Skip to main content
CVE-2019-16198 MEDIUM POC This Month

KSLabs KSWEB 3.93 allows ../ directory traversal, as demonstrated by the hostFile parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ksweb
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2019-16931 MEDIUM POC This Month

A stored XSS vulnerability in the Visualizer plugin 3.3.0 for WordPress allows an unauthenticated attacker to execute arbitrary JavaScript when an admin or other privileged user edits the chart via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Visualizer
NVD
CVSS 3.1
6.1
EPSS
3.3%
CVE-2019-15809 MEDIUM POC This Month

Smart cards from the Athena SCS manufacturer, based on the Atmel Toolbox 00.03.11.05 and the AT90SC chip, contain a timing side channel in ECDSA signature generation. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Information Disclosure Atmel Toolbox Idprotect S A Idflex V Armored Card +1
NVD
CVSS 3.1
4.7
EPSS
0.5%
CVE-2019-13629 MEDIUM This Month

MatrixSSL 4.2.1 and earlier contains a timing side channel in ECDSA signature generation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Matrixssl
NVD
CVSS 3.1
5.9
EPSS
1.2%
CVE-2019-15165 MEDIUM PATCH This Month

sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Libpcap Debian Linux Leap Communications Operations Monitor +7
NVD GitHub
CVSS 3.1
5.3
EPSS
2.8%
CVE-2019-15164 MEDIUM PATCH This Month

rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture source. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Libpcap
NVD GitHub
CVSS 3.1
5.3
EPSS
2.9%
CVE-2019-15162 MEDIUM PATCH This Month

rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authentication failed, which might make it easier for attackers to enumerate valid usernames. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Libpcap
NVD GitHub
CVSS 3.1
5.3
EPSS
1.8%
CVE-2019-15161 MEDIUM PATCH This Month

rpcapd/daemon.c in libpcap before 1.9.1 mishandles certain length values because of reuse of a variable. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Libpcap
NVD GitHub
CVSS 3.1
5.3
EPSS
2.8%
CVE-2019-4441 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Websphere Application Server
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2019-13628 MEDIUM PATCH This Month

wolfSSL and wolfCrypt 4.0.0 and earlier (when configured without --enable-fpecc, --enable-sp, or --enable-sp-math) contain a timing side channel in ECDSA signature generation. Rated medium severity (CVSS 4.7). No vendor patch available.

Information Disclosure Wolfssl
NVD
CVSS 3.1
4.7
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy