Skip to main content
CVE-2019-1010266 MEDIUM POC PATCH This Month

lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Lodash
NVD GitHub
CVSS 3.1
6.5
EPSS
3.1%
CVE-2019-13626 MEDIUM POC This Month

SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libsdl Fedora Debian Linux +1
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2019-10352 MEDIUM POC PATCH THREAT This Month

A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java allowed attackers with Job/Configure permission to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Path Traversal Jenkins
NVD
CVSS 3.0
6.5
EPSS
10.2%
CVE-2019-1943 MEDIUM POC THREAT This Month

A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Switches software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Open Redirect Sg200 50 Firmware Sg200 50P Firmware Sg200 50Fp Firmware +54
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
10.5%
CVE-2019-1010287 MEDIUM POC PATCH This Month

Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Timesheet Next Gen
NVD
CVSS 3.0
6.1
EPSS
4.3%
CVE-2019-13346 MEDIUM POC This Month

In MyT 1.5.1, the User[username] parameter has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Myt
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.2%
CVE-2019-1010091 MEDIUM POC PATCH This Month

tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Tinymce
NVD GitHub
CVSS 3.1
6.1
EPSS
1.9%
CVE-2019-3973 MEDIUM POC This Month

Comodo Antivirus versions 11.0.0.6582 and below are vulnerable to Denial of Service affecting CmdGuard.sys via its filter port "cmdServicePort". Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption Antivirus
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2019-3972 MEDIUM POC This Month

Comodo Antivirus versions 12.0.0.6810 and below are vulnerable to Denial of Service affecting CmdAgent.exe via an unprotected section object "<GUID>_CisSharedMemBuff". Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Antivirus
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2019-3971 MEDIUM POC This Month

Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to a local Denial of Service affecting CmdVirth.exe via its LPC port "cmdvrtLPCServerPort". Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Antivirus
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2019-3970 MEDIUM POC This Month

Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Arbitrary File Write due to Cavwp.exe handling of Comodo's Antivirus database. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Antivirus
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2019-13493 MEDIUM POC This Month

In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Experience Platform
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
1.6%
CVE-2019-13584 MEDIUM POC This Month

The remote admin webserver on FANUC Robotics Virtual Robot Controller 8.23 allows Directory Traversal via a forged HTTP request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Robotics Virtual Robot Controller
NVD
CVSS 3.0
5.3
EPSS
3.4%
CVE-2019-13631 MEDIUM PATCH This Month

In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Linux Memory Corruption Linux Kernel
NVD
CVSS 3.0
6.8
EPSS
0.8%
CVE-2019-1923 MEDIUM This Month

A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Spa501G Firmware Spa502G Firmware Spa504G Firmware +7
NVD
CVSS 3.1
6.6
EPSS
0.5%
CVE-2019-1942 MEDIUM This Month

A vulnerability in the sponsor portal web interface for Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to impact the integrity of an affected system by executing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Identity Services Engine
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2019-13453 MEDIUM PATCH This Month

Zipios before 0.1.7 does not properly handle certain malformed zip archives and can go into an infinite loop, causing a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Zipios
NVD
CVSS 3.0
6.5
EPSS
2.0%
CVE-2019-1010084 MEDIUM PATCH This Month

Dancer::Plugin::SimpleCRUD 1.14 and earlier is affected by: Incorrect Access Control. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass
NVD GitHub
CVSS 3.0
6.5
EPSS
1.1%
CVE-2019-1941 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Identity Services Engine
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-13448 MEDIUM This Month

An issue was discovered in Sertek Xpare 3.67. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Xpare
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-12475 MEDIUM This Month

In MicroStrategy Web before 10.4.6, there is stored XSS in metric due to insufficient input validation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microstrategy Web
NVD GitHub
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-1940 MEDIUM This Month

A vulnerability in the Web Services Management Agent (WSMA) feature of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to gain unauthorized read access to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Information Disclosure Industrial Network Director
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2019-13636 MEDIUM PATCH This Month

In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Patch
NVD GitHub
CVSS 3.0
5.9
EPSS
3.9%
CVE-2019-5222 MEDIUM This Month

There is an information disclosure vulnerability on Secure Input of certain Huawei smartphones in Versions earlier than Tony-AL00B 9.1.0.216(C00E214R2P1). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Honor Magic 2 Firmware
NVD
CVSS 3.0
5.5
EPSS
0.6%
CVE-2019-12913 MEDIUM This Month

Redbrick Shift through 3.4.3 allows an attacker to extract emails of services (such as Gmail, Outlook, etc.) used in the application. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Shift
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2019-12912 MEDIUM This Month

Redbrick Shift through 3.4.3 allows an attacker to extract emails of services (such as Gmail, Outlook, etc.) used in the application. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Shift
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2019-4211 MEDIUM PATCH This Month

IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Qradar Security Information And Event Manager
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-10354 MEDIUM PATCH This Month

A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Openshift Container Platform
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2019-4194 MEDIUM This Month

IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 is missing function level access control that could allow a user to delete authorized resources. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Jazz For Service Management
NVD
CVSS 3.1
4.3
EPSS
1.4%
CVE-2019-9849 MEDIUM This Month

LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Libreoffice Ubuntu Linux Fedora Debian Linux +1
NVD
CVSS 3.1
4.3
EPSS
3.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy