Skip to main content
CVE-2019-13456 MEDIUM POC PATCH This Month

In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Freeradius Enterprise Linux Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2019-19460 MEDIUM POC This Month

An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Proaccess Space
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-19457 MEDIUM POC This Month

SALTO ProAccess SPACE 5.4.3.0 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Proaccess Space
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-19532 MEDIUM PATCH This Month

In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Microsoft Linux Memory Corruption Linux Kernel
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2019-19531 MEDIUM PATCH This Month

In the Linux kernel before 5.2.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +2
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2019-19527 MEDIUM PATCH This Month

In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +2
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2019-3666 MEDIUM This Month

API Abuse/Misuse vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to navigate to restricted websites via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Webadvisor
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2019-3665 MEDIUM This Month

Code Injection vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to render a website which Web Advisor would. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Webadvisor
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-19529 MEDIUM PATCH This Month

In the Linux kernel before 5.3.11, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka CID-4d6636498c41. Rated medium severity (CVSS 6.3). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +1
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2019-19528 MEDIUM PATCH This Month

In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2019-3750 MEDIUM This Month

Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Command Update
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-3749 MEDIUM This Month

Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Command Update
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-18993 MEDIUM PATCH This Month

OpenWrt 18.06.4 allows XSS via the "New port forward" Name field to the cgi-bin/luci/admin/network/firewall/forwards URI (this can occur, for example, on a TP-Link Archer C7 device). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

TP-Link XSS Openwrt
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2019-18992 MEDIUM PATCH This Month

OpenWrt 18.06.4 allows XSS via these Name fields to the cgi-bin/luci/admin/network/firewall/rules URI: "Open ports on router" and "New forward rule" and "New Source NAT" (this can occur, for example,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

TP-Link XSS Openwrt
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2019-4468 MEDIUM PATCH This Month

IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Cloud Pak System
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-4467 MEDIUM PATCH This Month

IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Cloud Pak System
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-4226 MEDIUM PATCH This Month

IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Cloud Pak System
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-4098 MEDIUM PATCH This Month

IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Cloud Pak System
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-18574 MEDIUM This Month

RSA Authentication Manager software versions prior to 8.4 P8 contain a stored cross-site scripting vulnerability in the Security Console. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rsa Authentication Manager Authentication Manager
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2019-19536 MEDIUM PATCH This Month

In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Linux Information Disclosure Linux Kernel Debian Linux Leap
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2019-19535 MEDIUM PATCH This Month

In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Linux Information Disclosure Linux Kernel Debian Linux Leap +1
NVD
CVSS 3.1
4.6
EPSS
0.5%
CVE-2019-19530 MEDIUM PATCH This Month

In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +2
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2019-19526 MEDIUM PATCH This Month

In the Linux kernel before 5.3.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +2
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2019-19525 MEDIUM PATCH This Month

In the Linux kernel before 5.3.6, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver, aka CID-7fd25e6fc035. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +2
NVD
CVSS 3.1
4.6
EPSS
0.5%
CVE-2019-19524 MEDIUM PATCH This Month

In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +2
NVD
CVSS 3.1
4.6
EPSS
0.7%
CVE-2019-19523 MEDIUM PATCH This Month

In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +2
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2019-3990 MEDIUM PATCH This Month

A User Enumeration flaw exists in Harbor. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Harbor
NVD GitHub
CVSS 3.1
4.3
EPSS
1.0%
CVE-2019-19537 MEDIUM PATCH This Month

In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required.

Race Condition Linux Information Disclosure Linux Kernel
NVD
CVSS 3.1
4.2
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy