Skip to main content
CVE-2019-11015 MEDIUM POC This Month

A vulnerability was found in the MIUI OS version 10.1.3.0 that allows a physically proximate attacker to bypass Lockscreen based authentication via the Wallpaper Carousel application to obtain. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Miui
NVD
CVSS 3.0
6.8
EPSS
0.5%
CVE-2019-9005 MEDIUM POC This Month

The Cprime Power Scripts app before 4.0.14 for Atlassian Jira allows Directory Traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Atlassian Path Traversal Power Scripts
NVD
CVSS 3.0
6.5
EPSS
2.1%
CVE-2019-11321 MEDIUM POC This Month

An issue was discovered in Motorola CX2 1.01 and M2 1.01. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cx2 Firmware M2 Firmware
NVD GitHub
CVSS 3.0
5.3
EPSS
1.3%
CVE-2019-10893 MEDIUM POC This Month

CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version) and 0.9.8.753 (Pro) is vulnerable to Stored/Persistent XSS for Admin Email fields on the "CWP Settings > "Edit. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Centos Web Panel
NVD Exploit-DB
CVSS 3.0
4.8
EPSS
2.9%
CVE-2019-11017 MEDIUM POC This Month

On D-Link DI-524 V2.06RU devices, multiple Stored and Reflected XSS vulnerabilities were found in the Web Configuration: /spap.htm, /smap.htm, and /cgi-bin/smap, as demonstrated by the cgi-bin/smap. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link Di 524 Firmware
NVD Exploit-DB
CVSS 3.1
4.8
EPSS
1.5%
CVE-2019-1829 MEDIUM This Month

A vulnerability in the CLI of Cisco Aironet Series Access Points (APs) could allow an authenticated, local attacker to gain access to the underlying Linux operating system (OS) without the proper. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Aironet Access Point Firmware
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2019-10305 MEDIUM PATCH This Month

A missing permission check in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers with Overall/Read permission to initiate a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Xebialabs Xl Deploy
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-10304 MEDIUM PATCH This Month

A cross-site request forgery vulnerability in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers to initiate a connection to an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Xebialabs Xl Deploy
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2019-1834 MEDIUM This Month

A vulnerability in the internal packet processing of Cisco Aironet Series Access Points (APs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Aironet Access Point Firmware
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2019-1800 MEDIUM This Month

A vulnerability in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Wireless Lan Controller Wireless Lan Controller Software
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2019-1799 MEDIUM This Month

A vulnerability in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Wireless Lan Controller Wireless Lan Controller Software
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2019-1796 MEDIUM This Month

A vulnerability in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Wireless Lan Controller Wireless Lan Controller Software
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2019-1722 MEDIUM This Month

A vulnerability in the FindMe feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a cross-site. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Expressway Series Telepresence Video Communication Server
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2019-1721 MEDIUM This Month

A vulnerability in the phone book feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to cause the CPU to increase. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Telepresence Video Communication Server
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2019-11084 MEDIUM This Month

GAuth 0.9.9 beta has stored XSS that shows a popup repeatedly and discloses cookies. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Gauth
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-1792 MEDIUM This Month

A vulnerability in the URL block page of Cisco Umbrella could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user in a network protected by. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Umbrella
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2019-1826 MEDIUM This Month

A vulnerability in the quality of service (QoS) feature of Cisco Aironet Series Access Points (APs) could allow an authenticated, adjacent attacker to cause a denial of service (DoS) condition on an. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Cisco Aironet Access Point Firmware
NVD
CVSS 3.0
5.7
EPSS
0.6%
CVE-2019-1725 MEDIUM This Month

A vulnerability in the local management CLI implementation for specific commands on the Cisco UCS B-Series Blade Servers could allow an authenticated, local attacker to overwrite an arbitrary file on. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Unified Computing System
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-1777 MEDIUM This Month

A vulnerability in the web-based interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against another user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Registered Envelope Service
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2019-1719 MEDIUM This Month

A vulnerability in the web-based guest portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Identity Services Engine
NVD
CVSS 3.0
5.4
EPSS
0.9%
CVE-2019-1831 MEDIUM This Month

A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Email Security Appliance
NVD
CVSS 3.0
5.3
EPSS
1.6%
CVE-2019-1794 MEDIUM This Month

A vulnerability in the search path processing of Cisco Directory Connector could allow an authenticated, local attacker to load a binary of their choosing. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Meeting Server
NVD
CVSS 3.1
5.1
EPSS
0.4%
CVE-2019-1830 MEDIUM This Month

A vulnerability in Locally Significant Certificate (LSC) management for the Cisco Wireless LAN Controller (WLC) could allow an authenticated, remote attacker to cause the device to unexpectedly. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Wireless Lan Controller Software
NVD
CVSS 3.0
4.9
EPSS
1.2%
CVE-2019-1720 MEDIUM This Month

A vulnerability in the XML API of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to cause the CPU to increase to 100%. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Telepresence Video Communication Server
NVD
CVSS 3.0
4.9
EPSS
1.7%
CVE-2019-1802 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Secure Firewall Management Center
NVD
CVSS 3.1
4.8
EPSS
0.9%
CVE-2019-1835 MEDIUM This Month

A vulnerability in the CLI of Cisco Aironet Access Points (APs) could allow an authenticated, local attacker to access sensitive information stored in an AP. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Cisco Aironet Access Point Firmware
NVD
CVSS 3.0
4.4
EPSS
0.8%
CVE-2019-1805 MEDIUM This Month

A vulnerability in certain access control mechanisms for the Secure Shell (SSH) server implementation for Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Wireless Lan Controller Software
NVD
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy