Skip to main content
CVE-2019-17599 MEDIUM POC This Month

The quiz-master-next (aka Quiz And Survey Master) plugin before 6.3.5 for WordPress is affected by: Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Quiz And Survey Master
NVD GitHub
CVSS 3.1
6.1
EPSS
1.7%
CVE-2019-19794 MEDIUM POC PATCH This Month

The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Miekg Dns
NVD GitHub
CVSS 3.1
5.9
EPSS
2.1%
CVE-2019-5278 MEDIUM This Month

There is an out-of-bounds read vulnerability in the Advanced Packages feature of the Gauss100 OLTP database in CampusInsight before V100R019C00SPC200. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Campusinsight
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2019-5260 MEDIUM This Month

Huawei smartphones HUAWEI Y9 2019 and Honor View 20 have a denial of service vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Denial Of Service Y9 2019 Firmware View 20 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2019-5290 MEDIUM This Month

Huawei S5700 and S6700 have a DoS security vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Huawei Information Disclosure S5700 Firmware S6700 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2019-16777 MEDIUM PATCH This Month

Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Node.js Path Traversal npm Leap Graalvm +3
NVD GitHub
CVSS 3.1
6.5
EPSS
2.0%
CVE-2019-16775 MEDIUM PATCH This Month

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Node.js Enterprise Linux Enterprise Linux Eus npm +3
NVD GitHub
CVSS 3.1
6.5
EPSS
3.3%
CVE-2019-14344 MEDIUM PATCH This Month

TemaTres 3.0 has reflected XSS via the replace_string or search_string parameter to the vocab/admin.php?doAdmin=bulkReplace URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Tematres
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-5253 MEDIUM This Month

E5572-855 with versions earlier than 8.0.1.3(H335SP1C233) has an improper authentication vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass E5572 855 Firmware
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2019-5291 MEDIUM This Month

Some Huawei products have an insufficient verification of data authenticity vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Huawei Information Disclosure Ar120 S Firmware Ar1200 Firmware Ar1200 S Firmware +15
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2019-5258 MEDIUM This Month

Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Huawei Buffer Overflow Ap2000 Firmware Ips Firmware Ngfw Firmware +14
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-5257 MEDIUM This Month

Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace) have a resource management vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Huawei Buffer Overflow Ap2000 Firmware Ips Firmware Ngfw Firmware +14
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-5256 MEDIUM This Month

Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Huawei Denial Of Service Ap2000 Firmware Ips Firmware +15
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-5255 MEDIUM This Month

Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Huawei Buffer Overflow Denial Of Service Information Disclosure Ap2000 Firmware +16
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-5251 MEDIUM This Month

There is a path traversal vulnerability in several Huawei smartphones. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Path Traversal Information Disclosure Honor V10 Firmware P30 Firmware +7
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2019-4426 MEDIUM This Month

The Case Builder component shipped with 18.0.0.1 through 19.0.0.2 and IBM Case Manager 5.1.1 through 5.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Business Automation Workflow Case Manager
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-19722 MEDIUM This Month

In Dovecot before 2.3.9.2, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because of a NULL Pointer Dereference. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Dovecot Fedora
NVD
CVSS 3.1
5.3
EPSS
2.5%
CVE-2019-5264 MEDIUM This Month

There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Mate 10 Firmware Mate 10 Pro Firmware Honor V10 Firmware +7
NVD
CVSS 3.1
4.6
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy