Skip to main content
CVE-2019-19931 HIGH POC This Week

In libIEC61850 1.4.0, MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c has a heap-based buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Libiec61850
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2019-3467 HIGH POC This Week

Debian-edu-config all versions < 2.11.10, a set of configuration files used for Debian Edu, and debian-lan-config < 0.26, configured too permissive ACLs for the Kerberos admin server, which allowed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Debian Debian Lan Config Debian Edu Config Debian Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-11044 HIGH POC This Week

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Microsoft Information Disclosure Securitycenter Fedora
NVD
CVSS 3.1
7.5
EPSS
5.1%
CVE-2019-18211 HIGH PATCH This Week

An issue was discovered in Orckestra C1 CMS through 6.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization C1 Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
2.9%
CVE-2019-5276 HIGH This Week

Huawei smart phones with earlier versions than ELLE-AL00B 9.1.0.222(C00E220R2P1) have a buffer overflow vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Buffer Overflow Elle Al00B Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2019-5539 HIGH PATCH This Week

VMware Workstation (15.x prior to 15.5.1) and Horizon View Agent (7.10.x prior to 7.10.1 and 7.5.x prior to 7.5.4) contain a DLL hijacking vulnerability due to insecure loading of a DLL by Cortado. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Microsoft VMware Horizon View Agent Workstation
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-18236 HIGH This Week

Multiple buffer overflow vulnerabilities exist when the PLC Editor Version 1.3.5_20190129 processes project files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Plc Editor
NVD
CVSS 3.1
7.8
EPSS
2.8%
CVE-2019-6685 HIGH This Week

On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, users with access to edit iRules are able to create iRules which can lead to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +9
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-18389 HIGH PATCH This Week

A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service, or QEMU. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Denial Of Service Buffer Overflow RCE Memory Corruption Virglrenderer +3
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-19929 HIGH This Week

An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner before 8.0.1 could cause arbitrary code execution with SYSTEM privileges when a malicious DLL library is loaded by the product. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Adwcleaner
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2019-8463 HIGH PATCH This Week

A denial of service vulnerability was reported in Check Point Endpoint Security Client for Windows before E82.10, that could allow service log file to be written to non-standard locations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft Checkpoint Endpoint Security Clients
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2019-6684 HIGH This Week

On versions 15.0.0-15.0.1.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, under certain conditions, a multi-bladed BIG-IP Virtual Clustered Multiprocessing (vCMP) may drop. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-6683 HIGH This Week

On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IP virtual servers with Loose Initiation enabled on a FastL4 profile may be. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +9
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-6681 HIGH This Week

On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, a memory leak in Multicast Forwarding Cache (MFC) handling in tmrouted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Local Traffic Manager
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-6680 HIGH This Week

On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5, while processing traffic through a standard virtual server that targets a FastL4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-5266 HIGH This Week

Huawei Share function in P30 9.1.0.193(C00E190R2P1) smartphone has an insufficient input validation vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure P30 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2019-5265 HIGH This Week

Huawei Share function in P30 9.1.0.193(C00E190R2P1) smartphone has an improper access control vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure P30 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2019-6682 HIGH This Week

On versions 15.0.0-15.0.1.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP ASM system may consume excessive resources when processing certain types of HTTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Application Security Manager
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-6677 HIGH This Week

On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, under certain conditions when using custom TCP congestion control settings in a TCP profile, TMM. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-6676 HIGH This Week

On versions 15.0.0-15.0.1, 14.0.0-14.1.2.2, and 13.1.0-13.1.3.1, TMM may restart on BIG-IP Virtual Edition (VE) when using virtio direct descriptors and packets 2 KB or larger. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +9
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-17563 HIGH PATCH This Week

When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Session Fixation Tomcat Information Disclosure Apache Debian Linux +9
NVD
CVSS 3.1
7.5
EPSS
10.7%
CVE-2019-19926 HIGH PATCH This Week

multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Sqlite Sinec Infrastructure Network Services Mysql Workbench +8
NVD GitHub
CVSS 3.1
7.5
EPSS
7.0%
CVE-2019-6687 HIGH This Week

On versions 15.0.0-15.0.1.1, the BIG-IP ASM Cloud Security Services profile uses a built-in verification mechanism that fails to properly authenticate the X.509 certificate of remote endpoints. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Big Ip Application Security Manager
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2019-18390 HIGH PATCH This Week

An out-of-bounds read in the vrend_blit_need_swizzle function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_BLIT commands. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Denial Of Service Buffer Overflow Information Disclosure Virglrenderer Leap +2
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2019-12418 HIGH PATCH This Week

When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration. Rated high severity (CVSS 7.0).

Tomcat Information Disclosure Apache Debian Linux Workload Manager +3
NVD
CVSS 3.1
7.0
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy