Skip to main content
CVE-2019-10769 CRITICAL POC Act Now

safer-eval is a npm package to sandbox the he evaluation of code used within the eval function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Node.js RCE Safer Eval
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2019-5544 CRITICAL POC KEV PATCH THREAT Act Now

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow VMware Memory Corruption Horizon Daas ESXi +14
NVD
CVSS 3.1
9.8
EPSS
96.8%
CVE-2019-12734 HIGH POC This Week

SiteVision 4 has Incorrect Access Control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Sitevision
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2019-12733 HIGH POC This Week

SiteVision 4 allows Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Sitevision
NVD
CVSS 3.1
8.8
EPSS
6.0%
CVE-2019-19624 MEDIUM POC PATCH This Month

An out-of-bounds read was discovered in OpenCV before 4.1.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Opencv Enterprise Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.7%
CVE-2019-18671 CRITICAL PATCH Act Now

Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes in the .bss segment via crafted messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow RCE Memory Corruption Keepkey Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.3%
CVE-2019-16674 CRITICAL Act Now

An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ie Sw Pl09M 5Gc 4Gt Firmware Ie Sw Pl09Mt 5Gc 4Gt Firmware Ie Sw Pl18M 2Gc 16Tx Firmware Ie Sw Pl18Mt 2Gc 16Tx Firmware +36
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2019-16672 CRITICAL Act Now

An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ie Sw Pl09M 5Gc 4Gt Firmware Ie Sw Pl09Mt 5Gc 4Gt Firmware Ie Sw Pl18M 2Gc 16Tx Firmware Ie Sw Pl18Mt 2Gc 16Tx Firmware +36
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2019-16670 CRITICAL Act Now

An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ie Sw Pl09M 5Gc 4Gt Firmware Ie Sw Pl09Mt 5Gc 4Gt Firmware Ie Sw Pl18M 2Gc 16Tx Firmware Ie Sw Pl18Mt 2Gc 16Tx Firmware +36
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2019-19334 CRITICAL PATCH Act Now

In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "identityref". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Buffer Overflow Stack Overflow RCE Libyang +2
NVD GitHub
CVSS 3.1
9.8
EPSS
3.9%
CVE-2019-19333 CRITICAL PATCH Act Now

In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Buffer Overflow Stack Overflow RCE Libyang +1
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2019-19617 CRITICAL PATCH Act Now

phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure Phpmyadmin Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2019-19627 MEDIUM POC This Month

SROS 2 0.8.1 (after CVE-2019-19625 is mitigated) leaks ROS 2 node-related information regardless of the rtps_protection_kind configuration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sros2
NVD GitHub
CVSS 3.1
5.3
EPSS
2.1%
CVE-2019-19625 MEDIUM POC This Month

SROS 2 0.8.1 (which provides the tools that generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2) leaks node information due to a leaky. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sros2
NVD GitHub
CVSS 3.1
5.3
EPSS
1.5%
CVE-2019-2225 HIGH PATCH This Week

When pairing with a Bluetooth device, it may be possible to pair a malicious device without any confirmation from the user, and that device may be able to interact with the phone. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Google Android
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2019-2223 HIGH This Week

In ihevcd_ref_list of ihevcd_ref_list.c, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2019-2222 HIGH This Week

n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2019-2221 HIGH PATCH This Week

In hasActivityInVisibleTask of WindowProcessController.java there’s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Java Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-2218 HIGH This Week

In createSessionInternal of PackageInstallerService.java, there is a possible improper permission grant due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-2217 HIGH This Week

In setCpuVulkanInUse of GpuStats.cpp, there is possible memory corruption due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Buffer Overflow Memory Corruption Google +2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-2232 HIGH PATCH This Week

In handleRun of TextLine.java, there is a possible application crash due to improper input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Denial Of Service Android
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-2230 HIGH PATCH This Week

In nfcManager_routeAid and nfcManager_unrouteAid of NativeNfcManager.cpp, there is possible memory reuse due to a use after free. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Information Disclosure Memory Corruption Google Use After Free +1
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2019-18672 HIGH PATCH This Week

Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Keepkey Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2019-18575 HIGH This Week

Dell Command Configure versions prior to 4.2.1 contain an uncontrolled search path vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Command Configure
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2019-2227 MEDIUM PATCH This Month

In DeepCopy of btif_av.cc, there is a possible out of bounds read due to improper casting. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2019-11293 MEDIUM This Month

Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs client_secret credentials when sent as a query parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cf Deployment User Account And Authentication
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2019-16771 MEDIUM PATCH This Month

Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Armeria
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-16673 MEDIUM This Month

An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ie Sw Pl09M 5Gc 4Gt Firmware Ie Sw Pl09Mt 5Gc 4Gt Firmware Ie Sw Pl18M 2Gc 16Tx Firmware Ie Sw Pl18Mt 2Gc 16Tx Firmware +36
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-16671 MEDIUM This Month

An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Ie Sw Pl09M 5Gc 4Gt Firmware Ie Sw Pl09Mt 5Gc 4Gt Firmware Ie Sw Pl18M 2Gc 16Tx Firmware Ie Sw Pl18Mt 2Gc 16Tx Firmware +36
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2019-19619 MEDIUM PATCH This Month

domain/section/markdown/markdown.go in Documize before 3.5.1 mishandles untrusted Markdown content. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Documize
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2019-11554 MEDIUM This Month

The Audible application through 2.34.0 for Android has Missing SSL Certificate Validation for Adobe SDKs, allowing MITM attackers to cause a denial of service. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Denial Of Service Adobe Audible
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2019-9464 MEDIUM PATCH This Month

In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-2229 MEDIUM PATCH This Month

In updateWidget of BaseWidgetProvider.java, there is a possible leak of user data due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Information Disclosure Google Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2019-2228 MEDIUM This Month

In array_find of array.c, there is a possible out-of-bounds read due to an incorrect bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-2226 MEDIUM This Month

In device_class_to_int of device_class.cc, there is a possible out of bounds read due to improper casting. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2019-2220 MEDIUM This Month

In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-1551 MEDIUM PATCH This Month

There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

OpenSSL Integer Overflow Buffer Overflow Leap Enterprise Manager Ops Center +6
NVD
CVSS 3.1
5.3
EPSS
14.3%
CVE-2019-19552 MEDIUM This Month

In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/config.php?display=userman URI. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Freepbx
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2019-19551 MEDIUM This Month

In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Freepbx
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2019-2219 MEDIUM This Month

In several functions of NotificationManagerService.java and related files, there is a possible way to record audio from the background without notification to the user due to a permission bypass. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Java Privilege Escalation Google Android
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2019-2231 MEDIUM PATCH This Month

In Blob::Blob of blob.cpp, there is a possible unencrypted master key due to improper input validation. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2019-19616 MEDIUM This Month

An Insecure Direct Object Reference (IDOR) vulnerability in the Xtivia Web Time and Expense (WebTE) interface used for Microsoft Dynamics NAV before 2017 allows an attacker to download arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Web Time And Expense
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2019-19620 LOW Monitor

In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user can bypass the generation of telemetry alerts by removing NT AUTHORITY\SYSTEM permissions from a file. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Red Cloak Windows Agent
NVD
CVSS 3.1
3.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy