Skip to main content
CVE-2019-3967 MEDIUM POC THREAT This Month

In OpenEMR 5.0.1 and earlier, the patient file download interface contains a directory traversal flaw that allows authenticated attackers to download arbitrary files from the host system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Openemr
NVD
CVSS 3.0
6.5
EPSS
30.3%
CVE-2019-3966 MEDIUM POC This Month

In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the foreign_id parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE PHP Openemr
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-3965 MEDIUM POC This Month

In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the document_id parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE PHP Openemr
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-3964 MEDIUM POC THREAT This Month

In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the doc_id parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE PHP Openemr
NVD
CVSS 3.0
6.1
EPSS
53.5%
CVE-2019-3963 MEDIUM POC THREAT This Month

In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the patient_id parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE PHP Openemr
NVD
CVSS 3.0
6.1
EPSS
53.7%
CVE-2019-15233 MEDIUM POC This Month

The Live:Text Box macro in the Old Street Live Input Macros app before 2.11 for Confluence has XSS, leading to theft of the Administrator Session Cookie. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Atlassian Live Input Macros
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2019-15227 MEDIUM POC This Month

FlightPath 4.8.3 has XSS in the Content, Edit urgent message, and Users sections of the Admin Console. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Flightpath
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-11522 MEDIUM POC This Month

OX App Suite 7.10.0 to 7.10.2 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2019-15228 MEDIUM POC This Month

FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin console. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fuel Cms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2019-5034 MEDIUM POC This Month

An exploitable information disclosure vulnerability exists in the Weave Legacy Pairing functionality of Nest Cam IQ Indoor version 4620002. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Nest Cam Iq Indoor Firmware
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2019-14430 MEDIUM POC PATCH This Month

plugin/Audit/Objects/AuditTable.php in YouPHPTube through 7.2 allows SQL Injection. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi PHP Youphptube
NVD GitHub Exploit-DB
CVSS 3.0
5.3
EPSS
3.0%
CVE-2019-15291 MEDIUM POC This Month

An issue was discovered in the Linux kernel through 5.2.9. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.0
4.6
EPSS
0.7%
CVE-2019-8040 MEDIUM PATCH This Month

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Adobe Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
6.5
EPSS
3.1%
CVE-2019-4167 MEDIUM This Month

IBM StoredIQ 7.6.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Storediq
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2019-2129 MEDIUM This Month

In extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2019-3753 MEDIUM This Month

Dell EMC PowerConnect 8024, 7000, M6348, M6220, M8024 and M8024-K running firmware versions prior to 5.1.15.2 contain a plain-text password storage vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Powerconnect 8024 Firmware Emc Powerconnect 7000 Firmware Emc Powerconnect M6348 Firmware +3
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2019-8027 MEDIUM PATCH This Month

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

RCE Buffer Overflow Adobe Memory Corruption Acrobat Dc +1
NVD
CVSS 3.1
6.3
EPSS
2.3%
CVE-2019-4420 MEDIUM This Month

IBM Intelligent Operations Center V5.1.0 through V5.2.0 could disclose detailed error messages, revealing sensitive information that could aid in further attacks against the system. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Intelligent Operations Center Intelligent Operations Center For Emergency Management Water Operations For Waternamics
NVD
CVSS 3.1
6.2
EPSS
0.4%
CVE-2019-15082 MEDIUM This Month

The 360-product-rotation plugin before 1.4.8 for WordPress has reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress 360 Product Rotation
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-4425 MEDIUM This Month

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow a user to obtain highly sensitive information from another user by inserting links that would be clicked on by. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Business Automation Workflow Business Process Manager
NVD
CVSS 3.1
5.7
EPSS
1.2%
CVE-2019-2137 MEDIUM This Month

In the endCall() function of TelecomManager.java, there is a possible Denial of Service due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service Google Android
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2019-2136 MEDIUM This Month

In Status::readFromParcel of Status.cpp, there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2019-2135 MEDIUM This Month

In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2019-4049 MEDIUM PATCH This Month

IBM MQ 9.1.0.0, 9.1.0.1, 9.1.1, and 9.1.0.2 is vulnerable to a denial of service due to a local user being able to fill up the disk space of the underlying filesystem using the error logging service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service IBM Mq
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-4482 MEDIUM This Month

IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Emptoris Spend Analysis
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-4120 MEDIUM This Month

IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Cloud Private
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-8097 MEDIUM PATCH This Month

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Adobe Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
5.3
EPSS
2.2%
CVE-2019-4437 MEDIUM This Month

IBM API Connect 2018.1 through 2018.4.1.6 may inadvertently leak sensitive details about internal servers and network via API swagger. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Api Connect
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2019-8059 MEDIUM PATCH This Month

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Adobe RCE Memory Corruption Use After Free +2
NVD
CVSS 3.1
4.3
EPSS
3.2%
CVE-2019-8058 MEDIUM PATCH This Month

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Adobe RCE Memory Corruption Use After Free +2
NVD
CVSS 3.1
4.3
EPSS
3.2%
CVE-2019-8056 MEDIUM PATCH This Month

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Adobe RCE Memory Corruption Use After Free +2
NVD
CVSS 3.1
4.3
EPSS
3.2%
CVE-2019-8054 MEDIUM PATCH This Month

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Adobe RCE Memory Corruption Use After Free +2
NVD
CVSS 3.1
4.3
EPSS
3.6%
CVE-2019-8053 MEDIUM PATCH This Month

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Adobe RCE Memory Corruption Use After Free +2
NVD
CVSS 3.1
4.3
EPSS
3.6%
CVE-2019-8052 MEDIUM PATCH This Month

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Adobe Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
4.3
EPSS
2.2%
CVE-2019-8051 MEDIUM PATCH This Month

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Adobe RCE Memory Corruption Use After Free +2
NVD
CVSS 3.1
4.3
EPSS
3.2%
CVE-2019-8037 MEDIUM PATCH This Month

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Adobe Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
4.3
EPSS
2.2%
CVE-2019-8035 MEDIUM PATCH This Month

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Adobe Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
4.3
EPSS
2.6%
CVE-2019-4485 MEDIUM This Month

IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Emptoris Contract Management Emptoris Sourcing Emptoris Spend Analysis
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2019-4484 MEDIUM This Month

IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Emptoris Contract Management Emptoris Sourcing Emptoris Spend Analysis
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2019-4308 MEDIUM This Month

IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Emptoris Contract Management Emptoris Sourcing Emptoris Spend Analysis
NVD
CVSS 3.1
4.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy