Skip to main content
CVE-2019-7387 MEDIUM This Month

A local file inclusion vulnerability exists in the web interface of Systrome Cumilon ISG-600C, ISG-600H, and ISG-800W 1.1-R2.1_TRUNK-20180914.bin devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Path Traversal Isg 600C Firmware Isg 600H Firmware Isg 800W Firmware
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2019-1000020 MEDIUM PATCH This Month

libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libarchive Ubuntu Linux Debian Linux Fedora +4
NVD GitHub
CVSS 3.1
6.5
EPSS
3.2%
CVE-2019-1000017 MEDIUM PATCH This Month

Chamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect Access Control vulnerability in Tickets component that can result in an authenticated user can read all tickets available on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Chamilo Lms
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%
CVE-2019-1000016 MEDIUM PATCH This Month

FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array Index vulnerability in libavcodec/cbs_av1.c that can result in Denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Ffmpeg
NVD GitHub
CVSS 3.0
6.5
EPSS
1.1%
CVE-2019-1000011 MEDIUM PATCH This Month

API Platform version from 2.2.0 to 2.3.5 contains an Incorrect Access Control vulnerability in GraphQL delete mutations that can result in a user authorized to delete a resource can delete any. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Core
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%
CVE-2019-1000002 MEDIUM PATCH This Month

Gitea version 1.6.2 and earlier contains a Incorrect Access Control vulnerability in Delete/Edit file functionallity that can result in the attacker deleting files outside the repository he/she has. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Gitea Information Disclosure
NVD GitHub
CVSS 3.0
6.5
EPSS
1.1%
CVE-2019-4038 MEDIUM PATCH This Month

IBM Security Identity Manager 6.0 and 7.0 could allow an attacker to create unexpected control flow paths through the application, potentially bypassing security checks. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection IBM RCE Security Identity Manager
NVD
CVSS 3.1
6.2
EPSS
0.4%
CVE-2019-1000024 MEDIUM This Month

OPT/NET BV NG-NetMS version v3.6-2 and earlier versions contains a Cross Site Scripting (XSS) vulnerability in /js/libs/jstree/demo/filebrowser/index.php page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Ng Netms
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2019-1000015 MEDIUM PATCH This Month

Chamilo Chamilo-lms version 1.11.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in main/messages/new_message.php, main/social/personal_data.php, main/inc/lib/TicketManager.php,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Chamilo Lms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-1000004 MEDIUM This Month

yugandhargangu JspMyAdmin2 version 1.0.6 and earlier contains a Cross Site Scripting (XSS) vulnerability in sidebar and table data that can result in Database fields aren't properly sanitized and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jspmyadmin2
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-7324 MEDIUM PATCH This Month

app/Core/Paginator.php in Kanboard before 1.2.8 has XSS in pagination sorting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Kanboard
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy