.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection when reporting the number of results and number of milliseconds. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Wikidata Query Gui
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-19242 MEDIUM PATCH This Month

SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Sqlite Ubuntu Linux Enterprise Linux +2
NVD GitHub
CVSS 3.1
5.9
EPSS
2.5%
CVE-2019-6668 MEDIUM This Month

The BIG-IP APM Edge Client for macOS bundled with BIG-IP APM 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.1.0-13.1.1.5, 12.1.0-12.1.5, and 11.5.1-11.6.5 may allow unprivileged users to access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Big Ip Access Policy Manager
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-19308 MEDIUM PATCH This Month

In text_to_glyphs in sushi-font-widget.c in gnome-font-viewer 3.34.0, there is a NULL pointer dereference while parsing a TTF font file that lacks a name section (due to a g_strconcat call that. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Gnome Font Viewer
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2019-13936 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webclient of Siemens AG Polarion could allow an attacker to exploit a persistent XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Siemens Polarion
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2019-13935 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webclient of Siemens AG Polarion could allow an attacker to exploit a reflected XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Siemens Polarion
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2019-13934 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webclient of Siemens AG Polarion could allow an attacker to exploit a reflected XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Siemens Polarion
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2019-18660 MEDIUM PATCH This Month

The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel Ubuntu Linux Fedora +2
NVD
CVSS 3.1
4.7
EPSS
0.7%
CVE-2019-6670 MEDIUM This Month

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5, vCMP hypervisors are incorrectly exposing the plaintext unit key for their vCMP guests on the. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +9
NVD
CVSS 3.1
4.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy