Skip to main content
CVE-2019-18219 MEDIUM This Month

Sitemagic CMS 4.4.1 is affected by a Cross-Site-Scripting (XSS) vulnerability, as it fails to validate user input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Sitemagic
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-12415 MEDIUM PATCH This Month

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

XXE Microsoft Apache Poi Application Testing Suite +25
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2019-11282 MEDIUM This Month

Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cf Deployment Cloud Foundry Uaa
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2019-18281 MEDIUM PATCH This Month

An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Qtbase Debian Linux
NVD
CVSS 3.1
4.3
EPSS
2.1%
CVE-2019-10474 MEDIUM This Month

A missing permission check in Jenkins Global Post Script Plugin in allowed users with Overall/Read access to list the scripts available to the plugin stored on the Jenkins master file system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jenkins Global Post Script
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2019-10473 MEDIUM PATCH This Month

A missing permission check in Jenkins Libvirt Slaves Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jenkins Libvirt Slaves
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2019-10465 MEDIUM This Month

A missing permission check in Jenkins Deploy WebLogic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials, or determine. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jenkins Oracle Deploy Weblogic
NVD
CVSS 3.1
4.3
EPSS
0.8%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy