Skip to main content
CVE-2019-15095 MEDIUM POC This Month

DWSurvey through 2019-07-22 has reflected XSS via the design/qu-multi-fillblank!answers.action surveyId parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dwsurvey
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-15119 MEDIUM POC PATCH This Month

lib/install/install.go in cnlh nps through 0.23.2 uses 0777 permissions for /usr/local/bin/nps and/or /usr/bin/nps, leading to a file overwrite by a local user. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Nps
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2019-15120 MEDIUM POC This Month

The Kunena extension before 5.1.14 for Joomla!. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Kunena
NVD GitHub
CVSS 3.1
5.4
EPSS
1.4%
CVE-2019-15090 MEDIUM PATCH This Month

An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Linux Information Disclosure Linux Kernel Ubuntu Linux +1
NVD GitHub
CVSS 3.1
6.7
EPSS
0.5%
CVE-2019-15116 MEDIUM This Month

The easy-digital-downloads plugin before 2.9.16 for WordPress has XSS related to IP address logging. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Easy Digital Downloads
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-15118 MEDIUM PATCH This Month

check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Ubuntu Linux Debian Linux +7
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2019-15108 MEDIUM PATCH This Month

An issue was discovered in WSO2 API Manager 2.6.0 before WSO2-CARBON-PATCH-4.4.0-4457. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Api Manager
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2019-15098 MEDIUM This Month

drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel Active Iq Performance Analytics Services +6
NVD
CVSS 3.1
4.6
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy