Latest CVE Feed
-
9.8
CRITICALCVE-2019-8023
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. Success... Read more
- EPSS Score: %16.16
- Published: Aug. 20, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-7194
This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.... Read more
- Actively Exploited
- EPSS Score: %93.12
- Published: Dec. 05, 2019
- Modified: Feb. 13, 2025
-
9.8
CRITICALCVE-2019-25033
Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exp... Read more
- EPSS Score: %0.24
- Published: Apr. 27, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-19334
In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "identityref". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, w... Read more
- EPSS Score: %0.86
- Published: Dec. 06, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-19088
Gitlab Enterprise Edition (EE) 11.3 through 12.4.2 allows Directory Traversal.... Read more
Affected Products : gitlab- EPSS Score: %0.10
- Published: Jan. 03, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-18823
HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect Access Control. It is possible to use a different authentication method to submit a job than the administrator has specified. If the administrator has configured t... Read more
- EPSS Score: %2.82
- Published: Apr. 27, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-15941
OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect authorization request. To be vulnerable, there must exist an OIDC Relaying party within the LemonLDAP configuration ... Read more
- EPSS Score: %0.55
- Published: Sep. 25, 2019
- Modified: May. 28, 2025
-
9.8
CRITICALCVE-2019-14842
Structured reply is a feature of the newstyle NBD protocol allowing the server to send a reply in chunks. A bounds check which was supposed to test for chunk offsets smaller than the beginning of the request did not work because of signed/unsigned confusi... Read more
Affected Products : libnbd- EPSS Score: %0.38
- Published: Nov. 26, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-14379
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.... Read more
- EPSS Score: %1.46
- Published: Jul. 29, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-14305
Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for Wi-Fi, mDNS, POP3, SMTP, and notification alerts, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affe... Read more
Affected Products : sp_c250sf_firmware sp_c252sf_firmware sp_c250dn_firmware sp_c252dn_firmware sp_c250sf sp_c252sf sp_c250dn sp_c252dn- EPSS Score: %1.28
- Published: Aug. 26, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-14299
Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks. Some Ricoh printers did not implement account lockout. Therefore, it was possible to obtain the local account credentials by brute force.... Read more
Affected Products : sp_c250sf_firmware sp_c252sf_firmware sp_c250dn_firmware sp_c252dn_firmware sp_c250sf sp_c252sf sp_c250dn sp_c252dn- EPSS Score: %0.37
- Published: Mar. 13, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-14200
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: rpc_lookup_reply.... Read more
Affected Products : u-boot- EPSS Score: %0.46
- Published: Jul. 31, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICAL- EPSS Score: %0.48
- Published: Oct. 31, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-13224
A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a r... Read more
- EPSS Score: %0.52
- Published: Jul. 10, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-12261
Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion during connect() to a remote host.... Read more
- EPSS Score: %17.18
- Published: Aug. 09, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-11581
There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Dat... Read more
- Actively Exploited
- EPSS Score: %94.33
- Published: Aug. 09, 2019
- Modified: Apr. 02, 2025
-
9.8
CRITICALCVE-2019-10938
A vulnerability has been identified in SIPROTEC 5 devices with CPU variants CP200 (All versions < V7.59), SIPROTEC 5 devices with CPU variants CP300 and CP100 (All versions < V8.01), Siemens Power Meters Series 9410 (All versions < V2.2.1), Siemens Power ... Read more
- EPSS Score: %0.49
- Published: Aug. 02, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-10712
The Web-GUI on WAGO Series 750-88x (750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889) and Series 750-87x (750-830, 750-849, 750-871, 750-872, 750-873) devices has undocumented service access.... Read more
Affected Products : 750-352_firmware 750-831_firmware 750-852_firmware 750-880_firmware 750-881_firmware 750-889_firmware 750-829_firmware 750-882_firmware 750-885_firmware 750-849_firmware +22 more products- EPSS Score: %0.98
- Published: May. 07, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-0785
A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server, aka 'Windows DHCP Server Remote Code Execution Vulnerability'.... Read more
Affected Products : windows_10 windows_server_2012 windows_server_2016 windows_server_2019 windows_server- EPSS Score: %26.24
- Published: Jul. 15, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-0008
A certain sequence of valid BGP or IPv6 BFD packets may trigger a stack based buffer overflow in the Junos OS Packet Forwarding Engine manager (FXPC) process on QFX5000 series, EX4300, EX4600 devices. This issue can result in a crash of the fxpc daemon or... Read more
Affected Products : junos ex4300 ex4300m ex4600 ex4650 qfx5100 qfx5110 qfx5120 qfx5200-32c qfx5200-48y +1 more products- EPSS Score: %4.77
- Published: Apr. 10, 2019
- Modified: Nov. 21, 2024