Skip to main content
CVE-2019-19388 MEDIUM POC PATCH This Month

A cross-site scripting (XSS) vulnerability in app/dialplans/dialplan_detail_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the dialplan_uuid parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Fusionpbx
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-19387 MEDIUM POC PATCH This Month

A cross-site scripting (XSS) vulnerability in app/fifo_list/fifo_interactive.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the c parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Fusionpbx
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-19386 MEDIUM POC PATCH This Month

A cross-site scripting (XSS) vulnerability in app/voicemail_greetings/voicemail_greeting_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id and/or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Fusionpbx
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-19385 MEDIUM POC PATCH This Month

A cross-site scripting (XSS) vulnerability in app/dialplans/dialplans.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the app_uuid parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Fusionpbx
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-19384 MEDIUM POC PATCH This Month

A cross-site scripting (XSS) vulnerability in app/fax/fax_log_view.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the fax_uuid parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Fusionpbx
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-14865 MEDIUM This Month

A flaw was found in the grub2-set-bootflag utility of grub2. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Grub2
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2019-5211 MEDIUM This Month

The Huawei Share function of P20 phones with versions earlier than Emily-L29C 9.1.0.311 has an improper file management vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure P20 Firmware
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2019-19451 MEDIUM This Month

When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Dia Fedora Leap
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-5247 MEDIUM This Month

Huawei Atlas 300, Atlas 500 have a buffer overflow vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Huawei Buffer Overflow Atlas 300 Firmware Atlas 500 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-5263 MEDIUM This Month

HiSuite with 9.1.0.305 and earlier versions and 9.1.0.305(MAC) and earlier versions and HwBackup with earlier versions before 9.1.1.308 have a brute forcing encrypted backup data vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Huawei Information Disclosure Hisuite Hwbackup
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-5227 MEDIUM This Month

P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure P30 Firmware P30 Pro Firmware Mate 20 Firmware Hisuite Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-5224 MEDIUM This Month

P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21) have an out of bounds read vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure P30 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2019-5212 MEDIUM This Month

There is an improper access control vulnerability in Huawei Share. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure P20 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2019-5226 MEDIUM This Month

P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure P30 Firmware P30 Pro Firmware Mate 20 Firmware Hisuite Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-5271 MEDIUM This Month

There is an information leak vulnerability in Huawei smart speaker Myna. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Myna Firmware
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2019-5309 MEDIUM This Month

Honor play smartphones with versions earlier than 9.1.0.333(C00E333R1P1T8) have an information disclosure vulnerability in certain Huawei . Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Honor Play Firmware
NVD
CVSS 3.1
4.6
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy