Skip to main content
CVE-2019-3988 HIGH POC This Week

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Blink Xt2 Sync Module Firmware
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2019-3987 HIGH POC This Week

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Blink Xt2 Sync Module Firmware
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2019-3986 HIGH POC This Week

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Blink Xt2 Sync Module Firmware
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-3985 HIGH POC This Week

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Blink Xt2 Sync Module Firmware
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2019-19720 HIGH POC This Week

Yabasic 2.86.1 has a heap-based buffer overflow in the yylex() function in flex.c via a crafted BASIC source file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Yabasic
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-19604 HIGH POC This Week

Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Git Debian Linux Fedora Leap
NVD
CVSS 3.1
7.8
EPSS
3.7%
CVE-2019-19729 HIGH POC This Week

An issue was discovered in the BSON ObjectID (aka bson-objectid) package 1.3.0 for Node.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Node.js Bson Objectid
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-19373 HIGH POC This Week

An issue was discovered in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can trigger arbitrary unserialization of a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Deserialization Matrix
NVD
CVSS 3.1
7.5
EPSS
4.8%
CVE-2019-0398 HIGH This Week

Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions 4.1, 4.2 and 4.3, may lead to an authenticated user to send. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP CSRF Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2019-19650 HIGH This Week

Zoho ManageEngine Applications Manager before 13640 allows a remote authenticated SQL injection via the Agent servlet agentid parameter to the Agent.java process function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Java Zoho Manageengine Applications Manager
NVD
CVSS 3.1
8.8
EPSS
5.7%
CVE-2019-19578 HIGH PATCH This Week

An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear pagetables, because of an incorrect fix for CVE-2017-15595. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Xen Fedora
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2019-4715 HIGH This Week

IBM Spectrum Scale 4.2 and 5.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Command Injection Spectrum Scale
NVD
CVSS 3.1
8.8
EPSS
4.0%
CVE-2019-18245 HIGH This Week

Reliable Controls LicenseManager versions 3.4 and prior may allow an authenticated user to insert malicious code into the system root path, which may allow execution of code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Rc Licensemanager
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-18232 HIGH This Week

SafeNet Sentinel LDK License Manager, all versions prior to 7.101(only Microsoft Windows versions are affected) is vulnerable when configured as a service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Sentinel Ldk License Manager
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-3667 HIGH This Week

DLL Search Order Hijacking vulnerability in the Microsoft Windows client in McAfee Tech Check 3.0.0.17 and earlier allows local users to execute arbitrary code via the local folder placed there by an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Techcheck
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-17087 HIGH This Week

Unauthorized file download vulnerability in all supported versions of Micro Focus AcuToWeb. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Acutoweb
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-0405 HIGH This Week

SAP Enable Now, before version 1911, leaks information about the existence of a particular user which can be used to construct a list of users, leading to a user enumeration vulnerability and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Enable Now
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-0404 HIGH This Week

SAP Enable Now, before version 1911, leaks information about network configuration in the server error messages, leading to Information Disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Enable Now
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-19583 HIGH PATCH This Week

An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Intel Amd Xen Fedora +2
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2019-19707 HIGH This Week

On Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices (with firmware through 6.0), denial of service can occur via PROFINET DCE-RPC endpoint discovery packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Eds G508E Firmware Eds G512E Firmware Eds G516E Firmware
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2019-5815 HIGH PATCH This Week

Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Libxslt Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2019-14899 HIGH This Week

A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Google Apple Freebsd Linux Kernel +6
NVD
CVSS 3.1
7.4
EPSS
0.8%
CVE-2019-18379 HIGH This Week

Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type of issue that can let an attacker send crafted requests from the. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Messaging Gateway
NVD
CVSS 3.1
7.3
EPSS
1.1%
CVE-2019-19577 HIGH PATCH This Week

An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Privilege Escalation Denial Of Service Intel Amd Xen +1
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2019-18377 HIGH This Week

Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Messaging Gateway
NVD
CVSS 3.1
7.2
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy