Skip to main content
CVE-2019-5023 MEDIUM POC This Month

An exploitable vulnerability exists in the grsecurity PaX patch for the function read_kmem, in PaX from version pax-linux-4.9.8-test1 to 4.9.24-test7, grsecurity official from version. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service Grsecurity Pax
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2019-18644 MEDIUM POC This Month

The malware scan function in Total Defense Anti-virus 11.5.2.28 is vulnerable to a TOCTOU bug; consequently, symbolic link attacks allow privileged files to be deleted. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Anti Virus
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2019-18645 MEDIUM POC This Month

The quarantine restoration function in Total Defense Anti-virus 11.5.2.28 is vulnerable to symbolic link attacks, allowing files to be written to privileged directories. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Anti Virus
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-16907 MEDIUM POC This Month

An issue was discovered in the Infosysta "In-App & Desktop Notifications" app 1.6.13_J8 for Jira. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Atlassian In App Desktop Notifications
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2019-14356 MEDIUM POC PATCH This Month

On Coldcard MK1 and MK2 devices, a side channel for the row-based OLED display was found. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Coldcard Mk1 Firmware Coldcard Mk2 Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2019-16295 MEDIUM POC This Month

Stored XSS in filemanager2.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.885 exists via the cmd_arg parameter. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webpanel
NVD
CVSS 3.1
4.6
EPSS
0.5%
CVE-2019-5095 MEDIUM POC This Month

An issue summary information disclosure vulnerability exists in Atlassian Jira Tempo plugin, version 4.10.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Atlassian Information Disclosure Tempo
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2019-18424 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Privilege Escalation Command Injection Xen Debian Linux Fedora +1
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2019-18229 MEDIUM This Month

Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Wise Paas Rmm
NVD
CVSS 3.1
6.5
EPSS
2.4%
CVE-2019-18420 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Xen Debian Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2019-18656 MEDIUM PATCH This Month

Pimcore 6.2.3 has XSS in the translations grid because bundles/AdminBundle/Resources/public/js/pimcore/settings/translations.js mishandles certain HTML elements. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Pimcore
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-17551 MEDIUM This Month

In Apak Wholesale Floorplanning Finance 6.31.8.3 and 6.31.8.5, an attacker can send an authenticated POST request with a malicious payload to /WFS/agreementView.faces allowing a stored XSS via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wholesale Floorplanning Finance
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-3419 MEDIUM This Month

A security vulnerability exists in a management port in the version of ZTE's ZXMP M721V3.10P01B10_M2NCP. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Zte Denial Of Service Zxmp M721 Dx Firmware
NVD
CVSS 3.1
5.7
EPSS
0.5%
CVE-2019-18657 MEDIUM PATCH This Month

ClickHouse before 19.13.5.44 allows HTTP header injection via the url table function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Clickhouse
NVD GitHub
CVSS 3.1
5.3
EPSS
1.5%
CVE-2019-18369 MEDIUM This Month

In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Youtrack
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2019-18367 MEDIUM This Month

In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2019-18366 MEDIUM This Month

In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Teamcity
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2019-18363 MEDIUM This Month

In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2019-18362 MEDIUM This Month

JetBrains MPS before 2019.2.2 exposed listening ports to the network. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mps
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2019-18361 MEDIUM This Month

JetBrains IntelliJ IDEA before 2019.2 allows local user privilege escalation, potentially leading to arbitrary code execution. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Intellij Idea
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2019-18360 MEDIUM This Month

In JetBrains Hub versions earlier than 2019.1.11738, username enumeration was possible through password recovery. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hub
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2019-16251 MEDIUM This Month

plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP WordPress Information Disclosure Yith Woocommerce Wishlist Yith Woocommerce Compare +36
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2019-18365 MEDIUM This Month

In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Teamcity
NVD
CVSS 3.1
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy