Skip to main content
CVE-2019-17364 CRITICAL POC Act Now

The processCommandUploadLog() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Petalk Ai Firmware Pf 103 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2019-16737 CRITICAL POC Act Now

The processCommandSetMac() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Petalk Ai Firmware Pf 103 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2019-16736 CRITICAL POC Act Now

A stack-based buffer overflow in processCommandUploadSnapshot in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to cause denial of service or run. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow RCE Memory Corruption Petalk Ai Firmware +1
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2019-16735 CRITICAL POC Act Now

A stack-based buffer overflow in processCommandUploadLog in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to cause denial of service or run. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow RCE Memory Corruption Petalk Ai Firmware +1
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2019-16734 CRITICAL POC Act Now

Use of default credentials for the TELNET server in Petwant PF-103 firmware 4.3.2.50 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Petalk Ai Firmware Pf 103 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2019-16733 CRITICAL POC Act Now

processCommandSetUid() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Petalk Ai Firmware Pf 103 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2019-16730 CRITICAL POC Act Now

processCommandUpgrade() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Petalk Ai Firmware Pf 103 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.7%
CVE-2019-18802 CRITICAL POC PATCH Act Now

An issue was discovered in Envoy 1.12.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Envoy
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2019-18801 CRITICAL POC PATCH Act Now

An issue was discovered in Envoy 1.12.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Envoy
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2019-19782 CRITICAL POC Act Now

The FTP client in AceaXe Plus 1.0 allows a buffer overflow via a long EHLO response from an FTP server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Aceaxe Plus
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2019-19778 HIGH POC This Week

An issue was discovered in libsixel 1.8.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libsixel
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2019-19777 HIGH POC This Week

stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has a heap-based buffer over-read in stbi__load_main. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Stb Image H Libsixel
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2019-19774 HIGH POC THREAT This Week

An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zoho Manageengine Eventlog Analyzer
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
12.5%
CVE-2019-16732 HIGH POC This Week

Unencrypted HTTP communications for firmware upgrades in Petalk AI and PF-103 allow man-in-the-middle attackers to run arbitrary code as the root user. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Petalk Ai Firmware Pf 103 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2019-19796 HIGH POC This Week

Yabasic 2.86.2 has a heap-based buffer overflow in myformat in function.c via a crafted BASIC source file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Yabasic
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2019-19795 HIGH POC This Week

samurai 0.7 has a heap-based buffer overflow in canonpath in util.c via a crafted build file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Samurai
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2019-19787 HIGH POC This Week

ATasm 1.06 has a stack-based buffer overflow in the get_signed_expression() function in setparse.c via a crafted .m65 file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Atasm Fedora
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2019-19786 HIGH POC This Week

ATasm 1.06 has a stack-based buffer overflow in the parse_expr() function in setparse.c via a crafted .m65 file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Atasm Fedora
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2019-19785 HIGH POC This Week

ATasm 1.06 has a stack-based buffer overflow in the to_comma() function in asm.c via a crafted .m65 file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Atasm Fedora
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2019-16731 HIGH POC This Week

The udpServerSys service in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to initiate firmware upgrades and alter device settings. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Petalk Ai Firmware Pf 103 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-17123 HIGH POC This Week

The eGain Web Email API 11+ allows spoofed messages because the fromName and message fields (to /system/ws/v11/ss/email) are mishandled, as demonstrated by fromName header injection with a %0a or %0d. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Mail
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-18838 HIGH POC PATCH This Week

An issue was discovered in Envoy 1.12.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2019-17599 MEDIUM POC This Month

The quiz-master-next (aka Quiz And Survey Master) plugin before 6.3.5 for WordPress is affected by: Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Quiz And Survey Master
NVD GitHub
CVSS 3.1
6.1
EPSS
1.7%
CVE-2019-19794 MEDIUM POC PATCH This Month

The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Miekg Dns
NVD GitHub
CVSS 3.1
5.9
EPSS
2.1%
CVE-2019-19790 CRITICAL Act Now

Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote attacker to read and delete an image with extension .BMP, .EXIF, .GIF, .ICON, .JPEG, .PNG, .TIFF, or .WMF on the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Telerik Ui For Asp Net Ajax Radchart
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2019-19793 HIGH This Week

In Cyxtera AppGate SDP Client 4.1.x through 4.3.x before 4.3.2 on Windows, a local or remote user from the same domain can gain privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Appgate Sdp
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2019-5254 HIGH This Week

Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Buffer Overflow Information Disclosure Ap2000 Firmware Ips Firmware +15
NVD
CVSS 3.1
8.6
EPSS
0.7%
CVE-2019-16776 HIGH PATCH This Week

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Node.js Path Traversal npm Leap Graalvm +3
NVD GitHub
CVSS 3.1
8.1
EPSS
3.3%
CVE-2019-5250 HIGH This Week

Mate 20 Pro smartphones with versions earlier than 9.1.0.135(C00E133R3P1) have an improper authorization vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Mate 20 Pro Firmware
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2019-19501 HIGH PATCH This Week

VeraCrypt 1.24 allows Local Privilege Escalation during execution of VeraCryptExpander.exe. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Veracrypt
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-5277 HIGH This Week

Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Cloudusm Eua Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2019-19397 HIGH This Week

There is a weak algorithm vulnerability in some Huawei products. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure S12700 Firmware S1700 Firmware S2700 Firmware +4
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2019-13347 HIGH This Week

An issue was discovered in the SAML Single Sign On (SSO) plugin for several Atlassian products affecting versions 3.1.0 through 3.2.2 for Jira and Confluence, versions 2.4.0 through 3.0.3 for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Atlassian Information Disclosure Saml Single Sign On
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-5248 HIGH This Week

CloudEngine 12800 has a DoS vulnerability. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cloudengine 12800 Firmware
NVD
CVSS 3.1
7.4
EPSS
0.3%
CVE-2019-5278 MEDIUM This Month

There is an out-of-bounds read vulnerability in the Advanced Packages feature of the Gauss100 OLTP database in CampusInsight before V100R019C00SPC200. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Campusinsight
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2019-5260 MEDIUM This Month

Huawei smartphones HUAWEI Y9 2019 and Honor View 20 have a denial of service vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Denial Of Service Y9 2019 Firmware View 20 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2019-5290 MEDIUM This Month

Huawei S5700 and S6700 have a DoS security vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Huawei Information Disclosure S5700 Firmware S6700 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2019-16777 MEDIUM PATCH This Month

Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Node.js Path Traversal npm Leap Graalvm +3
NVD GitHub
CVSS 3.1
6.5
EPSS
2.0%
CVE-2019-16775 MEDIUM PATCH This Month

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Node.js Enterprise Linux Enterprise Linux Eus npm +3
NVD GitHub
CVSS 3.1
6.5
EPSS
3.3%
CVE-2019-14344 MEDIUM PATCH This Month

TemaTres 3.0 has reflected XSS via the replace_string or search_string parameter to the vocab/admin.php?doAdmin=bulkReplace URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Tematres
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-5253 MEDIUM This Month

E5572-855 with versions earlier than 8.0.1.3(H335SP1C233) has an improper authentication vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass E5572 855 Firmware
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2019-5291 MEDIUM This Month

Some Huawei products have an insufficient verification of data authenticity vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Huawei Information Disclosure Ar120 S Firmware Ar1200 Firmware Ar1200 S Firmware +15
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2019-5258 MEDIUM This Month

Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Huawei Buffer Overflow Ap2000 Firmware Ips Firmware Ngfw Firmware +14
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-5257 MEDIUM This Month

Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace) have a resource management vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Huawei Buffer Overflow Ap2000 Firmware Ips Firmware Ngfw Firmware +14
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-5256 MEDIUM This Month

Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Huawei Denial Of Service Ap2000 Firmware Ips Firmware +15
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-5255 MEDIUM This Month

Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Huawei Buffer Overflow Denial Of Service Information Disclosure Ap2000 Firmware +16
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-5251 MEDIUM This Month

There is a path traversal vulnerability in several Huawei smartphones. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Path Traversal Information Disclosure Honor V10 Firmware P30 Firmware +7
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2019-4426 MEDIUM This Month

The Case Builder component shipped with 18.0.0.1 through 19.0.0.2 and IBM Case Manager 5.1.1 through 5.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Business Automation Workflow Case Manager
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-19722 MEDIUM This Month

In Dovecot before 2.3.9.2, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because of a NULL Pointer Dereference. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Dovecot Fedora
NVD
CVSS 3.1
5.3
EPSS
2.5%
CVE-2019-5264 MEDIUM This Month

There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Mate 10 Firmware Mate 10 Pro Firmware Honor V10 Firmware +7
NVD
CVSS 3.1
4.6
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy