Skip to main content
CVE-2019-12586 MEDIUM POC This Month

The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Arduino Esp32 Esp Idf Esp8266 Nonos Sdk
NVD GitHub
CVSS 3.0
6.5
EPSS
1.4%
CVE-2019-12588 MEDIUM POC This Month

The client 802.11 mac implementation in Espressif ESP8266_NONOS_SDK 2.2.0 through 3.1.0 does not validate correctly the RSN AuthKey suite list count in beacon frames, probe responses, and association. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Arduino Esp8266 Esp8266 Nonos Sdk
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-14470 MEDIUM POC THREAT This Month

cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php error_description parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Instagram Php Api User Pro
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
83.0%
CVE-2019-15902 MEDIUM POC This Month

A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Rated medium severity (CVSS 5.6). Public exploit code available and no vendor patch available.

Linux Information Disclosure Linux Kernel Active Iq Performance Analytics Services Service Processor +3
NVD
CVSS 3.1
5.6
EPSS
0.6%
CVE-2019-15924 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.0.11. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Linux Intel Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.5%
CVE-2019-15923 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.0.9. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.6%
CVE-2019-15922 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.0.9. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.5%
CVE-2019-15814 MEDIUM POC This Month

Multiple stored XSS vulnerabilities in Sentrifugo 3.2 could allow authenticated users to inject arbitrary web script or HTML. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sentrifugo
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
1.6%
CVE-2019-15921 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.0.6. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Linux Information Disclosure Linux Kernel Leap
NVD GitHub
CVSS 3.1
4.7
EPSS
0.5%
CVE-2019-15718 MEDIUM POC PATCH This Month

In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Systemd Fedora Openshift Container Platform Enterprise Linux +10
NVD
CVSS 3.1
4.4
EPSS
0.5%
CVE-2019-15920 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.0.10. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +1
NVD GitHub
CVSS 3.1
4.3
EPSS
1.8%
CVE-2019-14319 MEDIUM This Month

The TikTok (formerly Musical.ly) application 12.2.0 for Android and iOS performs unencrypted transmission of images, videos, and likes. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Apple Information Disclosure Tiktok
NVD GitHub
CVSS 3.0
6.5
EPSS
1.1%
CVE-2019-13975 MEDIUM This Month

eGain Chat 15.0.3 allows HTML Injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Chat
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-13209 MEDIUM PATCH This Month

Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Kubernetes Rancher
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2019-6647 MEDIUM This Month

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4.1, 11.5.2-11.6.4, when processing authentication attempts for control-plane users MCPD leaks a small amount of memory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Local Traffic Manager Big Ip Advanced Firewall Manager Big Ip Application Acceleration Manager Big Ip Analytics +9
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2019-6648 MEDIUM This Month

On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Kubernetes Red Hat Container Ingress Service Openshift
NVD
CVSS 3.1
4.4
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy