Latest CVE Feed
-
9.8
CRITICALCVE-2019-19088
Gitlab Enterprise Edition (EE) 11.3 through 12.4.2 allows Directory Traversal.... Read more
Affected Products : gitlab- EPSS Score: %0.10
- Published: Jan. 03, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-18823
HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect Access Control. It is possible to use a different authentication method to submit a job than the administrator has specified. If the administrator has configured t... Read more
- EPSS Score: %2.82
- Published: Apr. 27, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-15941
OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect authorization request. To be vulnerable, there must exist an OIDC Relaying party within the LemonLDAP configuration ... Read more
- EPSS Score: %0.55
- Published: Sep. 25, 2019
- Modified: May. 28, 2025
-
9.8
CRITICALCVE-2019-14842
Structured reply is a feature of the newstyle NBD protocol allowing the server to send a reply in chunks. A bounds check which was supposed to test for chunk offsets smaller than the beginning of the request did not work because of signed/unsigned confusi... Read more
Affected Products : libnbd- EPSS Score: %0.38
- Published: Nov. 26, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-14379
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.... Read more
- EPSS Score: %1.46
- Published: Jul. 29, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-14305
Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for Wi-Fi, mDNS, POP3, SMTP, and notification alerts, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affe... Read more
Affected Products : sp_c250sf_firmware sp_c252sf_firmware sp_c250dn_firmware sp_c252dn_firmware sp_c250sf sp_c252sf sp_c250dn sp_c252dn- EPSS Score: %1.28
- Published: Aug. 26, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-14299
Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks. Some Ricoh printers did not implement account lockout. Therefore, it was possible to obtain the local account credentials by brute force.... Read more
Affected Products : sp_c250sf_firmware sp_c252sf_firmware sp_c250dn_firmware sp_c252dn_firmware sp_c250sf sp_c252sf sp_c250dn sp_c252dn- EPSS Score: %0.37
- Published: Mar. 13, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-14200
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: rpc_lookup_reply.... Read more
Affected Products : u-boot- EPSS Score: %0.46
- Published: Jul. 31, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICAL- EPSS Score: %0.48
- Published: Oct. 31, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-13224
A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a r... Read more
- EPSS Score: %0.52
- Published: Jul. 10, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-12261
Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion during connect() to a remote host.... Read more
- EPSS Score: %17.18
- Published: Aug. 09, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-11581
There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Dat... Read more
- Actively Exploited
- EPSS Score: %94.33
- Published: Aug. 09, 2019
- Modified: Apr. 02, 2025
-
9.8
CRITICALCVE-2019-10938
A vulnerability has been identified in SIPROTEC 5 devices with CPU variants CP200 (All versions < V7.59), SIPROTEC 5 devices with CPU variants CP300 and CP100 (All versions < V8.01), Siemens Power Meters Series 9410 (All versions < V2.2.1), Siemens Power ... Read more
- EPSS Score: %0.49
- Published: Aug. 02, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-10712
The Web-GUI on WAGO Series 750-88x (750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889) and Series 750-87x (750-830, 750-849, 750-871, 750-872, 750-873) devices has undocumented service access.... Read more
Affected Products : 750-352_firmware 750-831_firmware 750-852_firmware 750-880_firmware 750-881_firmware 750-889_firmware 750-829_firmware 750-882_firmware 750-885_firmware 750-849_firmware +22 more products- EPSS Score: %0.98
- Published: May. 07, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-0785
A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server, aka 'Windows DHCP Server Remote Code Execution Vulnerability'.... Read more
Affected Products : windows_10 windows_server_2012 windows_server_2016 windows_server_2019 windows_server- EPSS Score: %26.24
- Published: Jul. 15, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-0008
A certain sequence of valid BGP or IPv6 BFD packets may trigger a stack based buffer overflow in the Junos OS Packet Forwarding Engine manager (FXPC) process on QFX5000 series, EX4300, EX4600 devices. This issue can result in a crash of the fxpc daemon or... Read more
Affected Products : junos ex4300 ex4300m ex4600 ex4650 qfx5100 qfx5110 qfx5120 qfx5200-32c qfx5200-48y +1 more products- EPSS Score: %4.77
- Published: Apr. 10, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-7847
A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service or potential code execution by overwriting configuration settings of the co... Read more
- EPSS Score: %1.22
- Published: May. 22, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-7846
A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause unauthorized access by conducting a brute force attack on Mod... Read more
- EPSS Score: %38.19
- Published: May. 22, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-7811
An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the change password function of the web server... Read more
- EPSS Score: %1.62
- Published: Nov. 30, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-7790
An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to replay authentication sequences. If an attacker exp... Read more
- EPSS Score: %0.49
- Published: Aug. 29, 2018
- Modified: Nov. 21, 2024