Skip to main content
CVE-2019-14464 MEDIUM POC This Month

XMFile::read in XMFile.cpp in milkyplay in MilkyTracker 1.02.00 has a heap-based buffer overflow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Milkytracker Ubuntu Linux Debian Linux +1
NVD GitHub
CVSS 3.1
5.5
EPSS
1.3%
CVE-2019-5020 MEDIUM POC This Month

An exploitable denial of service vulnerability exists in the object lookup functionality of Yara 3.8.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Yara
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2019-14456 MEDIUM POC This Month

Opengear console server firmware releases prior to 4.5.0 have a stored XSS vulnerability related to serial port logging. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opengear
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2019-3958 MEDIUM POC This Month

Insufficient output sanitization in WallacePOS 1.4.3 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks via a crafted sales transaction. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wallacepos
NVD
CVSS 3.0
5.4
EPSS
0.9%
CVE-2019-10198 MEDIUM PATCH This Month

An authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Foreman Tasks Satellite
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2019-10182 MEDIUM PATCH This Month

It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Icedtea Web Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +2
NVD GitHub
CVSS 3.0
6.5
EPSS
2.7%
CVE-2019-10366 MEDIUM PATCH This Month

Jenkins Skytap Cloud CI Plugin 2.06 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Skytap Cloud Ci
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2019-10358 MEDIUM PATCH This Month

Jenkins Maven Integration Plugin 3.3 and earlier did not apply build log decorators to module builds, potentially revealing sensitive build variables in the build log. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Maven
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-10359 MEDIUM PATCH This Month

A cross-site request forgery vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier in the M2ReleaseAction#doSubmit method allowed attackers to perform releases with attacker-specified. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF M2Release
NVD
CVSS 3.1
6.3
EPSS
0.6%
CVE-2019-7000 MEDIUM This Month

A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE Aura Conferencing
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-10364 MEDIUM PATCH This Month

Jenkins Amazon EC2 Plugin 1.43 and earlier wrote the beginning of private keys to the Jenkins system log. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Ec2
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-10361 MEDIUM PATCH This Month

Jenkins Maven Release Plugin 0.14.0 and earlier stored credentials unencrypted on the Jenkins master where they could be viewed by users with access to the master file system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure M2Release
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2019-10345 MEDIUM PATCH This Month

Jenkins Configuration as Code Plugin 1.20 and earlier did not treat the proxy password as a secret to be masked when logging or encrypted for export. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Configuration As Code
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-10362 MEDIUM PATCH This Month

Jenkins Configuration as Code Plugin 1.24 and earlier did not escape values resulting in variable interpolation during configuration import when exporting, allowing attackers with permission to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Configuration As Code
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-10360 MEDIUM PATCH This Month

A stored cross site scripting vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier allowed attackers to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins M2 Release
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-10363 MEDIUM PATCH This Month

Jenkins Configuration as Code Plugin 1.24 and earlier did not reliably identify sensitive values expected to be exported in their encrypted form. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Configuration As Code
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2019-10189 MEDIUM PATCH This Month

A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Moodle
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2019-10188 MEDIUM PATCH This Month

A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Moodle
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2019-10187 MEDIUM PATCH This Month

A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Moodle
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2019-4163 MEDIUM This Month

IBM StoreIQ 7.6.0.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Storediq
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2019-10365 MEDIUM PATCH This Month

Jenkins Google Kubernetes Engine Plugin 0.6.2 and earlier created a temporary file containing a temporary access token in the project workspace, where it could be accessed by users with Job/Read. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Jenkins Kubernetes Information Disclosure Kubernetes Engine
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2019-10357 MEDIUM PATCH This Month

A missing permission check in Jenkins Pipeline: Shared Groovy Libraries Plugin 2.14 and earlier allowed users with Overall/Read access to obtain limited information about the content of SCM. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Pipeline Openshift Container Platform
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2019-10344 MEDIUM PATCH This Month

Missing permission checks in Jenkins Configuration as Code Plugin 1.24 and earlier in various HTTP endpoints allowed users with Overall/Read access to access the generated schema and documentation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Configuration As Code
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy