Skip to main content
CVE-2019-7425 MEDIUM POC This Month

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the task parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD
CVSS 3.1
6.1
EPSS
2.7%
CVE-2019-7424 MEDIUM POC This Month

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/index.jsp" file in the view GET parameter or any of these POST parameters:. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD
CVSS 3.0
6.1
EPSS
2.7%
CVE-2019-7423 MEDIUM POC This Month

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/editProfile.jsp" file in the userName parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD
CVSS 3.0
6.1
EPSS
2.7%
CVE-2019-7422 MEDIUM POC This Month

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/addMailSettings.jsp" file in the gF parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD
CVSS 3.0
6.1
EPSS
2.7%
CVE-2019-7421 MEDIUM POC This Month

XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.login/gnb/loginView.sws" in multiple parameters: contextpath and basedURL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Samsung Syncthru Web Service X7400Gx Firmware
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2019-7420 MEDIUM POC This Month

XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.application/information/networkinformationView.sws" in the tabName parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Samsung Syncthru Web Service X7400Gx Firmware
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2019-7419 MEDIUM POC This Month

XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/leftmenu.sws" in multiple parameters: ruiFw_id, ruiFw_pid, ruiFw_title. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Samsung Syncthru Web Service X7400Gx Firmware
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2019-7418 MEDIUM POC This Month

XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/swsAlert.sws" in multiple parameters: flag, frame, func, and Nfunc. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Samsung Syncthru Web Service X7400Gx Firmware
NVD
CVSS 3.0
6.1
EPSS
1.6%
CVE-2019-7417 MEDIUM POC This Month

XSS exists in Ericsson Active Library Explorer (ALEX) 14.3 in multiple parameters in the "/cgi-bin/alexserv" servlet, as demonstrated by the DB, FN, fn, or id parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ericsson Active Library Explorer
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2019-7416 MEDIUM POC This Month

XSS and/or a Client Side URL Redirect exists in OpenText Documentum Webtop 5.3 SP2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Documentum Webtop
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2019-7299 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the submit_ticket.php module in the WP Support Plus Responsive Ticket System plugin 9.1.1 for WordPress allows remote attackers to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Wp Support Plus Responsive Ticket System
NVD
CVSS 3.0
6.1
EPSS
1.7%
CVE-2019-5490 CRITICAL Act Now

Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Service Processor
NVD
CVSS 3.0
9.8
EPSS
3.5%
CVE-2019-9898 CRITICAL PATCH Act Now

Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Putty Fedora Debian Linux Leap +1
NVD
CVSS 3.0
9.8
EPSS
3.9%
CVE-2019-9895 CRITICAL Act Now

In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Putty Fedora
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2019-9893 CRITICAL PATCH Act Now

libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Libseccomp
NVD GitHub
CVSS 3.0
9.8
EPSS
3.0%
CVE-2019-9870 CRITICAL PATCH Act Now

plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for CKEditor mishandles SCRIPT elements. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Oembed
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2019-7222 MEDIUM POC PATCH This Month

The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel Fedora Leap +15
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2019-6501 MEDIUM POC PATCH This Month

In QEMU 3.1, scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Qemu Fedora
NVD
CVSS 3.0
5.5
EPSS
0.6%
CVE-2019-6492 MEDIUM POC This Month

SmartDefragDriver.sys (2.0) in IObit Smart Defrag 6 never frees an executable kernel pool that is allocated with user defined bytes and size when IOCTL 0x9C401CC4 is called. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Smart Defrag
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2019-6454 MEDIUM POC PATCH This Month

An issue was discovered in sd-bus in systemd 239. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Memory Corruption Systemd Leap +20
NVD GitHub
CVSS 3.1
5.5
EPSS
2.0%
CVE-2019-3832 MEDIUM POC PATCH This Month

It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libsndfile Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2019-7432 MEDIUM POC This Month

PHP Scripts Mall Rental Bike Script 2.0.3 has HTML injection via the STREET field in the Profile Edit section. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rental Bike Script
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2019-7223 MEDIUM POC This Month

InvoicePlane 1.5 has stored XSS via the index.php/invoices/ajax/save invoice_password parameter, aka the "PDF password" field to the "Create Invoice" option. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Invoiceplane
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2019-7435 MEDIUM POC This Month

PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected HTML injection via the Search Form. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Opensource Classified Ads Script
NVD
CVSS 3.0
5.3
EPSS
1.0%
CVE-2019-7430 MEDIUM POC This Month

PHP Scripts Mall Image Sharing Script 1.3.4 has HTML injection via the Search Bar. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Image Sharing Script
NVD
CVSS 3.0
5.3
EPSS
1.0%
CVE-2019-8351 CRITICAL Act Now

Heimdal Thor Agent 2.5.17x before 2.5.173 does not verify X.509 certificates from TLS servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Thor
NVD
CVSS 3.0
9.1
EPSS
1.3%
CVE-2019-3858 CRITICAL PATCH Act Now

An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Denial Of Service Buffer Overflow Information Disclosure Libssh2 Fedora +3
NVD
CVSS 3.0
9.1
EPSS
6.4%
CVE-2019-3862 CRITICAL PATCH Act Now

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Buffer Overflow Libssh2 Fedora Debian Linux +2
NVD
CVSS 3.0
9.1
EPSS
8.1%
CVE-2019-3859 CRITICAL PATCH Act Now

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Denial Of Service Buffer Overflow Information Disclosure Libssh2 Fedora +3
NVD
CVSS 3.1
9.1
EPSS
6.3%
CVE-2019-3855 HIGH PATCH This Week

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Libssh2 Fedora Debian Linux +11
NVD
CVSS 3.1
8.8
EPSS
9.2%
CVE-2019-6731 HIGH PATCH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

RCE Buffer Overflow Information Disclosure Phantompdf Reader
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2019-6730 HIGH PATCH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Phantompdf Reader
NVD
CVSS 3.1
8.8
EPSS
4.2%
CVE-2019-6729 HIGH PATCH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

RCE Buffer Overflow Information Disclosure Phantompdf Reader
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2019-6727 HIGH PATCH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Phantompdf Reader
NVD
CVSS 3.1
8.8
EPSS
4.2%
CVE-2019-5729 HIGH PATCH This Week

Splunk-SDK-Python before 1.6.6 does not properly verify untrusted TLS server certificates, which could result in man-in-the-middle attacks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Splunk Python Information Disclosure Software Development Kit
NVD
CVSS 3.0
8.1
EPSS
0.5%
CVE-2019-9896 HIGH This Week

In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Putty Backports Sle Leap
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2019-6778 HIGH PATCH This Week

In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Qemu Leap Fedora +1
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2019-4094 HIGH PATCH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Microsoft Information Disclosure Db2
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-9897 HIGH PATCH This Week

Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Putty Fedora Debian Linux Oncommand Unified Manager +1
NVD
CVSS 3.0
7.5
EPSS
3.0%
CVE-2019-9894 HIGH PATCH This Week

A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Putty Fedora Debian Linux +2
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2019-7161 HIGH PATCH This Week

An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Zoho Manageengine Adselfservice Plus
NVD
CVSS 3.0
7.5
EPSS
5.6%
CVE-2019-6970 HIGH PATCH This Week

Moodle 3.5.x before 3.5.4 allows SSRF. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

SSRF Moodle
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2019-6690 HIGH PATCH This Week

python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure Python Gnupg Debian Linux Leap +2
NVD
CVSS 3.1
7.5
EPSS
8.5%
CVE-2019-5885 HIGH PATCH This Week

Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Synapse Fedora
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2019-8934 LOW POC PATCH Monitor

hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Qemu Leap
NVD
CVSS 3.1
3.3
EPSS
0.6%
CVE-2019-9868 HIGH This Week

An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Netbackup Appliance
NVD
CVSS 3.0
7.2
EPSS
1.2%
CVE-2019-9867 HIGH This Week

An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Netbackup Appliance
NVD
CVSS 3.0
7.2
EPSS
1.2%
CVE-2019-9889 LOW POC Monitor

In Vanilla before 2.6.4, a flaw exists within the getSingleIndex function of the AddonManager class. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Vanilla
NVD GitHub
CVSS 3.0
2.7
EPSS
2.4%
CVE-2019-6735 MEDIUM PATCH This Month

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Phantompdf Reader
NVD
CVSS 3.1
6.5
EPSS
4.3%
CVE-2019-6734 MEDIUM PATCH This Month

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Phantompdf Reader
NVD
CVSS 3.1
6.5
EPSS
4.2%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy