Skip to main content
CVE-2019-12794 MEDIUM PATCH This Month

An issue was discovered in MISP 2.4.108. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Misp
NVD GitHub VulDB
CVSS 3.0
6.6
EPSS
0.9%
CVE-2019-12764 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Joomla
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-10334 MEDIUM PATCH This Month

Jenkins ElectricFlow Plugin 1.1.5 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM when MultipartUtility.java is used to upload files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Jenkins Information Disclosure Electricflow
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2019-12766 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-10336 MEDIUM PATCH This Month

A reflected cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.6 and earlier allowed attackers able to control the output of the ElectricFlow API to inject arbitrary HTML and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jenkins Electricflow
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2019-3413 MEDIUM This Month

All versions up to V20.18.40.R7.B1of ZTE NetNumen DAP product have an XSS vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Zte Netnumen Dap Firmware
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2019-10335 MEDIUM PATCH This Month

A stored cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier allowed attackers able to configure jobs in Jenkins or control the output of the ElectricFlow API to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Electricflow
NVD
CVSS 3.0
5.4
EPSS
1.1%
CVE-2019-0196 MEDIUM PATCH This Month

A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Apache Memory Corruption Http Server +2
NVD
CVSS 3.0
5.3
EPSS
19.3%
CVE-2019-12143 MEDIUM This Month

A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ws Ftp Server
NVD
CVSS 3.0
5.3
EPSS
2.0%
CVE-2019-0220 MEDIUM PATCH This Month

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Apache Http Server Leap Debian Linux +2
NVD
CVSS 3.0
5.3
EPSS
17.9%
CVE-2019-10333 MEDIUM PATCH This Month

Missing permission checks in Jenkins ElectricFlow Plugin 1.1.5 and earlier in various HTTP endpoints allowed users with Overall/Read access to obtain information about the Jenkins ElectricFlow Plugin. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Electricflow
NVD
CVSS 3.1
4.3
EPSS
1.4%
CVE-2019-10332 MEDIUM PATCH This Month

A missing permission check in Jenkins ElectricFlow Plugin 1.1.5 and earlier in Configuration#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Electricflow
NVD
CVSS 3.1
4.3
EPSS
1.8%
CVE-2019-10331 MEDIUM PATCH This Month

A cross-site request forgery vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier in Configuration#doTestConnection allowed attackers to connect to an attacker-specified URL using. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Electricflow
NVD
CVSS 3.0
4.3
EPSS
1.1%
CVE-2019-0197 MEDIUM PATCH This Month

A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Denial Of Service Apache Http Server Ubuntu Linux +8
NVD
CVSS 3.1
4.2
EPSS
8.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy