Skip to main content
CVE-2019-19847 HIGH POC This Week

Libspiro through 20190731 has a stack-based buffer overflow in the spiro_to_bpath0() function in spiro.c. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Libspiro
NVD GitHub
CVSS 3.1
8.1
EPSS
1.4%
CVE-2019-18832 HIGH POC This Week

Barco ClickShare Button R9861500D01 devices before 1.9.0 have incorrect Credentials Management. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Clickshare Button R9861500D01 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2019-18670 HIGH POC PATCH This Week

In the Quick Access Service (QAAdminAgent.exe) in Acer Quick Access V2.01.3000 through 2.01.3027 and V3.00.3000 through V3.00.3008, a REGULAR user can load an arbitrary unsigned DLL into the signed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Quick Access
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2019-18829 HIGH POC This Week

Barco ClickShare Button R9861500D01 devices before 1.10.0.13 have Missing Support for Integrity Check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Clickshare Button R9861500D01 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-19816 HIGH POC This Week

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Linux Memory Corruption Linux Kernel Ubuntu Linux +11
NVD GitHub
CVSS 3.1
7.8
EPSS
3.3%
CVE-2019-19814 HIGH POC This Week

In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Linux Memory Corruption Linux Kernel
NVD GitHub
CVSS 3.1
7.8
EPSS
3.3%
CVE-2019-7481 HIGH POC KEV THREAT This Week

Vulnerability in SonicWall SMA100 allow unauthenticated user to gain read-only access to unauthorized resources. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Sonicwall Sma 100 Firmware
NVD
CVSS 3.1
7.5
EPSS
99.9%
CVE-2019-3995 HIGH POC THREAT This Week

ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a NULL pointer dereference. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Elog Fedora
NVD
CVSS 3.1
7.5
EPSS
28.5%
CVE-2019-3994 HIGH POC This Week

ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a use after free. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free Memory Corruption Elog Fedora
NVD
CVSS 3.1
7.5
EPSS
2.9%
CVE-2019-3993 HIGH POC THREAT This Week

ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Elog Fedora
NVD
CVSS 3.1
7.5
EPSS
45.7%
CVE-2019-3992 HIGH POC This Week

ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Elog Fedora
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-19264 HIGH POC This Week

In Simplifile RecordFusion through 2019-11-25, the logs and hist parameters allow remote attackers to access local files via a logger/logs?/../ or logger/hist?/../ URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Recordfusion
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-18825 HIGH POC This Week

Barco ClickShare Huddle CS-100 devices before 1.9.0 and CSE-200 devices before 1.9.0 have incorrect Credentials Management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Clickshare Cs 100 Huddle Firmware Clickshare Cse 200 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2019-19315 HIGH POC This Week

NLSSRV32.EXE in Nalpeiron Licensing Service 7.3.4.0, as used with Nitro PDF and other products, allows Elevation of Privilege via the \\.\mailslot\nlsX86ccMailslot mailslot. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Licensing Service
NVD GitHub
CVSS 3.1
7.1
EPSS
0.6%
CVE-2019-11657 HIGH This Week

Cross-Site Request Forgery vulnerability in all Micro Focus ArcSight Logger affecting all product versions below version 7.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Arcsight Logger
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2019-0384 HIGH This Week

Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Enterprise Extension Financial Services Treasury And Risk Management S4Core
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2019-0383 HIGH This Week

Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Enterprise Extension Financial Services Treasury And Risk Management S4Core
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2019-19849 HIGH PATCH This Week

An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Typo3
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2019-19745 HIGH PATCH This Week

Contao 4.0 through 4.8.5 allows PHP local file inclusion. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Contao
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2019-16575 HIGH This Week

A cross-site request forgery vulnerability in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Kubernetes CSRF Alauda Kubernetes Support
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2019-16573 HIGH This Week

A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Alauda Devops Pipeline
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2019-16570 HIGH This Week

A cross-site request forgery vulnerability in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers to connect to an attacker-specified web server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Rapiddeploy
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2019-16565 HIGH This Week

A cross-site request forgery vulnerability in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Team Concert
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2019-16560 HIGH This Week

A cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers to perform connection tests and determine whether files with an attacker-specified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Jenkins CSRF Websphere Deployer
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2019-16553 HIGH PATCH This Week

A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers to have Jenkins evaluate a computationally expensive regular expression. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Build Failure Analyzer
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2019-16551 HIGH PATCH This Week

A cross-site request forgery vulnerability in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers to connect to an attacker-specified HTTP URL or SSH server using attacker-specified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Gerrit Trigger
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2019-16550 HIGH PATCH This Week

A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Maven
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2019-16558 HIGH PATCH This Week

Jenkins Spira Importer Plugin 3.2.3 and earlier disables SSL/TLS certificate validation for the Jenkins master JVM. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Spira Importer
NVD
CVSS 3.1
8.2
EPSS
0.6%
CVE-2019-16549 HIGH PATCH This Week

Jenkins Maven Release Plugin 0.16.1 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks, allowing man-in-the-middle attackers to have Jenkins parse crafted XML. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XXE Jenkins Maven
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2019-17334 HIGH This Week

The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Spotfire Analyst Spotfire Analytics Platform For Aws Spotfire Deployment Kit Spotfire Desktop +1
NVD
CVSS 3.1
8.0
EPSS
1.0%
CVE-2019-19241 HIGH POC PATCH This Week

In the Linux kernel before 5.4.2, the io_uring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Linux Linux Kernel
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.1%
CVE-2019-19675 HIGH This Week

In Ivanti Workspace Control before 10.3.180.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Workspace Control
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-19850 HIGH PATCH This Week

An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Typo3
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2019-19848 HIGH PATCH This Week

An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Typo3
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2019-16561 HIGH This Week

Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows users with Overall/Read access to disable SSL/TLS certificate and hostname validation for the entire Jenkins master JVM. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Jenkins Information Disclosure Websphere Deployer
NVD
CVSS 3.1
7.1
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy