Skip to main content
CVE-2019-12491 MEDIUM PATCH This Month

OnApp before 5.0.0-88, 5.5.0-93, and 6.0.0-196 allows an attacker to run arbitrary commands with root privileges on servers managed by OnApp for XEN/KVM hypervisors. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable.

Information Disclosure Onapp
NVD
CVSS 3.0
6.6
EPSS
1.5%
CVE-2019-2022 MEDIUM This Month

In rw_t3t_act_handle_fmt_rsp and rw_t3t_act_handle_sro_rsp of rw_t3t.cc, there is a possible out-of-bound read due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2019-2021 MEDIUM This Month

In rw_t3t_act_handle_ndef_detect_rsp of rw_t3t.cc, there is a possible out-of-bound read due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2019-2020 MEDIUM This Month

In llcp_dlc_proc_rr_rnr_pdu of llcp_dlc.cc, there is a possible out-of-bound read due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2019-2019 MEDIUM This Month

In ce_t4t_data_cback of ce_t4t.cc, there is a possible out-of-bound read due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2019-4385 MEDIUM PATCH This Month

IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password in the IBM Spectrum Protect Plus Joblog. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM Information Disclosure Spectrum Protect Plus
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2019-12436 MEDIUM This Month

Samba 4.10.x before 4.10.5 has a NULL pointer dereference, leading to an AD DC LDAP server Denial of Service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Samba Ubuntu Linux
NVD
CVSS 3.0
6.5
EPSS
2.8%
CVE-2019-12435 MEDIUM This Month

Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer dereference, leading to Denial of Service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Samba
NVD
CVSS 3.0
6.5
EPSS
2.2%
CVE-2019-10085 MEDIUM This Month

In Apache Allura prior to 1.11.0, a vulnerability exists for stored XSS on the user dropdown selector when creating or editing tickets. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Allura
NVD
CVSS 3.0
6.1
EPSS
5.1%
CVE-2019-12814 MEDIUM PATCH This Month

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Jackson Databind Debian Linux
NVD GitHub
CVSS 3.1
5.9
EPSS
11.0%
CVE-2019-2004 MEDIUM This Month

In publishKeyEvent, publishMotionEvent and sendUnchainedFinishedSignal of InputTransport.cpp, there are uninitialized data leading to local information disclosure with no additional execution. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2019-11649 MEDIUM This Month

Cross-Site Scripting vulnerability in Micro Focus Fortify Software Security Center Server, versions 17.2, 18.1, 18.2, has been identified in Micro Focus Software Security Center. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fortify Software Security Center
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2019-4303 MEDIUM This Month

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Maximo Asset Management Control Desk Maximo For Aviation +7
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2019-9701 MEDIUM POC This Month

DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting (XSS) vulnerability, a type of issue that can enable attackers to inject client-side scripts into web pages viewed by. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Data Loss Prevention
NVD Exploit-DB
CVSS 3.0
4.8
EPSS
1.8%
CVE-2019-4384 MEDIUM PATCH This Month

IBM Campaign 9.1.2 and 10.1 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

IBM Path Traversal Campaign
NVD
CVSS 3.1
4.3
EPSS
2.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy