Skip to main content
CVE-2019-19778 HIGH POC This Week

An issue was discovered in libsixel 1.8.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libsixel
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2019-19777 HIGH POC This Week

stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has a heap-based buffer over-read in stbi__load_main. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Stb Image H Libsixel
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2019-19774 HIGH POC THREAT This Week

An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zoho Manageengine Eventlog Analyzer
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
12.5%
CVE-2019-16732 HIGH POC This Week

Unencrypted HTTP communications for firmware upgrades in Petalk AI and PF-103 allow man-in-the-middle attackers to run arbitrary code as the root user. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Petalk Ai Firmware Pf 103 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2019-19796 HIGH POC This Week

Yabasic 2.86.2 has a heap-based buffer overflow in myformat in function.c via a crafted BASIC source file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Yabasic
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2019-19795 HIGH POC This Week

samurai 0.7 has a heap-based buffer overflow in canonpath in util.c via a crafted build file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Samurai
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2019-19787 HIGH POC This Week

ATasm 1.06 has a stack-based buffer overflow in the get_signed_expression() function in setparse.c via a crafted .m65 file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Atasm Fedora
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2019-19786 HIGH POC This Week

ATasm 1.06 has a stack-based buffer overflow in the parse_expr() function in setparse.c via a crafted .m65 file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Atasm Fedora
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2019-19785 HIGH POC This Week

ATasm 1.06 has a stack-based buffer overflow in the to_comma() function in asm.c via a crafted .m65 file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Atasm Fedora
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2019-16731 HIGH POC This Week

The udpServerSys service in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to initiate firmware upgrades and alter device settings. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Petalk Ai Firmware Pf 103 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-17123 HIGH POC This Week

The eGain Web Email API 11+ allows spoofed messages because the fromName and message fields (to /system/ws/v11/ss/email) are mishandled, as demonstrated by fromName header injection with a %0a or %0d. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Mail
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-18838 HIGH POC PATCH This Week

An issue was discovered in Envoy 1.12.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2019-19793 HIGH This Week

In Cyxtera AppGate SDP Client 4.1.x through 4.3.x before 4.3.2 on Windows, a local or remote user from the same domain can gain privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Appgate Sdp
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2019-5254 HIGH This Week

Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Buffer Overflow Information Disclosure Ap2000 Firmware Ips Firmware +15
NVD
CVSS 3.1
8.6
EPSS
0.7%
CVE-2019-16776 HIGH PATCH This Week

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Node.js Path Traversal npm Leap Graalvm +3
NVD GitHub
CVSS 3.1
8.1
EPSS
3.3%
CVE-2019-5250 HIGH This Week

Mate 20 Pro smartphones with versions earlier than 9.1.0.135(C00E133R3P1) have an improper authorization vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Mate 20 Pro Firmware
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2019-19501 HIGH PATCH This Week

VeraCrypt 1.24 allows Local Privilege Escalation during execution of VeraCryptExpander.exe. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Veracrypt
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-5277 HIGH This Week

Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Cloudusm Eua Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2019-19397 HIGH This Week

There is a weak algorithm vulnerability in some Huawei products. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure S12700 Firmware S1700 Firmware S2700 Firmware +4
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2019-13347 HIGH This Week

An issue was discovered in the SAML Single Sign On (SSO) plugin for several Atlassian products affecting versions 3.1.0 through 3.2.2 for Jira and Confluence, versions 2.4.0 through 3.0.3 for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Atlassian Information Disclosure Saml Single Sign On
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-5248 HIGH This Week

CloudEngine 12800 has a DoS vulnerability. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cloudengine 12800 Firmware
NVD
CVSS 3.1
7.4
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy