Skip to main content
CVE-2019-17371 MEDIUM POC This Month

gif2png 2.5.13 has a memory leak in the writefile function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gif2Png
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2019-17369 MEDIUM POC This Month

OTCMS v3.85 has CSRF in the admin/member_deal.php Admin Panel page, leading to creation of a new management group account, as demonstrated by superadmin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Otcms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2019-17368 MEDIUM POC This Month

S-CMS v1.5 has XSS in tpl.php via the member/member_login.php from parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP S Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-11341 MEDIUM POC This Month

On certain Samsung P(9.0) phones, an attacker with physical access can start a TCP Dump capture without the user's knowledge. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Samsung Android
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2019-14808 MEDIUM This Month

An issue was discovered in the RENPHO application 3.0.0 for iOS. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Renpho
NVD
CVSS 3.1
6.8
EPSS
1.3%
CVE-2019-17109 MEDIUM PATCH This Month

Koji through 1.18.0 allows remote Directory Traversal, with resultant Privilege Escalation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Path Traversal Koji
NVD
CVSS 3.1
6.5
EPSS
2.8%
CVE-2019-0067 MEDIUM This Month

Receipt of a specific link-local IPv6 packet destined to the RE may cause the system to crash and restart (vmcore). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2019-17402 MEDIUM This Month

Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Exiv2 Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2019-17092 MEDIUM This Month

An XSS vulnerability in project list in OpenProject before 9.0.4 and 10.x before 10.0.2 allows remote attackers to inject arbitrary web script or HTML via the sortBy parameter because error messages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Openproject
NVD
CVSS 3.1
6.1
EPSS
1.7%
CVE-2019-17385 MEDIUM This Month

The animate-it plugin before 2.3.5 for WordPress has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Animate It
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-17384 MEDIUM This Month

The animate-it plugin before 2.3.4 for WordPress has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Animate It
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-17380 MEDIUM This Month

cPanel before 82.0.15 allows self XSS in the WHM Update Preferences interface (SEC-528). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cpanel
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-17379 MEDIUM This Month

cPanel before 82.0.15 allows self stored XSS in the WHM SSL Storage Manager interface (SEC-527). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cpanel
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-17378 MEDIUM This Month

cPanel before 82.0.15 allows self XSS in the SSL Key Delete interface (SEC-526). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cpanel
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-17377 MEDIUM This Month

cPanel before 82.0.15 allows self XSS in LiveAPI example scripts (SEC-524). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cpanel
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-17376 MEDIUM This Month

cPanel before 82.0.15 allows self XSS in the SSL Certificate Upload interface (SEC-521). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cpanel
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2019-5506 MEDIUM This Month

Clustered Data ONTAP versions 9.0 and higher do not enforce hostname verification under certain circumstances making them susceptible to impersonation via man-in-the-middle attacks. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Clustered Data Ontap
NVD
CVSS 3.1
5.9
EPSS
0.8%
CVE-2019-6471 MEDIUM This Month

A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Denial Of Service Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager +14
NVD
CVSS 3.1
5.9
EPSS
3.3%
CVE-2019-0074 MEDIUM This Month

A path traversal vulnerability in NFX150 Series and QFX10K Series, EX9200 Series, MX Series and PTX Series devices with Next-Generation Routing Engine (NG-RE) allows a local authenticated user to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Juniper Path Traversal Junos
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-0072 MEDIUM This Month

An Unprotected Storage of Credentials vulnerability in the identity and access management certificate generation procedure allows a local attacker to gain access to confidential information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Juniper Information Disclosure Sbr Carrier
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-0069 MEDIUM This Month

On EX4600, QFX5100 Series, NFX Series, QFX10K Series, QFX5110, QFX5200 Series, QFX5110, QFX5200, QFX10K Series, vSRX, SRX1500, SRX4000 Series, vSRX, SRX1500, SRX4000, QFX5110, QFX5200, QFX10K Series,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-5507 MEDIUM This Month

SnapManager for Oracle prior to version 3.4.2P1 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oracle Snapmanager
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-3653 MEDIUM This Month

Improper access control vulnerability in Configuration tool in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to gain access to security configuration via. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Endpoint Security
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-11212 MEDIUM This Month

The MDM server component of TIBCO Software Inc's TIBCO MDM contains multiple vulnerabilities that theoretically allow an authenticated user with specific roles to perform cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Master Data Management
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-15021 MEDIUM This Month

A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that can allow an attacker to easily identify instances of Zingbox Inspectors in a local area network. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Inspector
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2019-6465 MEDIUM This Month

Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 ->. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bind Enterprise Linux
NVD
CVSS 3.1
5.3
EPSS
3.7%
CVE-2019-3652 MEDIUM This Month

Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to get their malicious code installed by the ENS installer via code. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Code Injection RCE Endpoint Security
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2019-17112 MEDIUM This Month

An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Zoho Information Disclosure Manageengine Datasecurity Plus
NVD
CVSS 3.1
4.3
EPSS
2.1%
CVE-2019-4512 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Maximo Asset Management Control Desk Maximo For Aviation +7
NVD
CVSS 3.1
4.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy