Skip to main content
CVE-2019-18276 HIGH POC PATCH This Week

An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Bash Hci Management Node Oncommand Unified Manager Solidfire +1
NVD GitHub
CVSS 3.1
7.8
EPSS
2.6%
CVE-2019-19318 MEDIUM POC This Month

In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +13
NVD GitHub
CVSS 3.1
4.4
EPSS
0.6%
CVE-2019-19372 HIGH This Week

A downloadFile.php download_file path traversal vulnerability in rConfig through 3.9.3 allows attackers to list files in arbitrary folders and potentially download files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Path Traversal Rconfig
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-19376 MEDIUM This Month

In Octopus Deploy before 2019.10.6, an authenticated user with TeamEdit permission could send a malformed Team API request that bypasses input validation and causes an application level denial of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Octopus Deploy
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-19379 MEDIUM PATCH This Month

In app/Controller/TagsController.php in MISP 2.4.118, users can bypass intended restrictions on tagging data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Authentication Bypass Misp
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
1.1%
CVE-2019-19375 MEDIUM This Month

In Octopus Deploy before 2019.10.7, in a configuration where SSL offloading is enabled, the CSRF cookie was sometimes sent without the secure attribute. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Octopus Deploy
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy