Skip to main content
CVE-2019-12905 MEDIUM POC This Month

FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman&section=do&page=up URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Filerun
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
3.6%
CVE-2019-12919 MEDIUM POC This Month

On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices, an attacker on the local network has unauthenticated access to the internal SD card via the HTTP service on port 8000. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Clever Dog Smart Camera Panorama Dog 2W Firmware Clever Dog Smart Camera Plus Dog 2W V4 Firmware
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
0.4%
CVE-2019-12745 MEDIUM POC This Month

out/out.UsrMgr.php in SeedDMS before 5.1.11 allows Stored Cross-Site Scripting (XSS) via the name field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Seeddms
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
2.6%
CVE-2019-1899 MEDIUM POC This Month

A vulnerability in the web interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to acquire the list of devices that are connected to the guest. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cisco Rv110W Firmware Rv130W Firmware Rv215W Firmware
NVD
CVSS 3.1
5.3
EPSS
3.4%
CVE-2019-1898 MEDIUM POC THREAT This Month

A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cisco Rv110W Firmware Rv130W Firmware Rv215W Firmware
NVD
CVSS 3.1
5.3
EPSS
41.0%
CVE-2019-1897 MEDIUM POC This Month

A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to disconnect clients that are connected to the guest. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cisco Rv110W Firmware Rv130W Firmware Rv215W Firmware
NVD
CVSS 3.1
5.3
EPSS
4.5%
CVE-2019-1879 MEDIUM This Month

A vulnerability in the CLI of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Unified Computing System Integrated Management Controller
NVD
CVSS 3.0
6.7
EPSS
0.4%
CVE-2019-1623 MEDIUM This Month

A vulnerability in the CLI configuration shell of Cisco Meeting Server could allow an authenticated, local attacker to inject arbitrary commands as the root user. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Cisco Command Injection Meeting Server
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2019-6961 MEDIUM This Month

Incorrect access control in actionHandlerUtility.php in the RDK RDKB-20181217-1 WebUI module allows a logged in user to control DDNS, QoS, RIP, and other privileged configurations (intended only for. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass PHP Rdkb Ccsppandm
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2019-1906 MEDIUM This Month

A vulnerability in the Virtual Domain system of Cisco Prime Infrastructure (PI) could allow an authenticated, remote attacker to change the virtual domain configuration, which could lead to privilege. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Prime Infrastructure
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2019-1627 MEDIUM This Month

A vulnerability in the Server Utilities of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to gain unauthorized access to sensitive user information from. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Command Injection Integrated Management Controller Unified Computing System
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-12902 MEDIUM This Month

Pydio Cells before 1.5.0 does incomplete cleanup of a user's data upon deletion. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cells
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2019-12904 MEDIUM PATCH This Month

In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure Libgcrypt Leap
NVD GitHub
CVSS 3.1
5.9
EPSS
2.1%
CVE-2019-1905 MEDIUM This Month

A vulnerability in the GZIP decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Email Security Appliance
NVD
CVSS 3.0
5.8
EPSS
1.4%
CVE-2019-1630 MEDIUM This Month

A vulnerability in the firmware signature checking program of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to cause a buffer overflow, resulting in a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Cisco Integrated Management Controller Unified Computing System
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2019-1628 MEDIUM This Month

A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to cause a buffer overflow, resulting in a denial of service (DoS). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Cisco Buffer Overflow Integrated Management Controller +1
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-1876 MEDIUM This Month

A vulnerability in the HTTPS proxy feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to use the Central Manager as an HTTPS proxy. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Wide Area Application Services
NVD
CVSS 3.0
5.3
EPSS
1.8%
CVE-2019-1631 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to access potentially sensitive system usage. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Integrated Management Controller Unified Computing System
NVD
CVSS 3.0
5.3
EPSS
2.2%
CVE-2019-1629 MEDIUM This Month

A vulnerability in the configuration import utility of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to have write access and upload arbitrary data to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Integrated Management Controller Unified Computing System
NVD
CVSS 3.0
5.3
EPSS
1.5%
CVE-2019-1875 MEDIUM PATCH This Month

A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.

XSS Cisco Prime Service Catalog
NVD
CVSS 3.0
4.8
EPSS
0.9%
CVE-2019-8458 MEDIUM This Month

Check Point Endpoint Security Client for Windows, with Anti-Malware blade installed, before version E81.00, tries to load a non-existent DLL during an update initiated by the UI. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

RCE Microsoft Checkpoint Endpoint Security Clients Remote Access Clients +1
NVD
CVSS 3.1
4.4
EPSS
1.0%
CVE-2019-12903 MEDIUM This Month

Pydio Cells before 1.5.0, when supplied with a Name field in an unexpected Unicode format, fails to handle this and includes the database column/table name as pert of the error message, exposing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cells
NVD
CVSS 3.0
4.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy