Skip to main content
CVE-2019-19624 MEDIUM POC PATCH This Month

An out-of-bounds read was discovered in OpenCV before 4.1.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Opencv Enterprise Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.7%
CVE-2019-19627 MEDIUM POC This Month

SROS 2 0.8.1 (after CVE-2019-19625 is mitigated) leaks ROS 2 node-related information regardless of the rtps_protection_kind configuration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sros2
NVD GitHub
CVSS 3.1
5.3
EPSS
2.1%
CVE-2019-19625 MEDIUM POC This Month

SROS 2 0.8.1 (which provides the tools that generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2) leaks node information due to a leaky. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sros2
NVD GitHub
CVSS 3.1
5.3
EPSS
1.5%
CVE-2019-2227 MEDIUM PATCH This Month

In DeepCopy of btif_av.cc, there is a possible out of bounds read due to improper casting. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2019-11293 MEDIUM This Month

Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs client_secret credentials when sent as a query parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cf Deployment User Account And Authentication
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2019-16771 MEDIUM PATCH This Month

Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Armeria
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-16673 MEDIUM This Month

An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ie Sw Pl09M 5Gc 4Gt Firmware Ie Sw Pl09Mt 5Gc 4Gt Firmware Ie Sw Pl18M 2Gc 16Tx Firmware Ie Sw Pl18Mt 2Gc 16Tx Firmware +36
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-16671 MEDIUM This Month

An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Ie Sw Pl09M 5Gc 4Gt Firmware Ie Sw Pl09Mt 5Gc 4Gt Firmware Ie Sw Pl18M 2Gc 16Tx Firmware Ie Sw Pl18Mt 2Gc 16Tx Firmware +36
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2019-19619 MEDIUM PATCH This Month

domain/section/markdown/markdown.go in Documize before 3.5.1 mishandles untrusted Markdown content. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Documize
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2019-11554 MEDIUM This Month

The Audible application through 2.34.0 for Android has Missing SSL Certificate Validation for Adobe SDKs, allowing MITM attackers to cause a denial of service. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Denial Of Service Adobe Audible
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2019-9464 MEDIUM PATCH This Month

In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-2229 MEDIUM PATCH This Month

In updateWidget of BaseWidgetProvider.java, there is a possible leak of user data due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Information Disclosure Google Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2019-2228 MEDIUM This Month

In array_find of array.c, there is a possible out-of-bounds read due to an incorrect bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-2226 MEDIUM This Month

In device_class_to_int of device_class.cc, there is a possible out of bounds read due to improper casting. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2019-2220 MEDIUM This Month

In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-1551 MEDIUM PATCH This Month

There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

OpenSSL Integer Overflow Buffer Overflow Leap Enterprise Manager Ops Center +6
NVD
CVSS 3.1
5.3
EPSS
14.3%
CVE-2019-19552 MEDIUM This Month

In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/config.php?display=userman URI. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Freepbx
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2019-19551 MEDIUM This Month

In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Freepbx
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2019-2219 MEDIUM This Month

In several functions of NotificationManagerService.java and related files, there is a possible way to record audio from the background without notification to the user due to a permission bypass. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Java Privilege Escalation Google Android
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2019-2231 MEDIUM PATCH This Month

In Blob::Blob of blob.cpp, there is a possible unencrypted master key due to improper input validation. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2019-19616 MEDIUM This Month

An Insecure Direct Object Reference (IDOR) vulnerability in the Xtivia Web Time and Expense (WebTE) interface used for Microsoft Dynamics NAV before 2017 allows an attacker to download arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Web Time And Expense
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy