Skip to main content

CWE-254

7PK - Security Features

330 CVEs Avg CVSS 6.2 MITRE
27
CRITICAL
96
HIGH
185
MEDIUM
22
LOW
29
POC
0
KEV

Monthly

CVE-2019-10059 MEDIUM This Month

The legacy finger service (TCP port 79) is enabled by default on various older Lexmark devices. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cs31X Firmware Cs41X Firmware Cx310 Firmware Ms310 Firmware +67
NVD
CVSS 3.0
5.3
EPSS
0.9%
CVE-2019-15149 PyPI CRITICAL PATCH Act Now

core.py in Mitogen before 0.2.8 has a typo that drops the unidirectional-routing protection mechanism in the case of a child that is initiated by another child. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Mitogen
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-5495 HIGH This Week

OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft VMware Information Disclosure Oncommand Unified Manager
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-11636 HIGH This Week

Zcash 2.x allows an inexpensive approach to "fill all transactions of all blocks" and "prevent any real transaction from occurring" via a "Sapling Wood-Chipper" attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zcash
NVD GitHub
CVSS 3.0
7.5
EPSS
2.2%
CVE-2019-10741 MEDIUM This Month

K-9 Mail v5.600 can include the original quoted HTML code of a specially crafted, benign looking, email within (digitally signed) reply messages. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE K 9 Mail
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%
CVE-2018-6336 HIGH POC This Week

An issue was discovered in osquery. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Osquery
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2018-0353 HIGH This Week

A vulnerability in traffic-monitoring functions in Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to circumvent Layer 4 Traffic Monitor (L4TM) functionality and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Web Security Appliance
NVD
CVSS 3.0
7.5
EPSS
3.9%
CVE-2018-4863 MEDIUM POC This Month

Sophos Endpoint Protection 10.7 allows local users to bypass an intended tamper protection mechanism by deleting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Sophos Authentication Bypass Endpoint Protection
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
1.2%
CVE-2018-0110 HIGH This Week

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to access the remote support account even after it has been disabled via the web application. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Webex Meetings Server
NVD
CVSS 3.0
8.1
EPSS
1.4%
CVE-2017-1000406 Maven HIGH This Week

OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared (e.g. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Karaf
NVD
CVSS 3.0
7.5
EPSS
0.2%
EPSS 1% CVSS 5.3
MEDIUM This Month

The legacy finger service (TCP port 79) is enabled by default on various older Lexmark devices. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cs31X Firmware Cs41X Firmware +69
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

core.py in Mitogen before 0.2.8 has a typo that drops the unidirectional-routing protection mechanism in the case of a child that is initiated by another child. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Mitogen
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft VMware Information Disclosure +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Zcash 2.x allows an inexpensive approach to "fill all transactions of all blocks" and "prevent any real transaction from occurring" via a "Sapling Wood-Chipper" attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zcash
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM This Month

K-9 Mail v5.600 can include the original quoted HTML code of a specially crafted, benign looking, email within (digitally signed) reply messages. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE K 9 Mail
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Week

An issue was discovered in osquery. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Osquery
NVD
EPSS 4% CVSS 7.5
HIGH This Week

A vulnerability in traffic-monitoring functions in Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to circumvent Layer 4 Traffic Monitor (L4TM) functionality and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Web Security Appliance
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

Sophos Endpoint Protection 10.7 allows local users to bypass an intended tamper protection mechanism by deleting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Sophos Authentication Bypass Endpoint Protection
NVD Exploit-DB
EPSS 1% CVSS 8.1
HIGH This Week

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to access the remote support account even after it has been disabled via the web application. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Webex Meetings Server
NVD
EPSS 0% CVSS 7.5
HIGH This Week

OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared (e.g. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Karaf
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy