Skip to main content
CVE-2019-17571 CRITICAL PATCH GHSA Act Now

Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 33.8%.

Deserialization RCE Log4J Debian Linux Ubuntu Linux +14
NVD VulDB
CVSS 3.1
9.8
EPSS
33.8%
CVE-2019-19747 CRITICAL POC Act Now

NeuVector 3.1 when configured to allow authentication via Active Directory, does not enforce non-empty passwords which allows an attacker with access to the Neuvector portal to authenticate as any. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Brute Force Information Disclosure Neuvector
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2019-15913 CRITICAL POC Act Now

An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Denial Of Service Dgnwg03Lm Firmware Zncz03Lm Firmware Mccgq01Lm Firmware +2
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2019-15911 CRITICAL POC Act Now

An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Hg100 Firmware Mw100 Firmware Ws 101 Firmware Ts 101 Firmware +3
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2019-19918 HIGH POC This Week

Lout 3.40 has a heap-based buffer overflow in the srcnext() function in z02.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Lout Backports Sle Fedora +1
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2019-19917 HIGH POC This Week

Lout 3.40 has a buffer overflow in the StringQuotedWord() function in z39.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Lout Backports Sle Leap Fedora
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2019-16785 HIGH POC PATCH This Week

Waitress through version 1.3.1 implemented a "MAY" part of the RFC7230 which states: "Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Request Smuggling Information Disclosure Waitress Communications Cloud Native Core Network Function Cloud Native Environment Debian Linux +2
NVD GitHub
CVSS 3.1
7.5
EPSS
2.7%
CVE-2019-15915 HIGH POC This Week

An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, RTCGQ01LM devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Dgnwg03Lm Firmware Zncz03Lm Firmware Mccgq01Lm Firmware Rtcgq01Lm Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2019-15914 HIGH POC This Week

An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Dgnwg03Lm Firmware Zncz03Lm Firmware Mccgq01Lm Firmware Wsdcgq01Lm Firmware +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-15912 HIGH POC This Week

An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Hg100 Firmware Mw100 Firmware Ws 101 Firmware Ts 101 Firmware +3
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-15910 HIGH POC This Week

An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Hg100 Firmware Mw100 Firmware Ws 101 Firmware Ts 101 Firmware +3
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-15584 MEDIUM POC This Month

A denial of service exists in gitlab <v12.3.2, <v12.2.6, and <v12.1.10 that would let an attacker bypass input validation in markdown fields take down the affected page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-19916 MEDIUM POC This Month

In Midori Browser 0.5.11 (on Windows 10), Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with the multipart/x-mixed-replace MIME type. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Microsoft Midori
NVD GitHub
CVSS 3.1
6.1
EPSS
1.6%
CVE-2019-19908 MEDIUM POC THREAT This Month

phpMyChat-Plus 1.98 is vulnerable to reflected XSS via JavaScript injection into the password reset URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Phpmychat Plus
NVD
CVSS 3.1
6.1
EPSS
21.2%
CVE-2019-19919 CRITICAL PATCH Act Now

Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Prototype Pollution RCE Handlebars Js Tenable Sc
NVD
CVSS 3.1
9.8
EPSS
7.1%
CVE-2019-17440 CRITICAL Act Now

Improper restriction of communications to Log Forwarding Card (LFC) on PA-7000 Series devices with second-generation Switch Management Card (SMC) may allow an attacker with network access to the LFC. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2019-19231 HIGH This Week

An insecure file access vulnerability exists in CA Client Automation 14.0, 14.1, 14.2, and 14.3 Agent for Windows that can allow a local attacker to gain escalated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Ca Client Automation
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2019-16786 HIGH PATCH This Week

Waitress through version 1.3.1 would parse the Transfer-Encoding header and only look for a single string value, if that value was not chunked it would fall through and use the Content-Length header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Information Disclosure Waitress Communications Cloud Native Core Network Function Cloud Native Environment Debian Linux +2
NVD GitHub
CVSS 3.1
7.5
EPSS
2.5%
CVE-2019-19693 HIGH This Week

The Trend Micro Security 2020 consumer family of products contains a vulnerability that could allow a local attacker to disclose sensitive information or to create a denial-of-service condition on. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Antivirus Security 2020 Internet Security 2020 Maximum Security 2020 +1
NVD
CVSS 3.1
7.1
EPSS
0.6%
CVE-2019-18263 MEDIUM This Month

An issue was found in Philips Veradius Unity, Pulsera, and Endura Dual WAN Router, Veradius Unity (718132) with wireless option (shipped between 2016-August 2018), Veradius Unity (718132) with. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Veradius Unity Firmware Pulsera Firmware Endura Firmware
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2019-19789 MEDIUM This Month

3S-Smart CODESYS SP Realtime NT before V2.3.7.28, CODESYS Runtime Toolkit 32 bit full before V2.4.7.54, and CODESYS PLCWinNT before V2.4.7.54 allow a NULL pointer dereference. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Plcwinnt Runtime Toolkit Sp Realtime Nt
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-4744 MEDIUM PATCH This Month

IBM Financial Transaction Manager 3.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Financial Transaction Manager For Multiplatform
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-4742 MEDIUM PATCH This Month

IBM Financial Transaction Manager 3.0 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS IBM Financial Transaction Manager For Multiplatform
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-19692 MEDIUM This Month

Trend Micro Apex One (2019) is affected by a cross-site scripting (XSS) vulnerability on the product console. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Trend Micro Apex One
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-4555 MEDIUM PATCH This Month

IBM Cognos Analytics 11.0 and 11.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Cognos Analytics
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2019-19691 MEDIUM This Month

A vulnerability in Trend Micro Apex One and OfficeScan XG could allow an attacker to expose a masked credential key by manipulating page elements using development tools. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One Officescan
NVD
CVSS 3.1
4.9
EPSS
1.2%
CVE-2019-4743 MEDIUM PATCH This Month

IBM Financial Transaction Manager 3.0 does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Financial Transaction Manager For Multiplatform
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2019-4736 MEDIUM PATCH This Month

IBM Financial Transaction Manager 3.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

IBM CSRF Financial Transaction Manager For Multiplatform
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2019-4231 MEDIUM PATCH This Month

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

IBM CSRF Cognos Analytics Oncommand Insight
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy