Skip to main content
CVE-2019-3799 MEDIUM POC PATCH THREAT This Month

Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Java Path Traversal Spring Cloud Config Communications Cloud Native Core Policy
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
85.3%
CVE-2019-5433 MEDIUM POC PATCH This Month

A user having access to the UI of a Revive Adserver instance could be tricked into clicking on a specifically crafted admin account-switch.php URL that would eventually lead them to another (unsafe). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Open Redirect Revive Adserver
NVD
CVSS 3.0
5.4
EPSS
1.7%
CVE-2019-5431 MEDIUM This Month

This vulnerability was caused by an incomplete fix to CVE-2017-0911. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple CSRF Twitter Kit
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2019-3797 MEDIUM PATCH This Month

This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Java Spring Data Java Persistence Api
NVD
CVSS 3.0
5.3
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy