Skip to main content
CVE-2019-3841 MEDIUM POC This Month

Kubevirt/virt-cdi-importer, versions 1.4.0 to 1.5.3 inclusive, were reported to disable TLS certificate validation when importing data into PVCs from container registries. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Containerized Data Importer
NVD GitHub
CVSS 3.0
6.8
EPSS
0.5%
CVE-2019-3810 MEDIUM POC PATCH THREAT This Month

A flaw was found in moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Moodle
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
13.9%
CVE-2019-10016 MEDIUM POC This Month

GForge Advanced Server 6.4.4 allows XSS via the commonsearch.php words parameter, as demonstrated by a snippet/search/?words= substring. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Advanced Server
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-10026 MEDIUM POC This Month

An issue was discovered in Xpdf 4.01.01. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xpdf
NVD
CVSS 3.0
5.5
EPSS
0.9%
CVE-2019-10025 MEDIUM POC This Month

An issue was discovered in Xpdf 4.01.01. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xpdf
NVD
CVSS 3.0
5.5
EPSS
0.9%
CVE-2019-10024 MEDIUM POC This Month

An issue was discovered in Xpdf 4.01.01. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xpdf
NVD
CVSS 3.0
5.5
EPSS
0.9%
CVE-2019-10023 MEDIUM POC This Month

An issue was discovered in Xpdf 4.01.01. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xpdf
NVD
CVSS 3.0
5.5
EPSS
0.9%
CVE-2019-10022 MEDIUM POC This Month

An issue was discovered in Xpdf 4.01.01. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Xpdf
NVD
CVSS 3.0
5.5
EPSS
0.9%
CVE-2019-10021 MEDIUM POC This Month

An issue was discovered in Xpdf 4.01.01. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xpdf
NVD
CVSS 3.0
5.5
EPSS
0.9%
CVE-2019-10020 MEDIUM POC This Month

An issue was discovered in Xpdf 4.01.01. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xpdf
NVD
CVSS 3.0
5.5
EPSS
0.9%
CVE-2019-10019 MEDIUM POC This Month

An issue was discovered in Xpdf 4.01.01. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xpdf
NVD
CVSS 3.0
5.5
EPSS
0.9%
CVE-2019-10018 MEDIUM POC This Month

An issue was discovered in Xpdf 4.01.01. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xpdf Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2019-10027 MEDIUM POC This Month

PHPCMS 9.6.x through 9.6.3 has XSS via the mailbox (aka E-mail) field on the personal information screen. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Phpcms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%
CVE-2019-3831 MEDIUM PATCH This Month

A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Vdsm Gluster Storage
NVD
CVSS 3.1
6.7
EPSS
1.0%
CVE-2019-6538 MEDIUM This Month

The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mycarelink Monitor Firmware Carelink Monitor Firmware Carelink 2090 Firmware Amplia Crt D Firmware +16
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2019-3874 MEDIUM PATCH This Month

The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Linux Kernel Debian Linux Enterprise Linux Ubuntu Linux +5
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2019-3483 MEDIUM This Month

Mitigates a potential information leakage issue in ArcSight Logger versions prior to 6.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Arcsight Logger
NVD
CVSS 3.0
6.5
EPSS
1.6%
CVE-2019-3482 MEDIUM This Month

Mitigates a directory traversal issue in ArcSight Logger versions prior to 6.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Arcsight Logger
NVD
CVSS 3.0
6.5
EPSS
4.2%
CVE-2019-7608 MEDIUM This Month

Kibana versions before 5.6.15 and 6.6.1 had a cross-site scripting (XSS) vulnerability that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Elastic Kibana
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-3480 MEDIUM This Month

Mitigates a stored/reflected XSS issue in ArcSight Logger versions prior to 6.7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Arcsight Logger
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-3838 MEDIUM PATCH This Month

It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Ghostscript Ansible Tower Enterprise Linux Enterprise Linux Desktop +8
NVD
CVSS 3.1
5.5
EPSS
2.6%
CVE-2019-3835 MEDIUM This Month

It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ghostscript Ansible Tower Enterprise Linux Desktop Enterprise Linux Server +7
NVD
CVSS 3.1
5.5
EPSS
2.6%
CVE-2019-3808 MEDIUM PATCH This Month

A flaw was found in Moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Moodle
NVD
CVSS 3.1
5.4
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy