Skip to main content
CVE-2019-14721 MEDIUM POC This Month

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to remove a target user from phpMyAdmin via an attacker account. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Webpanel
NVD GitHub
CVSS 3.1
6.5
EPSS
1.8%
CVE-2019-16202 MEDIUM PATCH This Month

MISP before 2.4.115 allows privilege escalation in certain situations. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Misp
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
1.3%
CVE-2019-0357 MEDIUM This Month

The administrator of SAP HANA database, before versions 1.0 and 2.0, can misuse HANA to execute commands with operating system "root" privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure SAP Hana
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2019-12942 MEDIUM This Month

TTLock devices do not properly block guest access in certain situations where the network connection to the cloud is unavailable. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ttlock
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2019-11464 MEDIUM This Month

Some enterprises require that REST API endpoints include security-related headers in REST responses. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Couchbase Server
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-0361 MEDIUM This Month

SAP Supplier Relationship Management (Master Data Management Catalog - SRM_MDM_CAT, before versions 3.73, 7.31, 7.32) does not sufficiently encode user-controlled inputs, resulting in Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Supplier Relationship Management
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2019-14726 MEDIUM This Month

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to access and delete DNS records of a victim's account via an attacker account. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Webpanel
NVD GitHub
CVSS 3.1
5.4
EPSS
1.3%
CVE-2019-12996 MEDIUM This Month

In Mendix 7.23.5 and earlier, issue in XML import mappings allow DOCTYPE declarations in the XML input that is potentially unsafe. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Mendix
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2019-11466 MEDIUM This Month

In Couchbase Server 6.0.0 and 5.5.0, the eventing service exposes system diagnostic profile via an HTTP endpoint that does not require credentials on a port earmarked for internal traffic only. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Couchbase Server
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2019-1549 MEDIUM This Month

OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
6.2%
CVE-2019-11465 MEDIUM This Month

An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2019-5503 MEDIUM This Month

OnCommand Workflow Automation versions prior to 5.0 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Oncommand Workflow Automation
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2019-1547 MEDIUM This Month

Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. Rated medium severity (CVSS 4.7). No vendor patch available.

OpenSSL Information Disclosure
NVD
CVSS 3.1
4.7
EPSS
1.2%
CVE-2019-0364 MEDIUM This Month

Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model), before version 1.0.118, to enumerate open ports. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Hana Extended Application Services
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2019-0356 MEDIUM This Month

Under certain conditions SAP NetWeaver Process Integration Runtime Workbench - MESSAGING and SAP_XIAF (before versions 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Netweaver Process Integration
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2019-14730 MEDIUM This Month

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a domain from a victim's account via an attacker account. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Webpanel
NVD GitHub
CVSS 3.1
4.3
EPSS
1.5%
CVE-2019-14729 MEDIUM This Month

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a sub-domain from a victim's account via an attacker account. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Webpanel
NVD GitHub
CVSS 3.1
4.3
EPSS
1.5%
CVE-2019-14728 MEDIUM This Month

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to add an e-mail forwarding destination to a victim's account via an attacker account. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Webpanel
NVD GitHub
CVSS 3.1
4.3
EPSS
1.5%
CVE-2019-14727 MEDIUM This Month

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail password of a victim account via an attacker account. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Webpanel
NVD GitHub
CVSS 3.1
4.3
EPSS
1.5%
CVE-2019-14723 MEDIUM This Month

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a victim's e-mail account via an attacker account. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Webpanel
NVD GitHub
CVSS 3.1
4.3
EPSS
1.5%
CVE-2019-14722 MEDIUM This Month

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete an e-mail forwarding destination from a victim's account via an attacker account. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Webpanel
NVD GitHub
CVSS 3.1
4.3
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy