Skip to main content
CVE-2019-12758 MEDIUM POC This Month

Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to an unsigned code execution vulnerability, which may allow an individual to execute code without a resident proper digital. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Endpoint Protection
NVD
CVSS 3.1
6.7
EPSS
0.7%
CVE-2019-16762 MEDIUM POC PATCH This Month

A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slpjs npm package. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Node.js Information Disclosure Slpjs
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-14343 MEDIUM POC PATCH This Month

TemaTres 3.0 has stored XSS via the value parameter to the vocab/admin.php?vocabulario_id=list URI. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS PHP Tematres
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2019-6662 MEDIUM This Month

On BIG-IP 13.1.0-13.1.1.4, sensitive information is logged into the local log files and/or remote logging targets when restjavad processes an invalid request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +9
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-16761 MEDIUM PATCH This Month

A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slp-validate@1.0.0 npm package. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity.

Node.js Information Disclosure Slp Validate
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-18982 MEDIUM PATCH This Month

bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore before 6.3.0 allows script execution in the Email Log preview window because of the lack of a Content-Security-Policy header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Pimcore
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-6663 MEDIUM This Month

The BIG-IP 15.0.0-15.0.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5.1, BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1 configuration. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +12
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2019-18987 MEDIUM PATCH This Month

An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Abusefilter
NVD
CVSS 3.1
5.3
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy