Skip to main content
CVE-2019-10758 CRITICAL POC KEV PATCH THREAT Act Now

mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Mongo Express
NVD
CVSS 3.1
9.9
EPSS
84.8%
CVE-2019-19952 CRITICAL POC Act Now

In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders/png.c, related to ReadOneMNGImage. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Imagemagick
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2019-19951 CRITICAL POC PATCH Act Now

In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Graphicsmagick Debian Linux Backports +1
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2019-19950 CRITICAL POC PATCH Act Now

In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Use After Free Information Disclosure Memory Corruption Graphicsmagick Debian Linux +2
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-19953 CRITICAL POC PATCH Act Now

In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Graphicsmagick Debian Linux Backports +1
NVD
CVSS 3.1
9.1
EPSS
2.8%
CVE-2019-19949 CRITICAL POC Act Now

In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Imagemagick Debian Linux Ubuntu Linux +1
NVD GitHub
CVSS 3.1
9.1
EPSS
2.9%
CVE-2019-19954 HIGH POC PATCH This Week

Signal Desktop before 1.29.1 on Windows allows local users to gain privileges by creating a Trojan horse %SYSTEMDRIVE%\node_modules\.bin\wmic.exe file. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Signal Desktop
NVD GitHub
CVSS 3.1
7.3
EPSS
0.5%
CVE-2019-19958 MEDIUM POC This Month

In libIEC61850 1.4.0, StringUtils_createStringFromBuffer in common/string_utilities.c has an integer signedness issue that could lead to an attempted excessive memory allocation and denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libiec61850
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-19957 MEDIUM POC This Month

In libIEC61850 1.4.0, getNumberOfElements in mms/iso_mms/server/mms_access_result.c has an out-of-bounds read vulnerability, related to bufPos and elementLength. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libiec61850
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-19948 CRITICAL PATCH Act Now

In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Imagemagick Ubuntu Linux Debian Linux +1
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2019-5702 HIGH This Week

NVIDIA GeForce Experience, all versions prior to 3.20.2, contains a vulnerability when GameStream is enabled in which an attacker with local system access can corrupt a system file, which may lead to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Denial Of Service Geforce Experience
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-19925 HIGH PATCH This Week

zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Sqlite Sinec Infrastructure Network Services Mysql Workbench Debian Linux +7
NVD GitHub
CVSS 3.1
7.5
EPSS
6.8%
CVE-2019-19956 HIGH PATCH This Week

xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Libxml2 Debian Linux Real User Experience Insight Fedora +8
NVD
CVSS 3.1
7.5
EPSS
5.5%
CVE-2019-19923 HIGH PATCH This Week

flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Sqlite Sinec Infrastructure Network Services Mysql Workbench +8
NVD GitHub
CVSS 3.1
7.5
EPSS
6.8%
CVE-2019-19695 HIGH This Week

A privilege escalation vulnerability in Trend Micro Antivirus for Mac 2019 (v9.0.1379 and below) could potentially allow an attacker to create a symbolic link to a target file and modify it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Antivirus
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2019-18249 MEDIUM PATCH This Month

Reliable Controls MACH-ProWebCom/Sys, all versions prior to 2.15 (Firmware versions prior to 8.26.4), may allow attacker to execute commands on behalf of the user when an authenticated user clicks on. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mach Prowebsys Firmware Mach Prowebcom Firmware
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-19924 MEDIUM PATCH This Month

SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Sqlite Sinec Infrastructure Network Services Bookkeeper Mysql Workbench +1
NVD GitHub
CVSS 3.1
5.3
EPSS
7.9%
CVE-2019-19947 MEDIUM PATCH This Month

In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Linux Information Disclosure Linux Kernel Debian Linux Ubuntu Linux +10
NVD GitHub
CVSS 3.1
4.6
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy