Skip to main content
CVE-2019-13114 MEDIUM POC PATCH This Month

http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Exiv2 Fedora Debian Linux +1
NVD GitHub
CVSS 3.1
6.5
EPSS
2.1%
CVE-2019-13113 MEDIUM POC PATCH This Month

Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to assertion failure) via an invalid data location in a CRW image file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Exiv2 Fedora Ubuntu Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
2.1%
CVE-2019-13112 MEDIUM POC This Month

A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to an std::bad_alloc exception) via a crafted PNG image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Exiv2 Fedora Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
2.0%
CVE-2019-13110 MEDIUM POC PATCH This Month

A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted CRW image file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Information Disclosure Exiv2 Fedora +2
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2019-13109 MEDIUM POC PATCH This Month

An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a chunkLength - iccOffset. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Integer Overflow Exiv2 Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2019-13108 MEDIUM POC This Month

An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Integer Overflow Exiv2 Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-13111 MEDIUM POC PATCH This Month

A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (large heap allocation followed by a very long running loop) via a crafted WEBP. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Integer Overflow Exiv2 Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2019-13072 MEDIUM POC This Month

Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoneminder
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
0.9%
CVE-2019-13075 MEDIUM POC This Month

Tor Browser through 8.5.3 has an information exposure vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Tor Browser
NVD
CVSS 3.0
5.3
EPSS
1.9%
CVE-2019-11822 MEDIUM This Month

Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to upload arbitrary files via the uploadphoto. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Synology Photo Station
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2019-11828 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Chart in Synology Office before 3.1.4-2771 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Microsoft Office
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-11827 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Shard in Synology Note Station before 2.5.3-0863 allows remote attackers to inject arbitrary web script or HTML via the object_id. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Note Station
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2019-11825 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Event Editor in Synology Calendar before 2.3.0-0615 allows remote attackers to inject arbitrary web script or HTML via the title parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Calendar
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2019-13068 MEDIUM POC PATCH THREAT This Month

public/app/features/panel/panel_ctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links (via the Title or url field). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Grafana
NVD GitHub Exploit-DB
CVSS 3.0
5.4
EPSS
51.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy