Skip to main content
CVE-2019-19781 CRITICAL POC KEV THREAT Emergency

Citrix Application Delivery Controller and Gateway contain a directory traversal vulnerability allowing unauthenticated remote code execution, known as 'Shitrix', that triggered a global exploitation crisis in January 2020.

NVD Exploit-DB
CVSS 3.1
9.8
EPSS
94.4%
Threat
9.8
CVE-2019-20049 CRITICAL POC THREAT Act Now

An issue was discovered on Alcatel-Lucent OmniVista 4760 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Path Traversal RCE Omnivista 4760
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
12.8%
CVE-2019-20014 HIGH POC PATCH This Week

An issue was discovered in GNU LibreDWG before 0.93. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libredwg Backports Sle Leap
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2019-20011 HIGH POC This Week

An issue was discovered in GNU LibreDWG 0.92. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libredwg Backports Sle Leap
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2019-20010 HIGH POC This Week

An issue was discovered in GNU LibreDWG 0.92. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Libredwg Backports Sle +1
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-16896 HIGH POC This Week

In K7 Ultimate Security 16.0.0117, the module K7BKCExt.dll (aka the backup module) improperly validates the administrative privileges of the user, allowing an arbitrary file write via a symbolic link. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure K7 Ultimate Security
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-20047 HIGH POC This Week

An issue was discovered on Alcatel-Lucent OmniVista 4760 devices, and 8770 devices before 4.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Omnivista 4760 Omnivista 8770
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
2.7%
CVE-2019-20048 HIGH POC PATCH This Week

An issue was discovered on Alcatel-Lucent OmniVista 8770 devices before 4.1.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP File Upload RCE Omnivista 8770
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
5.8%
CVE-2019-20024 MEDIUM POC This Month

A heap-based buffer overflow was discovered in image_buffer_resize in fromsixel.c in libsixel before 1.8.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Libsixel
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2019-20023 MEDIUM POC This Month

A memory leak was discovered in image_buffer_resize in fromsixel.c in libsixel 1.8.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libsixel
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2019-20022 MEDIUM POC This Month

An invalid memory address dereference was discovered in load_pnm in frompnm.c in libsixel before 1.8.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libsixel
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2019-20052 MEDIUM POC This Month

A memory leak was discovered in Mat_VarCalloc in mat.c in matio 1.5.17 because SafeMulDims does not consider the rank==0 case. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Matio
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-20020 MEDIUM POC This Month

A stack-based buffer over-read was discovered in ReadNextStructField in mat5.c in matio 1.5.17. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Matio
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-20019 MEDIUM POC This Month

An attempted excessive memory allocation was discovered in Mat_VarRead5 in mat5.c in matio 1.5.17. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Matio
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-20018 MEDIUM POC This Month

A stack-based buffer over-read was discovered in ReadNextCell in mat5.c in matio 1.5.17. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Matio
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-20017 MEDIUM POC This Month

A stack-based buffer over-read was discovered in Mat_VarReadNextInfo5 in mat5.c in matio 1.5.17. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Matio
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-20016 MEDIUM POC PATCH This Month

libmysofa before 2019-11-24 does not properly restrict recursive function calls, as demonstrated by reports of stack consumption in readOHDRHeaderMessageDatatype in dataobject.c and directblockRead. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Libmysofa
NVD GitHub
CVSS 3.1
6.5
EPSS
1.7%
CVE-2019-20015 MEDIUM POC This Month

An issue was discovered in GNU LibreDWG 0.92. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libredwg Backports Sle Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-20013 MEDIUM POC PATCH This Month

An issue was discovered in GNU LibreDWG before 0.93. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Libredwg Backports Sle Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-20012 MEDIUM POC This Month

An issue was discovered in GNU LibreDWG 0.92. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libredwg Backports Sle Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-20009 MEDIUM POC PATCH This Month

An issue was discovered in GNU LibreDWG before 0.93. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Libredwg Backports Sle Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-20041 CRITICAL PATCH Act Now

wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass PHP WordPress Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
4.7%
CVE-2019-20053 MEDIUM POC This Month

An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Upx Backports Leap
NVD GitHub
CVSS 3.1
5.5
EPSS
1.2%
CVE-2019-20051 MEDIUM POC This Month

A floating-point exception was discovered in PackLinuxElf::elf_hash in p_lx_elf.cpp in UPX 3.95. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Upx Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2019-20021 MEDIUM POC This Month

A heap-based buffer over-read was discovered in canUnpack in p_mach.cpp in UPX 3.95 via a crafted Mach-O file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Upx Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2019-20042 MEDIUM PATCH This Month

In wp-includes/formatting.php in WordPress 3.7 to 5.3.0, the function wp_targeted_link_rel() can be used in a particular way to result in a stored cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS WordPress PHP Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
2.8%
CVE-2019-20043 MEDIUM PATCH This Month

In in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in WordPress 3.7 to 5.3.0, authenticated users who do not have the rights to publish a post are able to mark posts as sticky or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation WordPress PHP Debian Linux
NVD GitHub
CVSS 3.1
4.3
EPSS
2.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy