Skip to main content
CVE-2019-5455 MEDIUM POC This Month

Bypassing lock protection exists in Nextcloud Android app 3.6.0 when creating a multi-account and aborting the process. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Google Nextcloud
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2019-5450 MEDIUM POC This Month

Improper sanitization of HTML in directory names in the Nextcloud Android app prior to version 3.7.0 allowed to style the directory name in the header bar when using basic HTML. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nextcloud Google
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2019-14443 MEDIUM POC This Month

An issue was discovered in Libav 12.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libav Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-14442 MEDIUM POC This Month

In mpc8_read_header in libavformat/mpc8.c in Libav 12.3, an input file can result in an avio_seek infinite loop and hang, with 100% CPU consumption. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libav Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-14441 MEDIUM POC This Month

An issue was discovered in Libav 12.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libav
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-5453 MEDIUM POC This Month

Bypass lock protection in the Nextcloud Android app prior to version 3.3.0 allowed access to files when being prompted for the lock protection and switching to the Nextcloud file provider. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Google Nextcloud
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2019-14318 MEDIUM POC PATCH This Month

Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Crypto
NVD GitHub
CVSS 3.0
5.9
EPSS
3.2%
CVE-2019-5460 MEDIUM POC This Month

Double Free in VLC versions <= 3.0.6 leads to a crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Vlc Media Player Backports Leap
NVD
CVSS 3.1
5.5
EPSS
2.5%
CVE-2019-14444 MEDIUM POC This Month

apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Binutils Leap Ubuntu Linux +2
NVD
CVSS 3.1
5.5
EPSS
1.5%
CVE-2019-5458 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in http-file-server (all versions) allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Http File Server
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-5457 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in min-http-server (all versions) allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Min Http Server
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-14242 MEDIUM This Month

An issue was discovered in Bitdefender products for Windows (Bitdefender Endpoint Security Tool versions prior to 6.6.8.115; and Bitdefender Antivirus Plus, Bitdefender Internet Security, and. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Microsoft Antivirus Plus Endpoint Security Tool Internet Security +1
NVD
CVSS 3.0
6.7
EPSS
0.6%
CVE-2019-14383 MEDIUM PATCH This Month

J2B in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libopenmpt Leap
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2019-14382 MEDIUM PATCH This Month

DSM in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libopenmpt
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-14380 MEDIUM PATCH This Month

libopenmpt before 0.4.5 allows a crash during playback due to an out-of-bounds read in XM and MT2 files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Libopenmpt Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-10129 MEDIUM This Month

A vulnerability was found in postgresql versions 11.x prior to 11.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PostgreSQL Buffer Overflow Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2019-14327 MEDIUM This Month

A CSRF vulnerability in Settings form in the Custom Simple Rss plugin 2.0.6 for WordPress allows attackers to change the plugin settings. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Custom Simple Rss
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2019-14406 MEDIUM This Month

cPanel before 78.0.18 has stored XSS in the BoxTrapper Queue Listing (SEC-493). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cpanel
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2019-14387 MEDIUM This Month

cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cpanel
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-7614 MEDIUM PATCH This Month

A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Elastic Information Disclosure Elasticsearch
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2019-14409 MEDIUM This Month

cPanel before 78.0.2 allows arbitrary file-read operations via Passenger adminbin (SEC-466). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2019-14404 MEDIUM This Month

cPanel before 78.0.18 allows certain file-read operations in the context of the root account via the Exim virtual_user_spam router (SEC-484). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2019-14394 MEDIUM This Month

cPanel before 80.0.5 allows unsafe file operations in the context of the root account via the fetch_ssl_certificates_for_fqdns API (SEC-489). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2019-10156 MEDIUM PATCH This Month

A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ansible Openstack Debian Linux
NVD GitHub
CVSS 3.1
5.4
EPSS
1.8%
CVE-2019-4285 MEDIUM PATCH This Month

IBM WebSphere Application Server - Liberty Admin Center could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS IBM Websphere Application Server
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2019-14390 MEDIUM This Month

cPanel before 82.0.2 has stored XSS in the WHM Modify Account interface (SEC-512). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cpanel
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2019-14386 MEDIUM This Month

cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interface (SEC-504). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Tomcat Cpanel
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2019-14411 MEDIUM This Month

cPanel before 78.0.2 does not properly restrict demo accounts from writing to files via the DCV UAPI (SEC-473). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.0
5.3
EPSS
0.8%
CVE-2019-14397 MEDIUM This Month

cPanel before 80.0.5 allows demo accounts to modify arbitrary files via the extractfile API1 call (SEC-496). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.0
5.3
EPSS
0.8%
CVE-2019-14393 MEDIUM This Month

cPanel before 80.0.5 allows local code execution in the context of a different cPanel account because of insecure cpphp execution (SEC-486). Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Cpanel
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2019-10153 MEDIUM PATCH This Month

A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Fence Agents Enterprise Linux Enterprise Linux Server Enterprise Linux Workstation
NVD GitHub
CVSS 3.1
5.0
EPSS
2.2%
CVE-2019-7616 MEDIUM This Month

Kibana versions before 6.8.2 and 7.2.1 contain a server side request forgery (SSRF) flaw in the graphite integration for Timelion visualizer. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic SSRF Kibana
NVD
CVSS 3.1
4.9
EPSS
2.1%
CVE-2019-5451 MEDIUM This Month

Bypass lock protection in the Nextcloud Android app prior to version 3.6.1 allows accessing the files when repeatedly opening and closing the app in a very short time. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Nextcloud Nextcloud Server
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2019-10163 MEDIUM PATCH This Month

A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Authoritative Backports Leap
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2019-5449 MEDIUM This Month

A missing check in the Nextcloud Server prior to version 15.0.1 causes leaking of calendar event names when adding or modifying confidential or private events. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nextcloud Nextcloud Server
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2019-10130 MEDIUM This Month

A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass PostgreSQL Leap
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2019-14413 MEDIUM This Month

cPanel before 78.0.2 allows certain file-write operations as shared users during connection resets (SEC-476). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.0
4.3
EPSS
0.6%
CVE-2019-14408 MEDIUM This Month

cPanel before 78.0.2 allows a demo account to link with an OpenID provider (SEC-460). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.0
4.3
EPSS
0.6%
CVE-2019-14403 MEDIUM This Month

cPanel before 78.0.18 offers an open mail relay because of incorrect domain-redirect routing (SEC-483). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Cpanel
NVD
CVSS 3.0
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy