Skip to main content
CVE-2019-10930 HIGH This Week

A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Digsi 5 Engineering Software Siprotec 5 Digsi Device Driver
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2019-4193 HIGH PATCH This Week

IBM Jazz for Service Management 1.1.3 and 1.1.3.2 stores sensitive information in URL parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Jazz For Service Management
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2019-0052 HIGH PATCH This Week

The srxpfe process may crash on SRX Series services gateways when the UTM module processes a specific fragmented HTTP packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2019-0049 HIGH PATCH This Week

On Junos devices with the BGP graceful restart helper mode enabled or the BGP graceful restart mechanism enabled, a certain sequence of BGP session restart on a remote peer that has the graceful. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-10935 HIGH PATCH This Week

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Simatic Pcs 7 Simatic Wincc Simatic Wincc Runtime
NVD
CVSS 3.0
7.2
EPSS
1.3%
CVE-2019-10193 HIGH PATCH This Week

A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Redis Buffer Overflow Stack Overflow Openstack Enterprise Linux +6
NVD
CVSS 3.1
7.2
EPSS
23.7%
CVE-2019-10192 HIGH PATCH This Week

A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Redis Buffer Overflow Heap Overflow Openstack Software Collections +7
NVD
CVSS 3.1
7.2
EPSS
26.0%
CVE-2019-10135 HIGH PATCH This Week

A flaw was found in the yaml.load() function in the osbs-client versions since 0.46 before 0.56.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Osbs Client
NVD GitHub
CVSS 3.1
7.2
EPSS
1.9%
CVE-2019-0046 MEDIUM PATCH This Month

A vulnerability in the pfe-chassisd Chassis Manager (CMLC) daemon of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the EX4300 when specific valid broadcast. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2019-10341 MEDIUM PATCH This Month

A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Docker Jenkins
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2019-10933 MEDIUM This Month

A vulnerability has been identified in Spectrum Power 3 (Corporate User Interface) (All versions <= v3.11), Spectrum Power 4 (Corporate User Interface) (Version v4.75), Spectrum Power 5 (Corporate. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Spectrum Power 3 Spectrum Power 4 Spectrum Power 5 Spectrum Power 7
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-1010314 MEDIUM PATCH This Month

Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Gitea
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-13506 MEDIUM PATCH This Month

@nuxt/devalue before 1.2.3, as used in Nuxt.js before 2.6.2, mishandles object keys, leading to XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Nuxt Devalue Nuxt Js
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-10346 MEDIUM PATCH This Month

A reflected cross site scripting vulnerability in Jenkins Embeddable Build Status Plugin 2.0.1 and earlier allowed attackers inject arbitrary HTML and JavaScript into the response of this plugin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jenkins Embeddable Build Status
NVD
CVSS 3.1
6.1
EPSS
1.7%
CVE-2019-12529 MEDIUM PATCH This Month

An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Squid Debian Linux Fedora +2
NVD GitHub
CVSS 3.1
5.9
EPSS
8.1%
CVE-2019-0048 MEDIUM PATCH This Month

On EX4300 Series switches with TCAM optimization enabled, incoming multicast traffic matches an implicit loopback filter rule first, since it has high priority. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Juniper Information Disclosure Junos
NVD
CVSS 3.1
5.8
EPSS
1.0%
CVE-2019-3415 MEDIUM This Month

ZTE MW NR8000V2.4.4.03 and NR8000V2.4.4.04 are impacted by path traversal vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Zte Path Traversal Zxmw Nr8000 Firmware
NVD
CVSS 3.0
5.7
EPSS
0.9%
CVE-2019-10194 MEDIUM This Month

Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ovirt Virtualization Manager
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-3889 MEDIUM This Month

A reflected XSS vulnerability exists in authorization flow of OpenShift Container Platform versions: openshift-online-3, openshift-enterprise-3.4 through 3.7 and openshift-enterprise-3.9 through. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Openshift Container Platform
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2019-5528 MEDIUM PATCH This Month

VMware ESXi 6.5 suffers from partial denial of service vulnerability in hostd process. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service VMware ESXi
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2019-4131 MEDIUM PATCH This Month

IBM Application Performance Management (IBM Monitoring 8.1.4) could allow a remote attacker to induce the application to perform server-side DNS lookups of arbitrary domain names. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Cloud Application Performance Management
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2019-4118 MEDIUM PATCH This Month

IBM Multicloud Manager 3.1.0, 3.1.1, and 3.1.2 ibm-mcm-chart could allow a local attacker with admin privileges to obtain highly sensitive information upon deployment. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

IBM Information Disclosure Multicloud Manager
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2019-4263 MEDIUM This Month

IBM Content Navigator 3.0CD is vulnerable to local file inclusion, allowing an attacker to access a configuration file in the ICN server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Content Navigator
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2019-11268 MEDIUM This Month

Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cloud Foundry Uaa Release
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2019-10342 MEDIUM PATCH This Month

A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Docker Jenkins
NVD
CVSS 3.1
4.3
EPSS
1.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy