Skip to main content
CVE-2019-17108 MEDIUM POC PATCH This Month

Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Centreon Web
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2019-10756 MEDIUM POC PATCH This Month

It is possible to inject JavaScript within node-red-dashboard versions prior to version 2.17.0 due to the ui_notification node accepting raw HTML by default. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Node Red Dashboard
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-16417 MEDIUM POC This Month

HRworks FLOW 3.36.9 allows XSS via the purpose of a travel-expense report. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hrworks
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-16416 MEDIUM POC This Month

HRworks 3.36.9 allows XSS via the purpose of a travel-expense report. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hrworks
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-17271 MEDIUM POC PATCH This Month

vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Vbulletin
NVD
CVSS 3.1
4.9
EPSS
1.4%
CVE-2019-10963 MEDIUM POC This Month

Moxa EDR 810, all versions 5.1 and prior, allows an unauthenticated attacker to be able to retrieve some log files from the device, which may allow sensitive information disclosure. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Edr 810 Firmware
NVD Exploit-DB
CVSS 3.1
4.3
EPSS
6.3%
CVE-2019-17343 MEDIUM This Month

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Xen Debian Linux
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2019-0370 MEDIUM This Month

Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection SAP Financial Consolidation
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2019-17106 MEDIUM PATCH This Month

In Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external components. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Centreon Web
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-17348 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Xen Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2019-17345 MEDIUM This Month

An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2019-17344 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Xen Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2019-17351 MEDIUM PATCH This Month

An issue was discovered in drivers/xen/balloon.c in the Linux kernel before 5.2.3, as used in Xen through 4.12.x, allowing guest OS users to cause a denial of service because of unrestricted resource. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Linux Xen Linux Kernel
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2019-10215 MEDIUM PATCH This Month

Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-site scripting flaw in the highlighter() function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Bootstrap 3 Typeahead
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2019-0381 MEDIUM This Month

A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, before version 16.1, and SAP Dynamic Tier, before versions 1.0 and 2.0, can result in the inadvertent access of files located in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Information Disclosure SAP Dynamic Tier Sap Iq +1
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-17257 MEDIUM This Month

IrfanView 4.53 allows a Exception Handler Chain to be Corrupted starting at EXR!ReadEXR+0x000000000002af80. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Irfanview
NVD GitHub
CVSS 3.1
5.5
EPSS
1.3%
CVE-2019-17349 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a LoadExcl or StoreExcl operation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Xen Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-17350 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a compare-and-exchange operation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Microsoft Xen Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-0378 MEDIUM This Month

SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before version 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2019-0377 MEDIUM This Month

SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2019-0376 MEDIUM This Month

SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows an attacker to save. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2019-0375 MEDIUM This Month

SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-0374 MEDIUM This Month

SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-0369 MEDIUM This Month

SAP Financial Consolidation, before versions 10.0 and 10.1, does not sufficiently encode user-controlled inputs, which allows an attacker to execute scripts by uploading files containing malicious. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Financial Consolidation
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2019-0368 MEDIUM This Month

SAP Customer Relationship Management (Email Management), versions: S4CRM before 1.0 and 2.0, BBPCRM before 7.0, 7.01, 7.02, 7.12, 7.13 and 7.14, does not sufficiently encode user-controlled inputs. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Customer Relationship Management Bbpcrm Customer Relationship Management S4Crm
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2019-0379 MEDIUM This Month

SAP Process Integration, business-to-business add-on, versions 1.0, 2.0, does not perform authentication check properly when the default security provider is changed to BouncyCastle (BC), leading to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass SAP Process Integration
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2019-14845 MEDIUM This Month

A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Openshift
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2019-17105 MEDIUM PATCH This Month

The token generator in index.php in Centreon Web before 2.8.27 is predictable. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure Centreon Web
NVD GitHub
CVSS 3.1
5.3
EPSS
1.6%
CVE-2019-0380 MEDIUM This Month

Under certain conditions, SAP Landscape Management enterprise edition, before version 3.0, allows custom secure parameters’ default values to be part of the application logs leading to Information. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Landscape Management
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2019-0367 MEDIUM This Month

SAP NetWeaver Process Integration (B2B Toolkit), before versions 1.0 and 2.0, does not perform necessary authorization checks for an authenticated user, allowing the import of B2B table content that. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Netweaver Process Integration
NVD
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy