Security Vulnerabilities - Known exploited
CVE-2019-16759
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
Known exploited
CVSS Score
9.8
EPSS Score
0.944
Published
2019-09-24
CVE-2019-1367
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1221.
Known exploited
CVSS Score
7.5
EPSS Score
0.908
Published
2019-09-23
CVE-2019-16057
The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection.
Known exploited
CVSS Score
9.8
EPSS Score
0.94
Published
2019-09-16
CVE-2019-16256
Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka Simjacker.
Known exploited
CVSS Score
9.8
EPSS Score
0.612
Published
2019-09-12
CVE-2019-1297
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.
Known exploited
CVSS Score
8.8
EPSS Score
0.407
Published
2019-09-11
CVE-2019-1253
An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1215, CVE-2019-1278, CVE-2019-1303.
Known exploited
CVSS Score
7.8
EPSS Score
0.319
Published
2019-09-11
CVE-2019-1214
An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'.
Known exploited
CVSS Score
7.8
EPSS Score
0.037
Published
2019-09-11
CVE-2019-1215
An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1253, CVE-2019-1278, CVE-2019-1303.
Known exploited
CVSS Score
7.8
EPSS Score
0.052
Published
2019-09-11
CVE-2019-15949
Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile (profile.php?cmd=download), is executed as root via a passwordless sudo entry; the script executes check_plugin, which is owned by the nagios user. A user logged into Nagios XI with permissions to modify plugins, or the nagios user on the server, can modify the check_plugin executable and insert malicious commands to execute as root.
Known exploited
CVSS Score
8.8
EPSS Score
0.871
Published
2019-09-05
CVE-2019-13608
Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) allows XXE attacks.
Known exploited
CVSS Score
7.5
EPSS Score
0.713
Published
2019-08-29