Skip to main content
CVE-2019-17633 HIGH POC This Week

For Eclipse Che versions 6.16 to 7.3.0, with both authentication and TLS disabled, visiting a malicious web site could trigger the start of an arbitrary Che workspace. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Che
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2019-19906 HIGH POC PATCH This Week

cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Cyrus Sasl Debian Linux Ubuntu Linux Fedora +15
NVD GitHub
CVSS 3.1
7.5
EPSS
8.0%
CVE-2019-19141 HIGH This Week

The Camera Upload functionality in Plex Media Server through 1.18.2.2029 allows remote authenticated users to write files anywhere the user account running the Plex Media Server has permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ubuntu RCE Media Server
NVD
CVSS 3.1
8.8
EPSS
4.4%
CVE-2019-19909 HIGH PATCH This Week

An issue was discovered in Public Knowledge Project (PKP) pkp-lib before 3.1.2-2, as used in Open Journal Systems (OJS) before 3.1.2-2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Deserialization Open Journal System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-7486 HIGH This Week

Code injection in SonicWall SMA100 allows an authenticated user to execute arbitrary code in viewcacert CGI script. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Sonicwall Sma 100 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2019-7485 HIGH This Week

Buffer overflow in SonicWall SMA100 allows an authenticated user to execute arbitrary code in DEARegister CGI script. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Sonicwall Sma 100 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2019-19340 HIGH This Week

A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ansible Tower Enterprise Linux
NVD
CVSS 3.1
8.2
EPSS
1.5%
CVE-2019-11780 HIGH PATCH This Week

Improper access control in the computed fields system of the framework of Odoo Community 13.0 and Odoo Enterprise 13.0 allows remote authenticated attackers to access sensitive information via. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Privilege Escalation Odoo
NVD GitHub
CVSS 3.1
8.1
EPSS
2.1%
CVE-2019-8254 HIGH This Week

Adobe Photoshop CC versions before 20.0.8 and 21.0.x before 21.0.2 have a memory corruption vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Adobe Memory Corruption Photoshop Cc
NVD
CVSS 3.1
7.8
EPSS
3.5%
CVE-2019-8253 HIGH This Week

Adobe Photoshop CC versions before 20.0.8 and 21.0.x before 21.0.2 have a memory corruption vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Adobe Memory Corruption Photoshop Cc
NVD
CVSS 3.1
7.8
EPSS
3.5%
CVE-2019-18181 HIGH This Week

In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train allows users with read-only permissions to bypass permissions for restricted functionality via CVP API calls through the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cloudvision Portal
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-7487 HIGH This Week

Installation of the SonicOS SSLVPN NACagent 3.5 on the Windows operating system, an autorun value is created does not put the path in quotes, so if a malicious binary by an attacker within the parent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft RCE Sonicos Sonicos Sslvpn Nacagent
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-19234 HIGH This Week

In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the !. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sudo
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2019-19232 HIGH This Week

In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sudo
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2019-16465 HIGH This Week

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2019-16461 HIGH This Week

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2019-16458 HIGH This Week

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2019-16457 HIGH This Week

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2019-16456 HIGH This Week

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2019-16449 HIGH This Week

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2019-7483 HIGH KEV THREAT This Week

In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Sonicwall Sma 100 Firmware
NVD
CVSS 3.1
7.5
EPSS
4.0%
CVE-2019-19902 HIGH This Week

An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Backdrop Cms
NVD
CVSS 3.1
7.2
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy