Skip to main content
CVE-2019-19378 HIGH POC This Week

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Linux Buffer Overflow Memory Corruption Linux Kernel
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-19377 HIGH POC This Week

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +4
NVD GitHub
CVSS 3.1
7.8
EPSS
3.4%
CVE-2019-18922 HIGH POC THREAT This Week

A Directory Traversal in the Web interface of the Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047] allows unauthenticated attackers to read arbitrary system files via a GET. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal At Gs950 8 Firmware
NVD
CVSS 3.1
7.5
EPSS
24.7%
CVE-2019-5218 HIGH This Week

There is an insufficient authentication vulnerability in Huawei Band 2 and Honor Band 3. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei Band 2 Firmware Band 3 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2019-16766 HIGH PATCH This Week

When using wagtail-2fa before 1.3.0, if someone gains access to someone's Wagtail login credentials, they can log into the CMS and bypass the 2FA check by changing the URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Wagtail 2Fa
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-5268 HIGH This Week

Some Huawei home routers have an input validation vulnerability. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Cd10 10 Firmware Cd16 10 Firmware Cd17 10 Firmware +19
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2019-5269 HIGH This Week

Some Huawei home routers have an improper authorization vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Huawei Privilege Escalation Cd10 10 Firmware Cd16 10 Firmware Cd17 10 Firmware +19
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-5225 HIGH This Week

P30, Mate 20, P30 Pro smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), versions earlier than Hima-AL00B 9.1.0.135(C00E200R2P1), versions earlier than VOGUE-AL00A. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE P30 Firmware Mate 20 Firmware P30 Pro Firmware
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2019-5210 HIGH This Week

Nova 5i pro and Nova 5 smartphones with versions earlier than 9.1.1.190(C00E190R6P2)and Versions earlier than 9.1.1.175(C00E170R3P2) have an improper validation of array index vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Nova 5I Pro Firmware Nova 5 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-19396 HIGH This Week

illumos, as used in OmniOS Community Edition before r151030y, allows a kernel crash via an application with multiple threads calling sendmsg concurrently over a single socket, because. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Omnios
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-5232 HIGH This Week

There is a use of insufficiently random values vulnerability in Huawei ViewPoint products. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Vp9630 Firmware Vp9650 Firmware Vp9660 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-16767 HIGH PATCH This Week

The admin sys mode is now conditional and dedicated for the special case. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Ezmaster
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy