Skip to main content
CVE-2019-13959 MEDIUM POC This Month

In Bento4 1.5.1-627, AP4_DataBuffer::SetDataSize does not handle reallocation failures, leading to a memory copy into a NULL pointer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Bento4
NVD GitHub
CVSS 3.0
6.5
EPSS
1.2%
CVE-2019-13607 MEDIUM POC This Month

The Opera Mini application through 16.0.14 for iOS has a UXSS vulnerability that can be triggered by performing navigation to a javascript: URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Apple Mini
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-13643 MEDIUM POC This Month

Stored XSS in EspoCRM before 5.6.4 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Espocrm
NVD GitHub
CVSS 3.0
6.1
EPSS
1.1%
CVE-2019-13960 MEDIUM POC This Month

In libjpeg-turbo 2.0.2, a large amount of memory can be used during processing of an invalid progressive JPEG image containing incorrect width and height values in the image header. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libjpeg Turbo
NVD GitHub
CVSS 3.0
5.5
EPSS
1.0%
CVE-2019-1010069 MEDIUM POC This Month

moinejf abcm2ps 8.13.20 is affected by: Incorrect Access Control. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Abcm2Ps Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2019-13950 MEDIUM POC This Month

index.php?c=admin&a=index in SyGuestBook A5 Version 1.2 has stored XSS via a reply to a comment. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Syguestbook A5
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2019-13948 MEDIUM POC This Month

SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData function in include/functions.php does not properly block XSS payloads, as demonstrated by a crafted use of the onerror attribute. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Syguestbook A5
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2019-13647 MEDIUM POC PATCH This Month

Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file content. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Firefly Iii
NVD GitHub
CVSS 3.0
5.4
EPSS
0.8%
CVE-2019-13646 MEDIUM POC PATCH This Month

Firefly III before 4.7.17.3 is vulnerable to reflected XSS due to lack of filtration of user-supplied data in a search query. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Firefly Iii
NVD GitHub
CVSS 3.0
5.4
EPSS
0.8%
CVE-2019-13645 MEDIUM POC PATCH This Month

Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file names. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Firefly Iii
NVD GitHub
CVSS 3.0
5.4
EPSS
0.8%
CVE-2019-13644 MEDIUM POC PATCH This Month

Firefly III before 4.7.17.1 is vulnerable to stored XSS due to lack of filtration of user-supplied data in a budget name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Firefly Iii
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2019-1010252 MEDIUM POC This Month

The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Open Network Operating System
NVD
CVSS 3.0
4.9
EPSS
1.1%
CVE-2019-1010250 MEDIUM POC This Month

The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Open Network Operating System
NVD
CVSS 3.0
4.9
EPSS
1.1%
CVE-2019-1010249 MEDIUM POC This Month

The Linux Foundation ONOS 2.0.0 and earlier is affected by: Integer Overflow. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Integer Overflow Buffer Overflow Open Network Operating System
NVD
CVSS 3.0
4.9
EPSS
1.1%
CVE-2019-11230 MEDIUM POC This Month

In Avast Antivirus before 19.4, a local administrator can trick the product into renaming arbitrary files by replacing the Logs\Update.log file with a symlink. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Antivirus
NVD
CVSS 3.0
4.4
EPSS
0.5%
CVE-2019-3592 MEDIUM This Month

Privilege escalation vulnerability in McAfee Agent (MA) before 5.6.1 HF3, allows local administrator users to potentially disable some McAfee processes by manipulating the MA directory control and. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Agent
NVD
CVSS 3.0
6.7
EPSS
0.3%
CVE-2019-7963 MEDIUM PATCH This Month

Adobe Bridge CC version 9.0.2 and earlier versions have an out of bound read vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Adobe Bridge Cc
NVD
CVSS 3.0
6.5
EPSS
2.9%
CVE-2019-7953 MEDIUM This Month

Adobe Experience Manager version 6.4 and ealier have a Cross-Site Request Forgery vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe CSRF Experience Manager
NVD
CVSS 3.0
6.5
EPSS
2.7%
CVE-2019-1010065 MEDIUM PATCH This Month

The Sleuth Kit 4.6.0 and earlier is affected by: Integer Overflow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Integer Overflow The Sleuth Kit Fedora Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-7955 MEDIUM This Month

Adobe Experience Manager version 6.4 and ealier have a Reflected Cross-site Scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Information Disclosure Adobe Experience Manager
NVD
CVSS 3.0
6.1
EPSS
2.1%
CVE-2019-7954 MEDIUM This Month

Adobe Experience Manager version 6.4 and ealier have a Stored Cross-site Scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Information Disclosure Adobe Experience Manager
NVD
CVSS 3.0
6.1
EPSS
1.7%
CVE-2019-1010261 MEDIUM PATCH This Month

Gitea 1.7.0 and earlier is affected by: Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Gitea
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-9230 MEDIUM This Month

An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.253. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mediant 500L Msbr Firmware Mediant 500 Mbsr Firmware Mediant M800B Msbr Firmware Mediant 800C Msbr Firmware
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-3794 MEDIUM This Month

Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various endpoints. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Foundry Uaa
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2019-8286 MEDIUM This Month

Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security versions up to 2019 could potentially disclose unique Product ID by forcing victim to visit a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Anti Virus Free Anti Virus Internet Security Small Office Security +1
NVD
CVSS 3.0
4.3
EPSS
2.2%
CVE-2019-3734 MEDIUM This Month

Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain an improper authorization vulnerability in NAS Server quotas configuration. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Unity Operating Environment Emc Unityvsa Operating Environment
NVD
CVSS 3.0
4.3
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy