Skip to main content
CVE-2019-10758 CRITICAL POC KEV PATCH THREAT Act Now

mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Mongo Express
NVD
CVSS 3.1
9.9
EPSS
84.8%
CVE-2019-19952 CRITICAL POC Act Now

In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders/png.c, related to ReadOneMNGImage. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Imagemagick
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2019-19951 CRITICAL POC PATCH Act Now

In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Graphicsmagick Debian Linux Backports +1
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2019-19950 CRITICAL POC PATCH Act Now

In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Use After Free Information Disclosure Memory Corruption Graphicsmagick Debian Linux +2
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-19953 CRITICAL POC PATCH Act Now

In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Graphicsmagick Debian Linux Backports +1
NVD
CVSS 3.1
9.1
EPSS
2.8%
CVE-2019-19949 CRITICAL POC Act Now

In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Imagemagick Debian Linux Ubuntu Linux +1
NVD GitHub
CVSS 3.1
9.1
EPSS
2.9%
CVE-2019-19948 CRITICAL PATCH Act Now

In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Imagemagick Ubuntu Linux Debian Linux +1
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy