Skip to main content
CVE-2019-15935 MEDIUM POC This Month

Intesync Solismed 3.3sp has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Solismed
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2019-19748 MEDIUM POC This Month

The Work Time Calendar app before 4.7.1 for Jira allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Atlassian Work Time Calendar
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-17428 MEDIUM POC This Month

An issue was discovered in Intesync Solismed 3.3sp1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Solismed
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2019-19767 MEDIUM POC PATCH This Month

The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD GitHub
CVSS 3.1
5.5
EPSS
2.1%
CVE-2019-19746 MEDIUM POC This Month

make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Fig2Dev Fedora
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2019-19198 MEDIUM POC This Month

The Scoutnet Kalender plugin 1.1.0 for WordPress allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Kalender
NVD
CVSS 3.1
5.4
EPSS
1.2%
CVE-2019-7004 MEDIUM POC This Month

A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Microsoft RCE Ip Office Application Server
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
2.2%
CVE-2019-15930 MEDIUM POC This Month

Intesync Solismed 3.3sp allows Clickjacking. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Solismed
NVD
CVSS 3.1
4.3
EPSS
1.4%
CVE-2019-13945 MEDIUM This Month

A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Simatic S7 1200 Firmware S7 200 Smart Firmware Simatic S7 200 Smart Cpu St20 Firmware Simatic S7 200 Smart Cpu St30 Firmware +12
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2019-19769 MEDIUM This Month

In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h). Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +1
NVD
CVSS 3.1
6.7
EPSS
1.3%
CVE-2019-5062 MEDIUM This Month

An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hostapd 2.6 connected clients with valid 802.11w sessions. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Hostapd
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2019-5061 MEDIUM This Month

An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Hostapd
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-10695 MEDIUM This Month

When using the cd4pe::root_configuration task to configure a Continuous Delivery for PE installation, the root user’s username and password were exposed in the job’s Job Details pane in the PE. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Continuous Delivery
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-13943 MEDIUM This Month

A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS En100 Ethernet Module With Firmware Variant Dnp3 Tcp En100 Ethernet Module With Firmware Variant Iec 61850 En100 Ethernet Module With Firmware Variant Iec104 En100 Ethernet Module With Firmware Variant Modbus Tcp +1
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-18285 MEDIUM This Month

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Sppa T3000 Application Server
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2019-18340 MEDIUM This Month

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), Control Center Server (CCS) (All versions >= V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0),. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Sinvr 3 Central Control Server Sinvr 3 Video Server
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-10618 MEDIUM This Month

Driver may access an invalid address while processing IO control due to lack of check of address validation in Snapdragon Connectivity in QCA6390. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Qca6390 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-10545 MEDIUM PATCH This Month

Null pointer dereference issue in kernel due to missing check related to LLC support in GPU in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Qualcomm Qcs605 Firmware Sdm670 Firmware +4
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-10520 MEDIUM PATCH This Month

An unprivileged application can allocate GPU memory by calling memory allocation ioctl function and can exhaust all the memory which results in out of memory in Snapdragon Mobile, Snapdragon Voice &. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Qcs405 Firmware Sd 210 Firmware Sd 212 Firmware +10
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-10484 MEDIUM This Month

Use after free issue occurs when command destructors access dynamically allocated response buffer which is already deallocated during previous command teardwon sequence in Snapdragon Auto, Snapdragon. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Use After Free Qualcomm Memory Corruption Apq8098 Firmware +15
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-13931 MEDIUM This Month

A vulnerability has been identified in XHQ (All versions < V6.0.0.2). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Xhq
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2019-14849 MEDIUM This Month

A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the user session cookie. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS 3Scale
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2019-18341 MEDIUM This Month

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sinvr 3 Central Control Server Sinvr 3 Video Server
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2019-18335 MEDIUM This Month

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sppa T3000 Application Server
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2019-18334 MEDIUM This Month

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sppa T3000 Application Server
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2019-18333 MEDIUM This Month

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sppa T3000 Application Server
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2019-18332 MEDIUM This Month

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sppa T3000 Application Server
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2019-18331 MEDIUM This Month

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sppa T3000 Application Server
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2019-18312 MEDIUM This Month

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2019-18287 MEDIUM This Month

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sppa T3000 Application Server
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2019-18286 MEDIUM This Month

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sppa T3000 Application Server
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2019-13944 MEDIUM This Month

A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure En100 Ethernet Module With Firmware Variant Dnp3 Tcp En100 Ethernet Module With Firmware Variant Iec 61850 En100 Ethernet Module With Firmware Variant Iec104 En100 Ethernet Module With Firmware Variant Modbus Tcp +1
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2019-13927 MEDIUM This Month

A vulnerability has been identified in Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D with Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 (All firmware versions <. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Pxc00 E D Firmware Pxc50 E D Firmware Pxc100 E D Firmware Pxc200 E D Firmware +12
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2019-13947 MEDIUM This Month

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sinvr 3 Central Control Server Sinvr 3 Video Server
NVD
CVSS 3.1
4.9
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy