Latest CVE Feed
-
9.8
CRITICALCVE-2019-9217
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. Its User Interface has a Misrepresentation of Critical Information.... Read more
Affected Products : gitlab- EPSS Score: %0.14
- Published: Apr. 17, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-9025
An issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyte string supplied as an argument to the mb_split() function in ext/mbstring/php_mbregex.c can cause PHP to execute memcpy() with a negative argument, which could read and write past buf... Read more
- EPSS Score: %0.56
- Published: Feb. 22, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-9023
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data.... Read more
- EPSS Score: %16.18
- Published: Feb. 22, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-7198
This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS... Read more
- EPSS Score: %3.07
- Published: Dec. 10, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-6808
A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a remote code execution by overwriting configuration settings of the controller over Modbus.... Read more
- EPSS Score: %3.84
- Published: May. 22, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-6339
In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (cor... Read more
- EPSS Score: %78.50
- Published: Jan. 22, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-5096
An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to a use-after-free cond... Read more
Affected Products : goahead- EPSS Score: %77.41
- Published: Dec. 03, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-5079
An exploitable heap buffer overflow vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets ca... Read more
- EPSS Score: %1.08
- Published: Dec. 18, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-25039
Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited... Read more
- EPSS Score: %0.73
- Published: Apr. 27, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-20787
Teeworlds before 0.7.4 has an integer overflow when computing a tilemap size.... Read more
- EPSS Score: %0.68
- Published: Apr. 22, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-18906
A Improper Authentication vulnerability in cryptctl of SUSE Linux Enterprise Server for SAP 12-SP5, SUSE Manager Server 4.0 allows attackers with access to the hashed password to use it without having to crack it. This issue affects: SUSE Linux Enterprise... Read more
- EPSS Score: %0.38
- Published: Jun. 30, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-18814
An issue was discovered in the Linux kernel through 5.3.9. There is a use-after-free when aa_label_parse() fails in aa_audit_rule_init() in security/apparmor/audit.c.... Read more
Affected Products : linux_kernel- EPSS Score: %0.50
- Published: Nov. 07, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-18609
An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that ... Read more
- EPSS Score: %2.71
- Published: Dec. 01, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-1785
A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due ... Read more
Affected Products : clamav- EPSS Score: %2.00
- Published: Apr. 08, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-17531
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (v... Read more
Affected Products : debian_linux enterprise_linux_server webcenter_sites weblogic_server oncommand_workflow_automation steelstore_cloud_integrated_storage communications_cloud_native_core_network_slice_selection_function goldengate_application_adapters jd_edwards_enterpriseone_tools communications_billing_and_revenue_management +13 more products- EPSS Score: %1.19
- Published: Oct. 12, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-16942
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) ja... Read more
- EPSS Score: %0.44
- Published: Oct. 01, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-15874
In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEASE-p4, 11.3-STABLE before r356036, and 11.3-RELEASE before 11.3-RELEASE-p8, incomplete packet data validation may result in memory access after it has been freed leading to a kernel pani... Read more
- EPSS Score: %0.61
- Published: Apr. 29, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-15605
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed... Read more
- EPSS Score: %32.25
- Published: Feb. 07, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-14893
A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling method... Read more
- EPSS Score: %0.70
- Published: Mar. 02, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-14892
A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute... Read more
- EPSS Score: %0.87
- Published: Mar. 02, 2020
- Modified: Nov. 21, 2024