Skip to main content
CVE-2019-13066 MEDIUM POC This Month

Sahi Pro 8.0.0 has a script manager arena located at _s_/dyn/pro/DBReports with many different areas that are vulnerable to reflected XSS, by updating a script's Script Name, Suite Name, Base URL,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Google Sahi Pro
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-10743 MEDIUM POC PATCH This Month

All versions of archiver allow attacker to perform a Zip Slip attack via the "unarchive" functions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal RCE Archiver
NVD GitHub
CVSS 3.1
5.5
EPSS
6.6%
CVE-2019-9758 MEDIUM POC This Month

An issue was discovered in LabKey Server 19.1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Privilege Escalation Labkey Server
NVD GitHub
CVSS 3.1
5.4
EPSS
1.0%
CVE-2019-6846 MEDIUM This Month

A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Modicon M580 Firmware Modicon M340 Firmware Modicon Bmxcra Firmware Modicon 140Cra Firmware
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-18611 MEDIUM PATCH This Month

An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Checkuser
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-4306 MEDIUM PATCH This Month

IBM Security Guardium Big Data Intelligence (SonarG) 4.0 specifies permissions for a security-critical resource which could lead to the exposure of sensitive information or the modification of that. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

IBM Information Disclosure Security Guardium Big Data Intelligence
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-18603 MEDIUM This Month

OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent over the network to a peer. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Openafs Debian Linux
NVD
CVSS 3.1
5.9
EPSS
1.2%
CVE-2019-4309 MEDIUM PATCH This Month

IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses hard coded credentials which could allow a local user to obtain highly sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass IBM Security Guardium Big Data Intelligence
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-4307 MEDIUM PATCH This Month

IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores user credentials in plain in clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM Information Disclosure Security Guardium Big Data Intelligence
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-18612 MEDIUM PATCH This Month

An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Abusefilter
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2019-4600 MEDIUM This Month

IBM API Connect version V5.0.0.0 through 5.0.8.7 could reveal sensitive information to an attacker using a specially crafted HTTP request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Api Connect
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2019-4311 MEDIUM PATCH This Month

IBM Security Guardium Big Data Intelligence (SonarG) 4.0 discloses sensitive information to unauthorized users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass IBM Security Guardium Big Data Intelligence
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2019-6847 MEDIUM This Month

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Modicon M580 Firmware Modicon M340 Firmware Modicon Bmxcra Firmware Modicon 140Cra Firmware
NVD
CVSS 3.1
4.9
EPSS
1.0%
CVE-2019-6844 MEDIUM This Month

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Modicon M580 Firmware Modicon M340 Firmware Modicon Bmxcra Firmware Modicon 140Cra Firmware
NVD
CVSS 3.1
4.9
EPSS
1.0%
CVE-2019-6843 MEDIUM This Month

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with firmware (version prior to V3.10), Modicon M340 (all firmware versions), and Modicon BMxCRA and 140CRA. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Modicon M580 Firmware Modicon M340 Firmware Modicon Bmxcra Firmware Modicon 140Cra Firmware
NVD
CVSS 3.1
4.9
EPSS
1.0%
CVE-2019-6842 MEDIUM This Month

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Modicon M580 Firmware Modicon M340 Firmware Modicon Bmxcra Firmware Modicon 140Cra Firmware
NVD
CVSS 3.1
4.9
EPSS
1.0%
CVE-2019-6841 MEDIUM This Month

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with firmware (version prior to V3.10), Modicon M340 (all firmware versions), and Modicon BMxCRA and 140CRA. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Modicon M580 Firmware Modicon M340 Firmware Modicon Bmxcra Firmware Modicon 140Cra Firmware
NVD
CVSS 3.1
4.9
EPSS
24.4%
CVE-2019-5533 MEDIUM This Month

In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloCloud Orchestrator parameter authorization check mistakenly allows enterprise users to obtain information of Managed Service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass VMware Sd Wan By Velocloud
NVD
CVSS 3.1
4.3
EPSS
17.9%
CVE-2019-4330 MEDIUM PATCH This Month

IBM Security Guardium Big Data Intelligence (SonarG) 4.0 does not set the secure attribute for cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium Big Data Intelligence
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2019-4329 MEDIUM PATCH This Month

IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass IBM Security Guardium Big Data Intelligence
NVD
CVSS 3.1
4.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy