Skip to main content
CVE-2019-12347 MEDIUM POC PATCH THREAT This Month

In pfSense 2.4.4-p3, a stored XSS vulnerability occurs when attackers inject a payload into the Name or Description field via an acme_accountkeys_edit.php action. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Pfsense
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
58.6%
CVE-2019-6322 MEDIUM PATCH This Month

HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

HP Information Disclosure Z4 G4 Workstation Firmware Z4 G4 Core X Workstation Firmware Z6 G4 Workstation Firmware +1
NVD
CVSS 3.0
6.8
EPSS
1.2%
CVE-2019-6981 MEDIUM This Month

Zimbra Collaboration Suite 8.7.x through 8.8.11 allows Blind SSRF in the Feed component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Zimbra Collaboration Suite
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2019-9866 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.7.7 and 11.8.x before 11.8.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2019-7129 MEDIUM This Month

Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Information Disclosure Adobe Experience Manager Forms
NVD
CVSS 3.0
6.1
EPSS
1.6%
CVE-2019-4137 MEDIUM PATCH This Month

IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Spectrum Control
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-4264 MEDIUM PATCH This Month

IBM QRadar SIEM 7.2.8 WinCollect could allow an attacker to obtain sensitive information by spoofing a trusted entity using man in the middle techniques due to not validating or incorrectly. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2019-4138 MEDIUM PATCH This Month

IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM Information Disclosure Spectrum Control
NVD
CVSS 3.0
5.9
EPSS
2.1%
CVE-2019-11894 MEDIUM This Month

A potential improper access control vulnerability exists in the backup mechanism of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in unauthorized download of a backup. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Smart Home Controller Firmware
NVD
CVSS 3.1
5.7
EPSS
0.5%
CVE-2019-12449 MEDIUM PATCH This Month

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Gvfs Ubuntu Linux Fedora Leap
NVD
CVSS 3.1
5.7
EPSS
1.8%
CVE-2019-9221 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2019-4184 MEDIUM PATCH This Month

IBM Jazz Reporting Service 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2019-4139 MEDIUM PATCH This Month

IBM Cognos Analytics 11.0, 11.1.0, and 11.1.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Cognos Analytics
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2019-11895 MEDIUM This Month

A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a successful denial of service of the SHC. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Denial Of Service Smart Home Controller Firmware
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2019-7549 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.5.10, 11.6.x before 11.6.8, and 11.7.x before 11.7.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.0
4.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy