Skip to main content
CVE-2019-16242 MEDIUM POC This Month

On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an engineering application named omamock that is vulnerable to OS command injection. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cingular Flip 2 Firmware
NVD
CVSS 3.1
6.8
EPSS
1.1%
CVE-2019-16241 MEDIUM POC This Month

On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, PIN authentication can be bypassed by creating a special file within the /data/local/tmp/ directory. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Cingular Flip 2 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2019-15276 MEDIUM POC THREAT This Month

A vulnerability in the web interface of Cisco Wireless LAN Controller Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service (DoS) condition on an affected. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Cisco Wireless Lan Controller Software
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
46.3%
CVE-2019-16243 MEDIUM POC This Month

On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an undocumented web API that allows unprivileged JavaScript, including JavaScript running within the KaiOS browser, to view and edit the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cingular Flip 2 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-19306 MEDIUM POC This Month

The Zoho CRM Lead Magnet plugin 1.6.9.1 for WordPress allows XSS via module, EditShortcode, or LayoutName. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho WordPress Lead Magnet
NVD GitHub
CVSS 3.1
5.4
EPSS
1.1%
CVE-2019-16388 MEDIUM POC This Month

PEGA Platform 8.3.0 is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyStream=MyAlerts request to get Audit Log information while using a low-privilege account. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pega Platform
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2019-16386 MEDIUM POC This Month

PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyActivity=GetWebInfo&target=popup&pzHarnessID=random_harness_id request to get. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pega Platform
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2019-15997 MEDIUM This Month

A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to perform a command injection attack and execute arbitrary commands on the underlying operating system as. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Dna Spaces
NVD
CVSS 3.1
6.7
EPSS
0.7%
CVE-2019-15996 MEDIUM This Month

A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cisco Dna Spaces
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2019-15986 MEDIUM This Month

A vulnerability in the CLI of Cisco Unity Express could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Unity Express
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2019-18448 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition before 12.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-15845 MEDIUM This Month

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ruby Ubuntu Linux
NVD
CVSS 3.1
6.5
EPSS
3.3%
CVE-2019-15687 MEDIUM This Month

Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Anti Virus Internet Security Security Cloud +2
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-14856 MEDIUM PATCH This Month

ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ansible Backports Sle Leap Openstack
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2019-16002 MEDIUM This Month

A vulnerability in the vManage web-based UI (web UI) of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Sd Wan Firmware
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2019-15995 MEDIUM This Month

A vulnerability in the web UI of Cisco DNA Spaces: Connector could allow an authenticated, remote attacker to execute arbitrary SQL queries. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Dna Spaces
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-18241 MEDIUM This Month

In Philips IntelliBridge EC40 and EC80, IntelliBridge EC40 Hub all versions, and IntelliBridge EC80 Hub all versions, the SSH server running on the affected products is configured to allow weak. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Intellibridge Ec40 Firmware Intellibridge Ec80 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2019-16195 MEDIUM PATCH This Month

Centreon before 2.8.30, 18.x before 18.10.8, and 19.x before 19.04.5 allows XSS via myAccount alias and name fields. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Centreon
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2019-18677 MEDIUM PATCH This Month

An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Squid Ubuntu Linux Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
7.2%
CVE-2019-18454 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition 10.5 through 12.4 in link validation for RDoc wiki pages feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-18451 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition 10.7.4 through 12.4 in the InternalRedirect filtering feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Gitlab
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-19129 MEDIUM This Month

Afterlogic WebMail Pro 8.3.11, and WebMail in Afterlogic Aurora 8.3.11, allows Remote Stored XSS via an attachment name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Aurora Webmail Pro
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-15688 MEDIUM This Month

Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Open Redirect Anti Virus Internet Security Security Cloud +2
NVD
CVSS 3.1
6.1
EPSS
2.2%
CVE-2019-14857 MEDIUM PATCH This Month

A flaw was found in mod_auth_openidc before version 2.4.0.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Mod Auth Openidc
NVD GitHub
CVSS 3.1
6.1
EPSS
1.5%
CVE-2019-15994 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Stealthwatch Enterprise
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-15973 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Industrial Network Director Network Level Service
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-14449 MEDIUM This Month

An issue was discovered in Cloudera Manager 5.x before 5.16.2, 6.0.x before 6.0.2, and 6.1.x before 6.1.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cloudera Manager
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2019-19206 MEDIUM This Month

Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to JavaScript execution in an SVG image for a profile picture. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Dolibarr Erp Crm
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2019-15968 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager (Unified CDM) could allow an authenticated, remote attacker to conduct a cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Hosted Collaboration Solution Unified Communications Domain Manager
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-15960 MEDIUM This Month

A vulnerability in the Webex Network Recording Admin page of Cisco Webex Meetings could allow an authenticated, remote attacker to elevate privileges in the context of the affected page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Webex Meetings
NVD
CVSS 3.1
5.4
EPSS
1.3%
CVE-2019-16254 MEDIUM This Month

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Ruby Debian Linux
NVD
CVSS 3.1
5.3
EPSS
4.6%
CVE-2019-18678 MEDIUM PATCH This Month

An issue was discovered in Squid 3.x and 4.x through 4.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Information Disclosure Squid Ubuntu Linux Debian Linux +1
NVD GitHub
CVSS 3.1
5.3
EPSS
10.9%
CVE-2019-18456 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition 8.17 through 12.4 in the Search feature provided by Elasticsearch integration.. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Gitlab
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2019-18452 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.4 when moving an issue to a public project from a private one. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2019-18459 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition 11.3 to 12.3 in the protected environments feature. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2019-16001 MEDIUM This Month

A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Webex Teams for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Cisco Webex Meetings Webex Teams
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2019-15998 MEDIUM This Month

A vulnerability in the access-control logic of the NETCONF over Secure Shell (SSH) of Cisco IOS XR Software may allow connections despite an access control list (ACL) that is configured to deny. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Apple Ios Xr
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2019-15990 MEDIUM This Month

A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an unauthenticated, remote attacker to view information displayed in the web-based. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Rv016 Multi Wan Vpn Firmware Rv042 Dual Wan Vpn Firmware Rv042G Dual Gigabit Wan Vpn Firmware +1
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2019-15988 MEDIUM This Month

A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Email Security Appliance Firmware
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2019-15987 MEDIUM This Month

A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Webex Meetings Online Webex Meetings Server Webex Event Center +3
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2019-15967 MEDIUM This Month

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an authenticated, local attacker to enable audio recording without notifying users. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cisco Telepresence Collaboration Endpoint Roomos
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2019-18453 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition 11.6 through 12.4 in the add comments via email feature. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2019-18450 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition before 12.4 in the Project labels feature. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2019-18449 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition before 12.4 in the autocomplete feature. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2019-18447 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition before 12.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2019-18446 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2019-15686 MEDIUM This Month

Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Anti Virus Internet Security Security Cloud +2
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2019-15685 MEDIUM This Month

Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Anti Virus Internet Security Security Cloud +2
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2019-18463 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition through 12.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2019-18462 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy