Skip to main content
CVE-2019-14372 MEDIUM POC This Month

In Libav 12.3, there is an infinite loop in the function wv_read_block_header() in the file wvdec.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libav
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-14371 MEDIUM POC This Month

An issue was discovered in Libav 12.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libav
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2019-14370 MEDIUM POC This Month

In Exiv2 0.27.99.0, there is an out-of-bounds read in Exiv2::MrwImage::readMetadata() in mrwimage.cpp. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Exiv2 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-14369 MEDIUM POC This Month

Exiv2::PngImage::readMetadata() in pngimage.cpp in Exiv2 0.27.99.0 allows attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Exiv2 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-14350 MEDIUM POC This Month

EspoCRM 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the Knowledge base. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Espocrm
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-14349 MEDIUM POC This Month

EspoCRM version 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the api/v1/Document functionality for storing documents in the account tab. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Espocrm
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-14331 MEDIUM POC PATCH This Month

An issue was discovered in EspoCRM before 5.6.6. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Espocrm
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-14330 MEDIUM POC PATCH This Month

An issue was discovered in EspoCRM before 5.6.6. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Espocrm
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-14329 MEDIUM POC PATCH This Month

An issue was discovered in EspoCRM before 5.6.6. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Espocrm
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-14315 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in upload.php in SunHater KCFinder 3.20-test1, 3.20-test2, 3.12, and earlier allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Kcfinder
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2019-14362 MEDIUM POC This Month

Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Openbravo Erp
NVD
CVSS 3.0
5.4
EPSS
2.1%
CVE-2019-14364 MEDIUM This Month

An XSS vulnerability in the "Email Subscribers & Newsletters" plugin 4.1.6 for WordPress allows an attacker to inject malicious JavaScript code through a publicly available subscription form using. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress PHP Email Subscribers Newsletters
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy