Skip to main content
CVE-2019-19726 HIGH POC PATCH Act Now

OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Openbsd
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
3.5%
CVE-2019-3951 CRITICAL POC Act Now

Advantech WebAccess before 8.4.3 allows unauthenticated remote attackers to execute arbitrary code or cause a denial of service (memory corruption) due to a stack-based buffer overflow when handling. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Stack Overflow RCE Webaccess
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2019-16246 CRITICAL POC Act Now

Intesync Solismed 3.3sp1 allows Local File Inclusion (LFI), a different vulnerability than CVE-2019-15931. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal RCE Solismed
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2019-15936 CRITICAL POC Act Now

Intesync Solismed 3.3sp allows Insecure File Upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Solismed
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2019-15933 CRITICAL POC Act Now

Intesync Solismed 3.3sp has SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Solismed
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2019-15932 CRITICAL POC Act Now

Intesync Solismed 3.3sp has Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Solismed
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2019-15931 CRITICAL POC Act Now

Intesync Solismed 3.3sp allows Directory Traversal, a different vulnerability than CVE-2019-16246. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Solismed
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-19740 CRITICAL POC Act Now

Octeth Oempro 4.7 and 4.8 allow SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Oempro
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
5.8%
CVE-2019-18345 CRITICAL POC Act Now

A reflected XSS issue was discovered in DAViCal through 1.1.8. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Davical Debian Linux
NVD
CVSS 3.1
9.3
EPSS
2.2%
CVE-2019-15934 HIGH POC This Week

Intesync Solismed 3.3sp has CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Solismed
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2019-19770 HIGH POC This Week

In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
8.2
EPSS
2.4%
CVE-2019-17358 HIGH POC This Week

Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Buffer Overflow Deserialization Cacti Debian Linux +1
NVD GitHub
CVSS 3.1
8.1
EPSS
3.0%
CVE-2019-18307 HIGH POC This Week

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2019-18305 HIGH POC This Week

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Information Disclosure Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2019-18304 HIGH POC This Week

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Information Disclosure Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2019-18292 HIGH POC This Week

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2019-15935 MEDIUM POC This Month

Intesync Solismed 3.3sp has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Solismed
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2019-19748 MEDIUM POC This Month

The Work Time Calendar app before 4.7.1 for Jira allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Atlassian Work Time Calendar
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-18342 CRITICAL Act Now

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control Center Server
NVD
CVSS 3.1
9.9
EPSS
2.1%
CVE-2019-17428 MEDIUM POC This Month

An issue was discovered in Intesync Solismed 3.3sp1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Solismed
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2019-16774 CRITICAL PATCH Act Now

In phpfastcache before 5.1.3, there is a possible object injection vulnerability in cookie driver. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Phpfastcache
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2019-18339 CRITICAL Act Now

A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sinvr 3 Central Control Server Sinvr 3 Video Server
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-18337 CRITICAL Act Now

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sinvr 3 Central Control Server Sinvr 3 Video Server
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2019-18330 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-18329 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-18328 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-18327 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-18326 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-18325 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-18324 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-18323 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-18316 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Sppa T3000 Application Server
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-18315 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Sppa T3000 Application Server
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2019-18314 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Sppa T3000 Application Server
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2019-18313 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2019-18296 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
9.8
EPSS
4.9%
CVE-2019-18295 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
9.8
EPSS
4.9%
CVE-2019-18293 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
9.8
EPSS
4.9%
CVE-2019-18289 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
9.8
EPSS
4.9%
CVE-2019-18284 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sppa T3000 Application Server
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2019-18283 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Sppa T3000 Application Server
NVD
CVSS 3.1
9.8
EPSS
5.4%
CVE-2019-19750 CRITICAL PATCH Act Now

minerstat msOS before 2019-10-23 does not have a unique SSH key for each instance of the product. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Msos
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2019-2320 CRITICAL Act Now

Possible out of bounds write in a MT SMS/SS scenario due to improper validation of array index in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +51
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-10559 CRITICAL Act Now

Accessing data buffer beyond the available data while parsing ogg clip can lead to null-pointer dereference and then memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure Apq8009 Firmware Apq8017 Firmware +35
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-10511 CRITICAL Act Now

Possibility of memory overflow while decoding GSNDCP compressed mode PDU in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +52
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-10493 CRITICAL Act Now

Position determination accuracy may be degraded due to wrongly decoded information in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8053 Firmware Mdm9206 Firmware Mdm9207C Firmware +45
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-5093 CRITICAL Act Now

An exploitable code execution vulnerability exists in the DICOM network response functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Leadtools
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2019-5085 CRITICAL Act Now

An exploitable code execution vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Leadtools
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2019-10694 CRITICAL Act Now

The express install, which is the suggested way to install Puppet Enterprise, gives the user a URL at the end of the install to set the admin password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Puppet Enterprise
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2019-19767 MEDIUM POC PATCH This Month

The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD GitHub
CVSS 3.1
5.5
EPSS
2.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy