Skip to main content
CVE-2019-10908 CRITICAL PATCH Act Now

In Airsonic 10.2.1, RecoverController.java generates passwords via org.apache.commons.lang.RandomStringUtils, which uses java.util.Random internally. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Privilege Escalation Apache Airsonic
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-10907 CRITICAL PATCH Act Now

Airsonic 10.2.1 uses Spring's default remember-me mechanism based on MD5, with a fixed key of airsonic in GlobalSecurityConfig.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Information Disclosure Airsonic
NVD GitHub
CVSS 3.0
9.8
EPSS
0.9%
CVE-2019-10906 HIGH PATCH This Week

In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jinja Fedora Ubuntu Linux Software Collections +1
NVD
CVSS 3.1
8.6
EPSS
3.6%
CVE-2019-10740 MEDIUM POC This Month

In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Webmail Fedora Backports Sle Leap
NVD GitHub
CVSS 3.1
4.3
EPSS
0.8%
CVE-2019-10735 MEDIUM POC This Month

In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mail
NVD
CVSS 3.0
4.3
EPSS
0.6%
CVE-2019-10734 MEDIUM POC This Month

In KDE Trojita 0.7, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Trojita
NVD
CVSS 3.0
4.3
EPSS
0.7%
CVE-2019-10732 MEDIUM POC This Month

In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Kmail Debian Linux
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2019-10741 MEDIUM This Month

K-9 Mail v5.600 can include the original quoted HTML code of a specially crafted, benign looking, email within (digitally signed) reply messages. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE K 9 Mail
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy