Skip to main content
CVE-2019-13186 MEDIUM POC This Month

In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via the tags box. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Minicms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-10721 MEDIUM POC PATCH This Month

BlogEngine.NET 3.3.7.0 allows a Client Side URL Redirect via the ReturnUrl parameter, related to BlogEngine/BlogEngine.Core/Services/Security/Security.cs, login.aspx, and register.aspx. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Blogengine Net
NVD GitHub
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-6641 MEDIUM This Month

On BIG-IP 12.1.0-12.1.4.1, undisclosed requests can cause iControl REST processes to crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +9
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2019-6638 MEDIUM This Month

On BIG-IP 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, Malformed http requests made to an undisclosed iControl REST endpoint can lead to infinite loop of the restjavad process. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager Big Ip Analytics +9
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2019-6637 MEDIUM This Month

On BIG-IP (ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, Application logic abuse of ASM REST endpoints can lead to instability of BIG-IP system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Linux Information Disclosure Big Ip Application Security Manager
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2019-6634 MEDIUM This Month

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, a high volume of malformed analytics report requests leads to instability in restjavad process. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager Big Ip Analytics +9
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2019-5601 MEDIUM This Month

In FreeBSD 12.0-STABLE before r347474, 12.0-RELEASE before 12.0-RELEASE-p7, 11.2-STABLE before r347475, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the FFS implementation causes up to three. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Freebsd
NVD
CVSS 3.0
6.5
EPSS
1.6%
CVE-2019-12844 MEDIUM This Month

A possible stored JavaScript injection was detected on one of the JetBrains TeamCity pages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Teamcity
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-12843 MEDIUM This Month

A possible stored JavaScript injection requiring a deliberate server administrator action was detected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Teamcity
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-12842 MEDIUM This Month

A reflected XSS on a user page was detected on one of the JetBrains TeamCity pages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-6626 MEDIUM This Month

On BIG-IP (AFM, Analytics, ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.3.4, A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Security Manager
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-6625 MEDIUM This Month

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.4, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager Big Ip Analytics +9
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-6627 MEDIUM This Month

On F5 SSL Orchestrator 14.1.0-14.1.0.5, on rare occasions, specific to a certain race condition, TMM may restart when SSL Forward Proxy enforces the bypass action for an SSL Orchestrator transparent. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Race Condition Ssl Orchestrator
NVD
CVSS 3.0
5.9
EPSS
0.8%
CVE-2019-6632 MEDIUM This Month

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, under certain circumstances, attackers can decrypt configuration items that are encrypted because the vCMP. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager Big Ip Analytics +9
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2019-12845 MEDIUM This Month

The generated Kotlin DSL settings allowed usage of an unencrypted connection for resolving artifacts. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Teamcity
NVD
CVSS 3.0
5.3
EPSS
0.9%
CVE-2019-6640 MEDIUM This Month

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, SNMP exposes sensitive configuration objects over insecure transmission channels. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager Big Ip Analytics +9
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2019-3619 MEDIUM This Month

Information Disclosure vulnerability in the Agent Handler in McAfee ePolicy Orchestrator (ePO) 5.9.x and 5.10.0 prior to 5.10.0 update 4 allows remote unauthenticated attacker to view sensitive. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Epolicy Orchestrator
NVD
CVSS 3.0
4.9
EPSS
1.1%
CVE-2019-6639 MEDIUM This Month

On BIG-IP (AFM, PEM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, an undisclosed TMUI pages for AFM and PEM Subscriber management are. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Big Ip Advanced Firewall Manager Big Ip Policy Enforcement Manager
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2019-6635 MEDIUM This Month

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, when the BIG-IP system is licensed for Appliance mode, a user with either the. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager Big Ip Analytics +9
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2019-6633 MEDIUM This Month

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4, when the BIG-IP system is licensed with Appliance mode, user accounts with Administrator and Resource. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager Big Ip Analytics +9
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2019-12846 MEDIUM This Month

A user without the required permissions could gain access to some JetBrains TeamCity settings. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.0
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy