Skip to main content
CVE-2019-0035 MEDIUM This Month

When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as expected. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Authentication Bypass Junos
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2019-6556 MEDIUM This Month

When processing project files, the application (Omron CX-Programmer v9.70 and prior and Common Components January 2019 and prior) fails to check if it is referencing freed memory. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Common Components Cx Programmer
NVD
CVSS 3.0
6.6
EPSS
1.2%
CVE-2019-0038 MEDIUM This Month

Crafted packets destined to the management interface (fxp0) of an SRX340 or SRX345 services gateway may create a denial of service (DoS) condition due to buffer space exhaustion. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2019-0284 MEDIUM This Month

SLD Registration in SAP HANA (fixed in versions 1.0, 2.0) does not sufficiently validate an XML document accepted from an untrusted source. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

XXE SAP Hana
NVD
CVSS 3.0
6.0
EPSS
0.4%
CVE-2019-11065 MEDIUM PATCH This Month

Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Gradle Fedora
NVD GitHub
CVSS 3.1
5.9
EPSS
1.4%
CVE-2019-1003050 MEDIUM PATCH This Month

The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, resulting in a cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Jenkins Communications Cloud Native Core Automated Test Suite Openshift Container Platform
NVD
CVSS 3.1
5.4
EPSS
1.3%
CVE-2019-11070 MEDIUM PATCH This Month

WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apple Information Disclosure Webkitgtk Wpe Webkit
NVD
CVSS 3.0
5.3
EPSS
3.3%
CVE-2019-0282 MEDIUM This Month

Several web pages in SAP NetWeaver Process Integration (Runtime Workbench), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; can be accessed without user authentication, which might expose. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java SAP Netweaver Process Integration
NVD
CVSS 3.0
5.3
EPSS
1.2%
CVE-2019-0216 MEDIUM PATCH This Month

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Airflow
NVD
CVSS 3.0
4.8
EPSS
2.8%
CVE-2019-5426 MEDIUM PATCH This Month

In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an unauthenticated user can use the "local port forwarding" and "dynamic port forwarding" (SOCKS proxy) functionalities. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Ubiquiti Edgeswitch X
NVD
CVSS 3.1
4.8
EPSS
0.8%
CVE-2019-3612 MEDIUM This Month

Information Disclosure vulnerability in McAfee DXL Platform and TIE Server in DXL prior to 5.0.1 HF2 and TIE prior to 2.3.1 HF1 allows Authenticated users to view sensitive information in plain text. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Data Exchange Layer Threat Intelligence Exchange
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2019-0278 MEDIUM This Month

Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Netweaver Process Integration
NVD
CVSS 3.0
4.3
EPSS
0.7%
CVE-2019-0042 MEDIUM This Month

Juniper Identity Management Service (JIMS) for Windows versions prior to 1.1.4 may send an incorrect message to associated SRX services gateways. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Juniper Denial Of Service Microsoft Identity Management Service
NVD
CVSS 3.1
4.2
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy