Skip to main content
CVE-2019-3936 HIGH This Week

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 is vulnerable to denial of service via a crafted request to TCP port 389. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service Am 100 Firmware Am 101 Firmware
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2019-10948 HIGH This Week

Fujifilm FCR Capsula X/ Carbon X/ FCR XC-2, model versions CR-IR 357 FCR Carbon X, CR-IR 357 FCR XC-2, FCR-IR 357 FCR Capsula X are susceptible to a denial-of-service condition as a result of an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cr Ir 357 Fcr Carbon X Firmware Cr Ir 357 Fcr Xc 2 Firmware Cr Ir 357 Fcr Capsula X Firmware
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2019-3399 HIGH This Week

The BrowseProjects.jspa resource in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to see information for archived projects through a missing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Atlassian Jira Jira Server
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2019-10131 HIGH PATCH This Week

An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Denial Of Service Imagemagick Enterprise Linux Debian Linux Ubuntu Linux +1
NVD GitHub
CVSS 3.1
7.1
EPSS
1.3%
CVE-2019-0214 MEDIUM PATCH This Month

In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apache Archiva
NVD
CVSS 3.0
6.5
EPSS
4.9%
CVE-2019-0213 MEDIUM PATCH This Month

In Apache Archiva before 2.2.4, it may be possible to store malicious XSS code into central configuration entries, i.e. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Apache Archiva
NVD
CVSS 3.0
6.5
EPSS
4.9%
CVE-2019-10308 MEDIUM PATCH This Month

A missing permission check in Jenkins Static Analysis Utilities Plugin 1.95 and earlier in the DefaultGraphConfigurationView#doSave form handler method allowed attackers with Overall/Read permission. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Static Analysis Utilities
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2019-10307 MEDIUM PATCH This Month

A cross-site request forgery vulnerability in Jenkins Static Analysis Utilities Plugin 1.95 and earlier in the DefaultGraphConfigurationView#doSave form handler method allowed attackers to change the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Static Analysis Utilities
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2019-4166 MEDIUM This Month

IBM StoredIQ 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Open Redirect Storediq
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2019-10317 MEDIUM PATCH This Month

Jenkins SiteMonitor Plugin 0.5 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jenkins Information Disclosure Sitemonitor
NVD
CVSS 3.0
5.9
EPSS
1.5%
CVE-2019-10314 MEDIUM This Month

Jenkins Koji Plugin disables SSL/TLS and hostname verification globally for the Jenkins master JVM. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jenkins Information Disclosure Koji
NVD
CVSS 3.0
5.9
EPSS
1.5%
CVE-2019-3928 MEDIUM This Month

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allow any user to obtain the presentation passcode via the iso.3.6.1.4.1.3212.100.3.2.7.4 OIDs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Am 100 Firmware Am 101 Firmware
NVD
CVSS 3.1
5.3
EPSS
1.8%
CVE-2019-10312 MEDIUM PATCH This Month

A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doFillTowerCredentialsIdItems method allowed attackers with. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Ansible Tower
NVD
CVSS 3.1
4.3
EPSS
1.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy