Skip to main content
CVE-2019-13140 MEDIUM POC This Month

Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Eg200 Firmware
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
2.0%
CVE-2019-16352 MEDIUM POC This Month

ffjpeg before 2019-08-21 has a heap-based buffer overflow in jfif_load() at jfif.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Ffjpeg
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2019-16351 MEDIUM POC This Month

ffjpeg before 2019-08-18 has a NULL pointer dereference in huffman_decode_step() at huffman.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ffjpeg
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2019-16350 MEDIUM POC This Month

ffjpeg before 2019-08-18 has a NULL pointer dereference in idct2d8x8() at dct.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ffjpeg
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2019-16348 MEDIUM POC This Month

marc-q libwav through 2017-04-20 has a NULL pointer dereference in gain_file() at wav_gain.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libwav
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-8368 MEDIUM POC THREAT This Month

OpenEMR v5.0.1-6 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openemr
NVD
CVSS 3.1
6.1
EPSS
46.9%
CVE-2019-15950 MEDIUM POC This Month

The CRM Plugin before 4.2.4 for Redmine allows XSS via crafted vCard data. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Crm
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-16197 MEDIUM POC PATCH This Month

In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dolibarr Erp Crm
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
3.0%
CVE-2019-16370 MEDIUM POC PATCH This Month

The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Gradle
NVD GitHub
CVSS 3.1
5.9
EPSS
1.0%
CVE-2019-16355 MEDIUM POC PATCH This Month

The File Session Manager in Beego 1.10.0 allows local users to read session files because of weak permissions for individual files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Beego
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-16349 MEDIUM POC This Month

Bento4 1.5.1-628 has a NULL pointer dereference in AP4_ByteStream::ReadUI32 in Core/Ap4ByteStream.cpp when called from the AP4_TrunAtom class. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Bento4
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2019-11166 MEDIUM PATCH This Month

Improper file permissions in the installer for Intel(R) Easy Streaming Wizard before version 2.1.0731 may allow an authenticated user to potentially enable escalation of privilege via local attack. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Privilege Escalation Intel Easy Streaming Wizard
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2019-15737 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-15739 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition 8.1 through 12.2.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2019-15724 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.2.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2019-15721 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition 10.8 through 12.2.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2019-15740 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition 7.9 through 12.2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2019-15738 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2019-15732 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition 12.2 through 12.2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2019-15731 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Gitlab
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2019-15727 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition 11.2 through 12.2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2019-15726 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2019-15723 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition 11.9.x and 11.10.x before 11.10.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2019-11184 MEDIUM This Month

A race condition in specific microprocessors using Intel (R) DDIO cache allocation and RDMA may allow an authenticated user to potentially enable partial information disclosure via adjacent access. Rated medium severity (CVSS 4.8). No vendor patch available.

Race Condition Intel Information Disclosure 6138 Firmware 6130T Firmware +240
NVD
CVSS 3.1
4.8
EPSS
0.8%
CVE-2019-16354 MEDIUM PATCH This Month

The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Information Disclosure Beego
NVD GitHub
CVSS 3.1
4.7
EPSS
0.2%
CVE-2019-15734 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition 8.6 through 12.2.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2019-15733 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition 7.12 through 12.2.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy