Skip to main content
CVE-2019-12222 MEDIUM POC This Month

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Simple Directmedia Layer
NVD
CVSS 3.0
6.5
EPSS
1.9%
CVE-2019-12221 MEDIUM POC This Month

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Sdl2 Image Simple Directmedia Layer Fedora +4
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2019-12220 MEDIUM POC This Month

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Sdl2 Image Simple Directmedia Layer
NVD
CVSS 3.0
6.5
EPSS
1.9%
CVE-2019-12218 MEDIUM POC This Month

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Sdl2 Image Simple Directmedia Layer
NVD
CVSS 3.0
6.5
EPSS
2.0%
CVE-2019-12217 MEDIUM POC This Month

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Sdl2 Image Simple Directmedia Layer
NVD
CVSS 3.0
6.5
EPSS
2.3%
CVE-2019-12216 MEDIUM POC This Month

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Sdl2 Image Simple Directmedia Layer Fedora +2
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2019-12213 MEDIUM POC This Month

When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp always returns 1, leading to stack exhaustion. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Freeimage Ubuntu Linux Debian Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2019-12215 MEDIUM POC This Month

A full path disclosure vulnerability was discovered in Matomo v3.9.1 where a user can trigger a particular error to discover the full path of Matomo on the disk, because lastError.file is used in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Matomo
NVD GitHub
CVSS 3.0
4.3
EPSS
1.2%
CVE-2019-4058 MEDIUM This Month

IBM BigFix Platform 9.2 and 9.5 could allow a low-privilege user to manipulate the UI into exposing interface elements and information normally restricted to administrators. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Bigfix Platform
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-10078 MEDIUM PATCH This Month

A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Jspwiki
NVD
CVSS 3.0
6.1
EPSS
4.9%
CVE-2019-10077 MEDIUM PATCH This Month

A carefully crafted InterWiki link could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Jspwiki
NVD
CVSS 3.0
6.1
EPSS
4.7%
CVE-2019-10076 MEDIUM PATCH This Month

A carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Jspwiki
NVD
CVSS 3.0
6.1
EPSS
4.7%
CVE-2019-11809 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-4011 MEDIUM This Month

IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Bigfix Platform
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-4293 MEDIUM This Month

IBM Storwize V7000 Unified (2073) 1.6 configuration may allow an attacker to reveal the server version in default installation, which could be used in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Storwize Unified V7000 Software
NVD
CVSS 3.1
5.3
EPSS
1.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy