Skip to main content
CVE-2019-9955 MEDIUM POC PATCH THREAT This Month

On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Zyxel Atp200 Firmware Atp500 Firmware Atp800 Firmware +18
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
20.9%
CVE-2019-11454 MEDIUM POC PATCH This Month

Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Monit Ubuntu Linux Debian Linux Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
2.4%
CVE-2019-11449 MEDIUM POC This Month

I, Librarian 4.10 has XSS via the notes.php notes parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP I Librarian
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-11428 MEDIUM POC This Month

I, Librarian 4.10 has XSS via the export.php export_files parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP I Librarian
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-11427 MEDIUM POC This Month

An XSS issue was discovered in app/search/search.app.php in idreamsoft iCMS 7.0.14 via the public/api.php?app=search q parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Icms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-11426 MEDIUM POC This Month

An XSS issue was discovered in app/admincp/template/admincp.header.php in idreamsoft iCMS 7.0.14 via the admincp.php?app=config tab parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Icms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-11404 MEDIUM POC PATCH This Month

arrow-kt Arrow before 0.9.0 resolved Gradle build artifacts (for compiling and building the published JARs) over HTTP instead of HTTPS. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Arrow
NVD GitHub
CVSS 3.0
5.9
EPSS
1.1%
CVE-2019-0218 MEDIUM This Month

A vulnerability was discovered wherein a specially crafted URL could enable reflected XSS via JavaScript in the pony mail interface. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pony Mail
NVD
CVSS 3.0
6.1
EPSS
5.1%
CVE-2019-10241 MEDIUM PATCH This Month

In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Jetty Debian Linux Activemq Drill +3
NVD
CVSS 3.1
6.1
EPSS
9.6%
CVE-2019-3902 MEDIUM PATCH This Month

A flaw was found in Mercurial before 4.9. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Path Traversal Mercurial Debian Linux Enterprise Linux
NVD
CVSS 3.0
5.9
EPSS
1.4%
CVE-2019-11459 MEDIUM PATCH This Month

The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Evince Ubuntu Linux Fedora Debian Linux +5
NVD
CVSS 3.1
5.5
EPSS
1.4%
CVE-2019-10247 MEDIUM PATCH This Month

In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jetty Oncommand System Manager Snap Creator Framework Snapcenter +22
NVD
CVSS 3.1
5.3
EPSS
5.8%
CVE-2019-10246 MEDIUM PATCH This Month

In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Jetty Oncommand System Manager Snap Creator Framework +22
NVD
CVSS 3.1
5.3
EPSS
4.0%
CVE-2019-11244 MEDIUM PATCH This Month

In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Kubernetes Trident Openshift Container Platform
NVD GitHub
CVSS 3.1
5.0
EPSS
0.5%
CVE-2019-3901 MEDIUM PATCH This Month

A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Kernel Debian Linux Active Iq Unified Manager For Vmware Vsphere Hci Management Node +6
NVD
CVSS 3.1
4.7
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy