Skip to main content
CVE-2019-14664 MEDIUM POC This Month

In Enigmail below 2.1, an attacker in possession of PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Enigmail Fedora
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-14667 MEDIUM POC PATCH This Month

Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description field and the asset account name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Firefly Iii
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-14665 MEDIUM POC This Month

Brandy 1.20.1 has a heap-based buffer overflow in define_array in variables.c via crafted BASIC source code. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Brandy
NVD
CVSS 3.0
5.5
EPSS
0.8%
CVE-2019-14663 MEDIUM POC This Month

Brandy 1.20.1 has a stack-based buffer overflow in fileio_openin in fileio.c via crafted BASIC source code. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Brandy
NVD
CVSS 3.0
5.5
EPSS
0.8%
CVE-2019-14662 MEDIUM POC This Month

Brandy 1.20.1 has a stack-based buffer overflow in fileio_openout in fileio.c via crafted BASIC source code. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Brandy
NVD
CVSS 3.0
5.5
EPSS
0.8%
CVE-2019-14672 MEDIUM POC PATCH This Month

Firefly III 4.7.17.5 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the liability name field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Firefly Iii
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2019-14670 MEDIUM POC PATCH This Month

Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the bill name field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Firefly Iii
NVD GitHub
CVSS 3.0
5.4
EPSS
0.8%
CVE-2019-14669 MEDIUM POC PATCH This Month

Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the asset account name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Firefly Iii
NVD GitHub
CVSS 3.0
5.4
EPSS
0.8%
CVE-2019-14668 MEDIUM POC PATCH This Month

Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the transaction description field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Firefly Iii
NVD GitHub
CVSS 3.0
5.4
EPSS
0.8%
CVE-2019-14550 MEDIUM POC PATCH This Month

An issue was discovered in EspoCRM before 5.6.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Espocrm
NVD GitHub
CVSS 3.0
5.4
EPSS
1.1%
CVE-2019-14549 MEDIUM POC PATCH This Month

An issue was discovered in EspoCRM before 5.6.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Espocrm
NVD GitHub
CVSS 3.0
5.4
EPSS
1.1%
CVE-2019-14548 MEDIUM POC PATCH This Month

An issue was discovered in EspoCRM before 5.6.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Espocrm
NVD GitHub
CVSS 3.0
5.4
EPSS
1.1%
CVE-2019-14547 MEDIUM POC PATCH This Month

An issue was discovered in EspoCRM before 5.6.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Espocrm
NVD GitHub
CVSS 3.0
5.4
EPSS
1.1%
CVE-2019-14546 MEDIUM POC PATCH This Month

An issue was discovered in EspoCRM before 5.6.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Espocrm
NVD GitHub
CVSS 3.0
5.4
EPSS
1.1%
CVE-2019-3717 MEDIUM This Month

Select Dell Client Commercial and Consumer platforms contain an Improper Access Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dell Chengming 3967 Firmware Chengming 3977 Firmware Chengming 3980 Firmware +238
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2019-4261 MEDIUM PATCH This Month

IBM WebSphere MQ V7.1, 7.5, IBM MQ V8, IBM MQ V9.0LTS, IBM MQ V9.1 LTS, and IBM MQ V9.1 CD are vulnerable to a denial of service attack caused by specially crafted messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service IBM Mq Websphere Mq
NVD
CVSS 3.1
6.5
EPSS
2.6%
CVE-2019-11198 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Sitecore CMS 9.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) #300583 - List Manager Dashboard. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cms
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2019-14525 MEDIUM This Month

In Octopus Deploy 2019.4.0 through 2019.6.x before 2019.6.6, and 2019.7.x before 2019.7.6, an authenticated system administrator is able to view sensitive values by visiting a server configuration. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Octopus Deploy Octopus Server
NVD GitHub
CVSS 3.0
4.9
EPSS
1.5%
CVE-2019-4284 MEDIUM This Month

IBM Cloud Private 2.1.0 , 3.1.0, 3.1.1, and 3.1.2 could allow a local privileged user to obtain sensitive OIDC token that is printed to log files, which could be used to log in to the system as. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Private
NVD
CVSS 3.1
4.4
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy