Skip to main content
CVE-2019-1245 MEDIUM POC PATCH THREAT This Month

An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
12.9%
CVE-2019-1244 MEDIUM POC PATCH THREAT This Month

An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
12.1%
CVE-2019-8451 MEDIUM POC THREAT This Month

The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian SSRF Jira Server
NVD
CVSS 3.1
6.5
EPSS
94.5%
CVE-2019-14998 MEDIUM POC This Month

The Webwork action Cross-Site Request Forgery (CSRF) protection implementation in Jira before version 8.4.0 allows remote attackers to bypass its protection via "cookie tossing" a CSRF cookie from a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Atlassian CSRF Jira Server
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-16222 MEDIUM POC PATCH This Month

WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS) attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress PHP Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2019-16214 MEDIUM POC PATCH This Month

Libra Core before 2019-09-03 has an erroneous regular expression for inline comments, which makes it easier for attackers to interfere with code auditing by using a nonstandard line-break character. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Libra Core
NVD GitHub
CVSS 3.1
5.7
EPSS
1.3%
CVE-2019-16248 MEDIUM POC This Month

The "delete for" feature in Telegram before 5.11 on Android does not delete shared media files from the Telegram Images directory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Telegram
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-16223 MEDIUM POC This Month

WordPress before 5.2.3 allows XSS in post previews by authenticated users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Debian Linux
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
5.2%
CVE-2019-14936 MEDIUM POC This Month

Easy!Appointments 1.3.2 plugin for WordPress allows Sensitive Information Disclosure (Username and Password Hash). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Easy Appointments
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2019-8449 MEDIUM POC THREAT This Month

The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Atlassian Information Disclosure Jira
NVD Exploit-DB
CVSS 3.1
5.3
EPSS
84.8%
CVE-2019-14995 MEDIUM POC This Month

The /rest/api/1.0/render resource in Jira before version 8.4.0 allows remote anonymous attackers to determine if an attachment with a specific name exists and if an issue key is valid via a missing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Atlassian Jira Server
NVD
CVSS 3.1
5.3
EPSS
3.0%
CVE-2019-16232 MEDIUM POC This Month

drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. Rated medium severity (CVSS 4.1). Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel Ubuntu Linux +2
NVD
CVSS 3.1
4.1
EPSS
0.6%
CVE-2019-1299 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Microsoft Edge based on Edge HTML improperly handles objects in memory, aka 'Microsoft Edge based on Edge HTML Information Disclosure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Edge
NVD
CVSS 3.1
6.5
EPSS
5.8%
CVE-2019-1286 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
6.5
EPSS
5.8%
CVE-2019-1260 MEDIUM PATCH This Month

An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
6.5
EPSS
2.6%
CVE-2019-1252 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
6.5
EPSS
61.3%
CVE-2019-1209 MEDIUM PATCH This Month

An information disclosure vulnerability exists in Lync 2013, aka 'Lync 2013 Information Disclosure Vulnerability'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Lync
NVD
CVSS 3.1
6.5
EPSS
6.2%
CVE-2019-15302 MEDIUM PATCH This Month

The pad management logic in XWiki labs CryptPad before 3.0.0 allows a remote attacker (who has access to a Rich Text pad with editing rights for the URL) to corrupt it (i.e., cause data loss) via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Cryptpad
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-0928 MEDIUM PATCH This Month

A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity.

Denial Of Service Microsoft Windows 10 Windows Server 2016
NVD
CVSS 3.1
6.2
EPSS
1.7%
CVE-2019-1266 MEDIUM PATCH This Month

A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web App (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Exchange Server
NVD
CVSS 3.1
6.1
EPSS
2.0%
CVE-2019-10073 MEDIUM This Month

The "Blog", "Forum", "Contact Us" screens of the template "ecommerce" application bundled in Apache OFBiz are weak to Stored XSS attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Ofbiz
NVD
CVSS 3.1
6.1
EPSS
5.2%
CVE-2019-16221 MEDIUM This Month

WordPress before 5.2.3 allows reflected XSS in the dashboard. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Debian Linux
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2019-16220 MEDIUM PATCH This Month

In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect if a provided URL path does not start with a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress PHP Open Redirect Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
2.5%
CVE-2019-16219 MEDIUM This Month

WordPress before 5.2.3 allows XSS in shortcode previews. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Debian Linux
NVD
CVSS 3.1
6.1
EPSS
1.9%
CVE-2019-16218 MEDIUM This Month

WordPress before 5.2.3 allows XSS in stored comments. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Debian Linux
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2019-16217 MEDIUM PATCH This Month

WordPress before 5.2.3 allows XSS in media uploads because wp_ajax_upload_attachment is mishandled. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Debian Linux
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2019-14996 MEDIUM This Month

The FilterPickerPopup.jspa resource in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Atlassian Jira Server
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2019-1231 MEDIUM PATCH This Month

An information disclosure vulnerability exists in the way Rome SDK handles server SSL/TLS certificate validation, aka 'Rome SDK Information Disclosure Vulnerability'. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Project Rome
NVD
CVSS 3.1
5.9
EPSS
2.3%
CVE-2019-1293 MEDIUM PATCH This Month

An information disclosure vulnerability exists in Windows when the Windows SMB Client kernel-mode driver fails to properly handle objects in memory, aka 'Windows SMB Client Driver Information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
2.1%
CVE-2019-1289 MEDIUM PATCH This Month

An elevation of privilege vulnerability exists when the Windows Update Delivery Optimization does not properly enforce file share permissions, aka 'Windows Update Delivery Optimization Elevation of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Microsoft Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2019-1283 MEDIUM PATCH This Month

An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Information Disclosure Vulnerability'. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 7 Windows Server 2008
NVD
CVSS 3.1
5.5
EPSS
1.6%
CVE-2019-1282 MEDIUM PATCH This Month

An information disclosure exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle sandbox checks, aka 'Windows Common Log File System Driver Information Disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2019-1274 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2019-1270 MEDIUM PATCH This Month

An elevation of privilege vulnerability exists in Windows store installer where WindowsApps directory is vulnerable to symbolic link attack, aka 'Microsoft Windows Store Installer Elevation of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2019-1263 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Excel Office Office 365 Proplus
NVD
CVSS 3.1
5.5
EPSS
7.8%
CVE-2019-1254 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Windows Hyper-V writes uninitialized memory to disk, aka 'Windows Hyper-V Information Disclosure Vulnerability'. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2019-1251 MEDIUM PATCH This Month

An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.5
EPSS
1.7%
CVE-2019-1219 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows Transaction Manager improperly handles objects in memory, aka 'Windows Transaction Manager Information Disclosure Vulnerability'. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
1.7%
CVE-2019-1216 MEDIUM PATCH This Month

An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Information Disclosure Vulnerability'. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.1
5.5
EPSS
1.7%
CVE-2019-1142 MEDIUM PATCH This Month

An elevation of privilege vulnerability exists when the .NET Framework common language runtime (CLR) allows file creation in arbitrary locations, aka '.NET Framework Elevation of Privilege. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Net Framework
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2019-1305 MEDIUM PATCH This Month

A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Team Foundation Server Azure Devops Server
NVD
CVSS 3.1
5.4
EPSS
1.5%
CVE-2019-1273 MEDIUM PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize certain error messages, aka 'Active Directory Federation Services XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.4
EPSS
1.5%
CVE-2019-1262 MEDIUM POC PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Foundation
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
3.0%
CVE-2019-3761 MEDIUM This Month

The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a stored cross-site scripting vulnerability in the Access Request module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rsa Identity Governance And Lifecycle Rsa Via Lifecycle And Governance
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2019-16193 MEDIUM This Month

In ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be used to trigger a Cross Frame Scripting (XFS) attack through the EDIT MY PROFILE feature. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Arcgis Enterprise
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-16249 MEDIUM PATCH This Month

OpenCV 4.1.1 has an out-of-bounds read in hal_baseline::v_load in core/hal/intrin_sse.hpp when called from computeSSDMeanNorm in modules/video/src/dis_flow.cpp. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Opencv
NVD GitHub
CVSS 3.1
5.3
EPSS
1.7%
CVE-2019-1292 MEDIUM PATCH This Month

A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Microsoft Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
4.9
EPSS
5.1%
CVE-2019-9488 MEDIUM PATCH This Month

Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0) are vulnerable to a XML External Entity Attack. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Trend Micro Deep Security Manager Vulnerability Protection
NVD
CVSS 3.1
4.9
EPSS
1.2%
CVE-2019-8450 MEDIUM This Month

Various templates of the Optimization plugin in Jira before version 7.13.6, and from version 8.0.0 before version 8.4.0 allow remote attackers who have permission to manage custom fields to inject. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Jira Server
NVD
CVSS 3.1
4.8
EPSS
0.9%
CVE-2019-16230 MEDIUM PATCH This Month

drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. Rated medium severity (CVSS 4.7).

Denial Of Service Linux Null Pointer Dereference Linux Kernel
NVD VulDB
CVSS 3.1
4.7
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy