Skip to main content
CVE-2019-19221 MEDIUM POC PATCH This Month

In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libarchive Debian Linux Fedora +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2019-19037 MEDIUM POC This Month

ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4_read_dirblock(inode,0,DIRENT_HTREE) can be zero. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.1
5.5
EPSS
1.9%
CVE-2019-19039 MEDIUM POC This Month

__btrfs_free_extent in fs/btrfs/extent-tree.c in the Linux kernel through 5.3.12 calls btrfs_print_leaf in a certain ENOENT case, which allows local users to obtain potentially sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Linux Information Disclosure Linux Kernel Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2019-19036 MEDIUM POC This Month

btrfs_root_node in fs/btrfs/ctree.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because rcu_dereference(root->node) can be zero. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.1
5.5
EPSS
1.8%
CVE-2019-18890 MEDIUM This Month

A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected information via a crafted object query. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Redmine Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
4.3%
CVE-2019-6693 MEDIUM KEV THREAT This Month

Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Information Disclosure Fortios
NVD
CVSS 3.1
6.5
EPSS
5.7%
CVE-2019-16545 MEDIUM PATCH This Month

Jenkins QMetry for JIRA - Test Management Plugin transmits credentials in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian Jenkins Information Disclosure Jenkins Qmetry For Jira
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2019-16542 MEDIUM PATCH This Month

Jenkins Anchore Container Image Scanner Plugin 1.0.19 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Anchore Container Image Scanner
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-16540 MEDIUM PATCH This Month

A path traversal vulnerability in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete arbitrary files on the Jenkins master. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Jenkins Support Core
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2019-16539 MEDIUM PATCH This Month

A missing permission check in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete support bundles. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Support Core
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2019-16546 MEDIUM PATCH This Month

Jenkins Google Compute Engine Plugin 4.1.1 and earlier does not verify SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Jenkins Google Google Compute Engine
NVD
CVSS 3.1
5.9
EPSS
0.9%
CVE-2019-2336 MEDIUM This Month

Subsequent use of the CBO listener may result in further memory corruption due to use after free issue. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Qualcomm Memory Corruption Use After Free +7
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-2318 MEDIUM This Month

Non Secure Kernel can cause Trustzone to do an arbitrary memory read which will result into DOS in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure Apq8017 Firmware Apq8053 Firmware +17
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-2295 MEDIUM This Month

Information disclosure due to lack of address range check done on the SysDBG buffers in SDI code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure Apq8009 Firmware Apq8017 Firmware +30
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-16543 MEDIUM PATCH This Month

Jenkins Spira Importer Plugin 3.2.2 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Spira Importer
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15704 MEDIUM This Month

A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information logged in the console window when the user connects to an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Information Disclosure Forticlient
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-10535 MEDIUM PATCH This Month

Improper validation for loop variable received from firmware can lead to out of bound access in WLAN function while iterating through loop in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Apq8053 Firmware Apq8096Au Firmware Apq8098 Firmware +10
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-10490 MEDIUM This Month

Use after free issue in Xtra daemon shutdown due to static object instance getting freed from a multiple places in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Use After Free Qualcomm Memory Corruption Apq8009 Firmware +37
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-18886 MEDIUM PATCH This Month

An issue was discovered in Symfony 4.2.0 to 4.2.11 and 4.3.0 to 4.3.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Symfony
NVD GitHub
CVSS 3.1
5.3
EPSS
1.6%
CVE-2019-16547 MEDIUM PATCH This Month

Missing permission checks in various API endpoints in Jenkins Google Compute Engine Plugin 4.1.1 and earlier allow attackers with Overall/Read permission to obtain limited information about the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Google Google Compute Engine
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy