Skip to main content
CVE-2019-19378 HIGH POC This Week

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Linux Buffer Overflow Memory Corruption Linux Kernel
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-19377 HIGH POC This Week

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +4
NVD GitHub
CVSS 3.1
7.8
EPSS
3.4%
CVE-2019-18922 HIGH POC THREAT This Week

A Directory Traversal in the Web interface of the Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047] allows unauthenticated attackers to read arbitrary system files via a GET. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal At Gs950 8 Firmware
NVD
CVSS 3.1
7.5
EPSS
24.7%
CVE-2019-19388 MEDIUM POC PATCH This Month

A cross-site scripting (XSS) vulnerability in app/dialplans/dialplan_detail_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the dialplan_uuid parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Fusionpbx
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-19387 MEDIUM POC PATCH This Month

A cross-site scripting (XSS) vulnerability in app/fifo_list/fifo_interactive.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the c parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Fusionpbx
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-19386 MEDIUM POC PATCH This Month

A cross-site scripting (XSS) vulnerability in app/voicemail_greetings/voicemail_greeting_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id and/or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Fusionpbx
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-19385 MEDIUM POC PATCH This Month

A cross-site scripting (XSS) vulnerability in app/dialplans/dialplans.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the app_uuid parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Fusionpbx
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-19384 MEDIUM POC PATCH This Month

A cross-site scripting (XSS) vulnerability in app/fax/fax_log_view.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the fax_uuid parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Fusionpbx
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-14901 CRITICAL Act Now

A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Linux RCE Heap Overflow +4
NVD
CVSS 3.1
9.8
EPSS
16.9%
CVE-2019-14897 CRITICAL PATCH Act Now

A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Stack Overflow Buffer Overflow Linux RCE +3
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2019-14895 CRITICAL PATCH Act Now

A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Buffer Overflow Linux RCE Heap Overflow +5
NVD
CVSS 3.1
9.8
EPSS
7.8%
CVE-2019-19391 CRITICAL PATCH Act Now

In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other products, debug.getinfo has a type confusion issue that leads to arbitrary memory write or read operations, because certain cases. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Information Disclosure Memory Corruption Luajit Moonjit
NVD GitHub
CVSS 3.1
9.1
EPSS
1.3%
CVE-2019-5218 HIGH This Week

There is an insufficient authentication vulnerability in Huawei Band 2 and Honor Band 3. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei Band 2 Firmware Band 3 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2019-16766 HIGH PATCH This Week

When using wagtail-2fa before 1.3.0, if someone gains access to someone's Wagtail login credentials, they can log into the CMS and bypass the 2FA check by changing the URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Wagtail 2Fa
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-5268 HIGH This Week

Some Huawei home routers have an input validation vulnerability. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Cd10 10 Firmware Cd16 10 Firmware Cd17 10 Firmware +19
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2019-5269 HIGH This Week

Some Huawei home routers have an improper authorization vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Huawei Privilege Escalation Cd10 10 Firmware Cd16 10 Firmware Cd17 10 Firmware +19
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-5225 HIGH This Week

P30, Mate 20, P30 Pro smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), versions earlier than Hima-AL00B 9.1.0.135(C00E200R2P1), versions earlier than VOGUE-AL00A. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE P30 Firmware Mate 20 Firmware P30 Pro Firmware
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2019-5210 HIGH This Week

Nova 5i pro and Nova 5 smartphones with versions earlier than 9.1.1.190(C00E190R6P2)and Versions earlier than 9.1.1.175(C00E170R3P2) have an improper validation of array index vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Nova 5I Pro Firmware Nova 5 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-19396 HIGH This Week

illumos, as used in OmniOS Community Edition before r151030y, allows a kernel crash via an application with multiple threads calling sendmsg concurrently over a single socket, because. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Omnios
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-5232 HIGH This Week

There is a use of insufficiently random values vulnerability in Huawei ViewPoint products. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Vp9630 Firmware Vp9650 Firmware Vp9660 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-16767 HIGH PATCH This Week

The admin sys mode is now conditional and dedicated for the special case. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Ezmaster
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2019-14865 MEDIUM This Month

A flaw was found in the grub2-set-bootflag utility of grub2. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Grub2
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2019-5211 MEDIUM This Month

The Huawei Share function of P20 phones with versions earlier than Emily-L29C 9.1.0.311 has an improper file management vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure P20 Firmware
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2019-19451 MEDIUM This Month

When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Dia Fedora Leap
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-5247 MEDIUM This Month

Huawei Atlas 300, Atlas 500 have a buffer overflow vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Huawei Buffer Overflow Atlas 300 Firmware Atlas 500 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-5263 MEDIUM This Month

HiSuite with 9.1.0.305 and earlier versions and 9.1.0.305(MAC) and earlier versions and HwBackup with earlier versions before 9.1.1.308 have a brute forcing encrypted backup data vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Huawei Information Disclosure Hisuite Hwbackup
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-5227 MEDIUM This Month

P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure P30 Firmware P30 Pro Firmware Mate 20 Firmware Hisuite Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-5224 MEDIUM This Month

P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21) have an out of bounds read vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure P30 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2019-5212 MEDIUM This Month

There is an improper access control vulnerability in Huawei Share. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure P20 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2019-5226 MEDIUM This Month

P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure P30 Firmware P30 Pro Firmware Mate 20 Firmware Hisuite Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-5271 MEDIUM This Month

There is an information leak vulnerability in Huawei smart speaker Myna. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Myna Firmware
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2019-5309 MEDIUM This Month

Honor play smartphones with versions earlier than 9.1.0.333(C00E333R1P1T8) have an information disclosure vulnerability in certain Huawei . Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Honor Play Firmware
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2019-5308 LOW Monitor

Mate 20 RS smartphones with versions earlier than 9.1.0.135(C786E133R3P1) have an improper authorization vulnerability. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mate 20 Rs Firmware
NVD
CVSS 3.1
2.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy