Skip to main content
CVE-2019-18799 MEDIUM POC This Month

LibSass before 3.6.3 allows a NULL pointer dereference in Sass::Parser::parseCompoundSelector in parser_selectors.cpp. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libsass
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-18798 MEDIUM POC This Month

LibSass before 3.6.3 allows a heap-based buffer over-read in Sass::weaveParents in ast_sel_weave.cpp. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libsass
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-18797 MEDIUM POC This Month

LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sass::Binary_Expression*) in eval.cpp. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libsass
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2019-5643 MEDIUM POC This Month

Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.5 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Computing For Good S Basic Laboratory Information System
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2019-14847 MEDIUM POC This Month

A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Privilege Escalation Denial Of Service Samba Fedora +1
NVD
CVSS 3.1
4.9
EPSS
2.4%
CVE-2019-8232 MEDIUM PATCH This Month

In Magento prior to 1.9.4.3, Magento prior to 1.14.4.3, Magento 2.2 prior to 2.2.10, and Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an authenticated user with administrative privileges for the import. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition RCE Adobe Magento
NVD
CVSS 3.1
6.6
EPSS
0.9%
CVE-2019-16401 MEDIUM This Month

Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G955USQU5CRG3, Baseband Vendor: Qualcomm Snapdragon 835, Baseband: G955USQU5CRG3), Samsung Galaxy S3 (Android version: 4.3, Build. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Qualcomm Information Disclosure Samsung Galaxy S8 Plus Firmware +2
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2019-16400 MEDIUM This Month

Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G955USQU5CRG3, Baseband Vendor: Qualcomm Snapdragon 835, Baseband: G955USQU5CRG3), Samsung Galaxy S3 (Android version: 4.3, Build. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Qualcomm Samsung Galaxy S8 Plus Firmware +2
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2019-12406 MEDIUM PATCH This Month

Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Apache Cxf Commerce Guided Search Flexcube Private Banking +1
NVD
CVSS 3.1
6.5
EPSS
6.3%
CVE-2019-10504 MEDIUM This Month

Firmware not able to send EXT scan response to host within 1 sec due to resource consumption issue in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Qualcomm Mdm9206 Firmware Mdm9607 Firmware Msm8909W Firmware +24
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2019-10218 MEDIUM This Month

A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Samba Fedora
NVD
CVSS 3.1
6.5
EPSS
3.5%
CVE-2019-8143 MEDIUM PATCH This Month

A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Adobe Magento
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-8133 MEDIUM PATCH This Month

A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Adobe Magento
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-13077 MEDIUM This Month

Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the sam_detail_titled.php SAM_TYPE parameter) that allows an attacker to create a malicious link in order. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Kace Systems Management Appliance
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-12917 MEDIUM This Month

A reflected XSS vulnerability exists in Quest KACE Systems Management Appliance Server Center 9.1.317 affecting the userui/software_library.php component via the PATH_INFO. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Kace Systems Management Appliance
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-8233 MEDIUM PATCH This Month

In Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an unauthenticated user can inject arbitrary JavaScript code as a result of the sanitization engine ignoring HTML comments. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Adobe Magento
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-8153 MEDIUM PATCH This Month

A mitigation bypass to prevent cross-site scripting (XSS) exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Adobe Magento
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2019-2275 MEDIUM This Month

While deserializing any key blob during key operations, buffer overflow could occur exposing partial key information if any key operations are invoked(Depends on CVE-2018-13907) in Snapdragon Auto,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Mdm9150 Firmware Mdm9205 Firmware Mdm9206 Firmware +40
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-10515 MEDIUM PATCH This Month

DCI client which might be preemptively freed up might be accessed for transferring packets leading to kernel error in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Qualcomm Information Disclosure Memory Corruption Mdm9150 Firmware +38
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-18786 MEDIUM PATCH This Month

In the Linux kernel through 5.3.8, f->fmt.sdr.reserved is uninitialized in rcar_drif_g_fmt_sdr_cap in drivers/media/platform/rcar_drif.c, which could cause a memory disclosure problem. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Linux Information Disclosure Linux Kernel Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-13081 MEDIUM This Month

Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the title field in the /common/ticket_associated_tickets.php service desk ticket functionality) that allows. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Kace Systems Management Appliance
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2019-13080 MEDIUM This Month

Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via an SVG image and HTML file) that allows an authenticated user to execute arbitrary JavaScript in an. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Kace Systems Management Appliance
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2019-14833 MEDIUM PATCH This Month

A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Samba Fedora Leap
NVD
CVSS 3.1
5.4
EPSS
2.1%
CVE-2019-8157 MEDIUM PATCH This Month

A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Adobe Magento
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-8145 MEDIUM PATCH This Month

A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Adobe Magento
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-8132 MEDIUM PATCH This Month

A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Adobe Magento
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-8152 MEDIUM PATCH This Month

A stored cross-site scripting (XSS) vulnerability exists in in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Adobe Magento
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-8147 MEDIUM PATCH This Month

A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Adobe Magento
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-8146 MEDIUM PATCH This Month

A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Adobe Magento
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-8142 MEDIUM PATCH This Month

A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Adobe Magento
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-8139 MEDIUM PATCH This Month

A stored cross-site scripting (XSS) vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Adobe Magento
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-8138 MEDIUM PATCH This Month

A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Adobe Magento
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-8131 MEDIUM PATCH This Month

A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Adobe Magento
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-8129 MEDIUM PATCH This Month

A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Adobe Magento
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-8128 MEDIUM PATCH This Month

A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Adobe Magento
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-18674 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Joomla
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2019-8140 MEDIUM PATCH This Month

An unrestricted file upload vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

PHP File Upload Adobe Magento
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2019-8228 MEDIUM This Month

in Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code into transactional email page when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Adobe Magento
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2019-8227 MEDIUM PATCH This Month

In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code via import / export functionality when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Adobe Magento
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2019-8148 MEDIUM PATCH This Month

A stored cross-site scripting (XSS) vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.

XSS Adobe Magento
NVD
CVSS 3.1
4.8
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy