Skip to main content
CVE-2019-18184 CRITICAL POC Act Now

Crestron DMC-STRO 1.0 devices allow remote command execution as root via shell metacharacters to the ping function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Dmc Stro Firmware
NVD
CVSS 3.1
9.8
EPSS
8.0%
CVE-2019-18253 CRITICAL Act Now

An attacker could use specially crafted paths in a specific request to read or delete files from Relion 670 Series (versions 1p1r26, 1.2.3.17, 2.0.0.10, RES670 2.0.0.4, 2.1.0.1, and prior) outside. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Relion 670 Firmware
NVD
CVSS 3.1
10.0
EPSS
2.0%
CVE-2019-19330 CRITICAL Act Now

The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Haproxy Ubuntu Linux Debian Linux
NVD
CVSS 3.1
9.8
EPSS
4.0%
CVE-2019-14896 CRITICAL Act Now

A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Linux RCE Heap Overflow +5
NVD
CVSS 3.1
9.8
EPSS
8.7%
CVE-2019-6665 CRITICAL Act Now

On BIG-IP ASM 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, BIG-IQ 6.0.0 and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, an attacker with access to the device. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Application Security Manager Big Iq Centralized Management Enterprise Manager Iworkflow
NVD
CVSS 3.1
9.4
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy