Skip to main content
CVE-2019-13239 MEDIUM POC PATCH This Month

inc/user.class.php in GLPI before 9.4.3 allows XSS via a user picture. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Glpi
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-13291 MEDIUM POC This Month

In Xpdf 4.01.01, there is a heap-based buffer over-read in the function DCTStream::readScan() located at Stream.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Xpdfreader
NVD
CVSS 3.0
5.5
EPSS
1.1%
CVE-2019-13288 MEDIUM POC This Month

In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xpdfreader
NVD GitHub
CVSS 3.0
5.5
EPSS
4.6%
CVE-2019-13287 MEDIUM POC This Month

In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath::strokeAdjust() located at splash/SplashXPath.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Xpdfreader
NVD GitHub
CVSS 3.0
5.5
EPSS
1.2%
CVE-2019-13286 MEDIUM POC This Month

In Xpdf 4.01.01, there is a heap-based buffer over-read in the function JBIG2Stream::readTextRegionSeg() located at JBIG2Stream.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Xpdfreader Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2019-1890 MEDIUM This Month

A vulnerability in the fabric infrastructure VLAN connection establishment of the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated,. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Application Policy Infrastructure Controller
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2019-1884 MEDIUM This Month

A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to cause a denial of service (DoS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Asyncos Web Security Appliance
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2019-13229 MEDIUM PATCH This Month

deepin-clone before 1.1.3 uses a fixed path /tmp/partclone.log in the Helper::getPartitionSizeInfo() function to write a log file as root, and follows symlinks there. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Deepin Clone
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2019-13227 MEDIUM PATCH This Month

In GUI mode, deepin-clone before 1.1.3 creates a log file at the fixed path /tmp/.deepin-clone.log as root, and follows symlinks there. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Deepin Clone
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2019-13228 MEDIUM PATCH This Month

deepin-clone before 1.1.3 uses a fixed path /tmp/repo.iso in the BootDoctor::fix() function to download an ISO file, and follows symlinks there. Rated medium severity (CVSS 4.7).

Privilege Escalation Deepin Clone
NVD GitHub
CVSS 3.0
4.7
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy