Skip to main content
CVE-2019-11026 MEDIUM POC This Month

FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Poppler Fedora
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2019-11004 MEDIUM POC PATCH This Month

In Materialize through 1.0.0, XSS is possible via the Toast feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Materialize CSS
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-11003 MEDIUM POC PATCH This Month

In Materialize through 1.0.0, XSS is possible via the Autocomplete feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Materialize CSS
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-11002 MEDIUM POC PATCH This Month

In Materialize through 1.0.0, XSS is possible via the Tooltip feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Materialize CSS
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-11024 MEDIUM POC This Month

The load_pnm function in frompnm.c in libsixel.a in libsixel 1.8.2 has infinite recursion. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libsixel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2019-1798 MEDIUM POC This Month

A vulnerability in the Portable Executable (PE) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Clamav
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2019-1788 MEDIUM POC This Month

A vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Clamav Leap Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.8%
CVE-2019-1787 MEDIUM POC This Month

A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Clamav Debian Linux Leap
NVD
CVSS 3.1
5.5
EPSS
1.7%
CVE-2019-11025 MEDIUM POC This Month

In clearFilter() in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string (SNMP Options) in the View poller cache, leading to XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cacti Debian Linux
NVD GitHub
CVSS 3.1
5.4
EPSS
1.3%
CVE-2019-0612 MEDIUM POC PATCH THREAT This Month

A security feature bypass vulnerability exists when Click2Play protection in Microsoft Edge improperly handles flash objects. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Microsoft RCE Edge
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
10.5%
CVE-2019-0614 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
6.5
EPSS
6.6%
CVE-2019-11010 MEDIUM PATCH This Month

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Graphicsmagick Debian Linux Leap
NVD
CVSS 3.0
6.5
EPSS
1.8%
CVE-2019-10845 MEDIUM This Month

An issue was discovered in Uniqkey Password Manager 1.14. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Password Manager
NVD VulDB
CVSS 3.0
6.5
EPSS
2.5%
CVE-2019-10676 MEDIUM This Month

An issue was discovered in Uniqkey Password Manager 1.14. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Password Manager
NVD VulDB
CVSS 3.0
6.5
EPSS
2.7%
CVE-2019-11016 MEDIUM PATCH This Month

Elgg before 1.12.18 and 2.3.x before 2.3.11 has an open redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Elgg
NVD GitHub
CVSS 3.0
6.1
EPSS
1.2%
CVE-2019-1786 MEDIUM This Month

A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Clamav
NVD
CVSS 3.1
5.5
EPSS
1.5%
CVE-2019-4143 MEDIUM This Month

The IBM Cloud Private Key Management Service (IBM Cloud Private 3.1.1 and 3.1.2) could allow a local user to obtain sensitive from the KMS plugin container log. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Private
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2019-4051 MEDIUM This Month

Some URIs in IBM API Connect 2018.1 and 2018.4.1.3 disclose system specification information like the machine id, system uuid, filesystem paths, network interface names along with their mac. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Api Connect
NVD
CVSS 3.0
5.3
EPSS
1.7%
CVE-2019-4045 MEDIUM This Month

IBM Business Automation Workflow and IBM Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 provide embedded document management features. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Business Automation Workflow Business Process Manager
NVD
CVSS 3.1
4.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy