Skip to main content
CVE-2019-20197 HIGH POC THREAT This Week

In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary OS commands via shell metacharacters in the id parameter to schedulereport.php, in the context of the web-server user account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Nagios Xi
NVD
CVSS 3.1
8.8
EPSS
22.4%
CVE-2019-20172 HIGH POC PATCH This Week

Kernel/VM/MemoryManager.cpp in SerenityOS before 2019-12-30 does not reject syscalls with pointers into the kernel-only virtual address space, which allows local users to gain privileges by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Serenityos
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-9668 HIGH POC This Week

An issue was discovered in rovinbhandari FTP through 2012-03-28. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Rovinbhandari Ftp
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-7751 HIGH POC THREAT This Week

A directory traversal and local file inclusion vulnerability in FPProducerInternetServer.exe in Ricoh MarcomCentral, formerly PTI Marketing, FusionPro VDP before 10.0 allows a remote attacker to list. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Path Traversal RCE Fusionpro Vdp
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
14.2%
CVE-2019-20176 HIGH POC PATCH This Week

In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Pure Ftpd Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
4.4%
CVE-2019-20175 HIGH POC PATCH This Week

An issue was discovered in ide_dma_cb() in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Qemu
NVD
CVSS 3.1
7.5
EPSS
3.4%
CVE-2019-18568 HIGH This Week

Avira Free Antivirus 15.0.1907.1514 is prone to a local privilege escalation through the execution of kernel code from a restricted user. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Free Antivirus
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2019-9197 HIGH PATCH This Week

The com.unity3d.kharma protocol handler in Unity Editor 2018.3 allows remote attackers to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE Command Injection Unity Editor
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2019-10229 HIGH This Week

An issue was discovered in MailStore Server (and Service Provider Edition) 9.x through 11.x before 11.2.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mailstore Mailstore Server
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2019-7479 HIGH This Week

A vulnerability in SonicOS allow authenticated read-only admin can elevate permissions to configuration mode. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft VMware Sonicos Sonicosv
NVD
CVSS 3.1
7.2
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy