Skip to main content
CVE-2019-5469 MEDIUM POC This Month

An IDOR vulnerability exists in GitLab <v12.1.2, <v12.0.4, and <v11.11.6 that allowed uploading files from project archive to replace other users files potentially allowing an attacker to replace. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2019-15591 MEDIUM POC This Month

An improper access control vulnerability exists in GitLab <12.3.3 that allows an attacker to obtain container and dependency scanning reports through the merge request widget even though public. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-15580 MEDIUM POC This Month

An information exposure vulnerability exists in gitlab.com <v12.3.2, <v12.2.6, and <v12.1.10 when using the blocking merge request feature, it was possible for an unauthenticated user to see the head. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-19888 MEDIUM POC This Month

jfif_decode in jfif.c in ffjpeg through 2019-08-21 has a divide-by-zero error. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ffjpeg
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-19887 MEDIUM POC This Month

bitstr_tell at bitstr.c in ffjpeg through 2019-08-21 has a NULL pointer dereference related to jfif_encode. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ffjpeg
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-19833 MEDIUM POC THREAT This Month

In Tautulli 2.1.9, CSRF in the /shutdown URI allows an attacker to shut down the remote media server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Tautulli
NVD GitHub
CVSS 3.1
6.5
EPSS
14.7%
CVE-2019-19829 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability exists in SolarWinds Serv-U FTP Server 15.1.7 in the email parameter, a different vulnerability than CVE-2018-19934 and CVE-2019-13182. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Serv U Ftp Server
NVD
CVSS 3.1
5.4
EPSS
2.3%
CVE-2019-5487 MEDIUM POC This Month

An improper access control vulnerability exists in Gitlab EE <v12.3.3, <v12.2.7, & <v12.1.13 that allowed the group search feature with Elasticsearch to return private code, merge requests and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Elastic Gitlab
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2019-5073 MEDIUM POC This Month

An exploitable information exposure vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pfc 200 Firmware Pfc 100 Firmware
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2019-19742 MEDIUM POC THREAT This Month

On D-Link DIR-615 devices, the User Account Configuration page is vulnerable to blind XSS via the name field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link Dir 615 Firmware
NVD Exploit-DB
CVSS 3.1
4.8
EPSS
19.8%
CVE-2019-15577 MEDIUM POC This Month

An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed project milestones to be disclosed via groups browsing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2019-11086 MEDIUM This Month

Insufficient input validation in subsystem for Intel(R) AMT before version 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Intel Active Management Technology Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2019-8760 MEDIUM This Month

This issue was addressed by improving Face ID machine learning models. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Iphone Os
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2019-11110 MEDIUM This Month

Authentication bypass in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Intel Converged Security Management Engine Firmware Trusted Execution Engine Firmware
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2019-11108 MEDIUM This Month

Insufficient input validation in subsystem for Intel(R) CSME before versions 12.0.45 and 13.0.10 may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Converged Security Management Engine Firmware
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2019-11106 MEDIUM This Month

Insufficient session validation in the subsystem for Intel(R) CSME before versions 11.8.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Converged Security Management Engine Firmware Trusted Execution Engine Firmware
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2019-11105 MEDIUM This Month

Logic issue in subsystem for Intel(R) CSME before versions 12.0.45, 13.0.10 and 14.0.10 may allow a privileged user to potentially enable escalation of privilege and information disclosure via local. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Information Disclosure Converged Security Management Engine Firmware
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2019-11087 MEDIUM This Month

Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service Intel Information Disclosure Converged Security Management Engine Firmware +1
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2019-18994 MEDIUM This Month

Due to a lack of file length check, the HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier crashes when trying to load an empty *.JPR application file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Abb Pb610 Panel Builder 600
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2019-8654 MEDIUM This Month

An inconsistent user interface issue was addressed with improved state management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2019-8632 MEDIUM This Month

Some analytics data was sent using HTTP rather than HTTPS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Information Disclosure Texture
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2019-8626 MEDIUM This Month

An input validation issue was addressed with improved input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Iphone Os Watchos
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-8615 MEDIUM This Month

Multiple memory corruption issues were addressed with improved memory handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Microsoft Apple RCE +6
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2019-8607 MEDIUM This Month

An out-of-bounds read was addressed with improved input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Apple Information Disclosure Icloud +6
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-8597 MEDIUM This Month

Multiple memory corruption issues were addressed with improved memory handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Apple RCE Memory Corruption +7
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2019-8554 MEDIUM This Month

A permissions issue existed in the handling of motion and orientation data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-8517 MEDIUM This Month

An out-of-bounds read was addressed with improved bounds checking. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Information Disclosure Iphone Os Mac Os X +2
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-8515 MEDIUM This Month

A cross-origin issue existed with the fetch API. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Apple Information Disclosure Icloud Itunes +3
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-7292 MEDIUM This Month

A validation issue was addressed with improved logic. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Apple Information Disclosure Icloud Itunes +4
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2019-8608 MEDIUM This Month

Multiple memory corruption issues were addressed with improved memory handling. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Apple RCE Memory Corruption +7
NVD
CVSS 3.1
6.3
EPSS
1.5%
CVE-2019-18781 MEDIUM This Month

An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5.x before 5809 that allows attackers to force users who click on a crafted link to be sent to a specified. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Open Redirect Manageengine Adselfservice Plus
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2019-8813 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Apple Icloud Itunes +5
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2019-8791 MEDIUM This Month

An issue existed in the parsing of URL schemes. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Apple Open Redirect Shazam
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-8764 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apple Watchos Webkitgtk
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-8719 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Icloud Itunes Webkitgtk
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2019-8690 MEDIUM POC This Month

A logic issue existed in the handling of document loads. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Apple Icloud Itunes +4
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
4.5%
CVE-2019-8674 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apple Safari Iphone Os Webkitgtk
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-8658 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Apple Icloud Itunes +5
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2019-8649 MEDIUM POC This Month

A logic issue existed in the handling of synchronous page loads. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Apple Icloud Itunes +4
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
4.5%
CVE-2019-8625 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Icloud Itunes Webkitgtk
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2019-8551 MEDIUM This Month

A logic issue was addressed with improved validation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Apple Icloud Itunes +3
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-8505 MEDIUM This Month

A logic issue was addressed with improved validation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apple Safari Iphone Os
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-6204 MEDIUM This Month

A logic issue was addressed with improved validation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apple Safari Iphone Os
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-11992 MEDIUM This Month

A security vulnerability in HPE OneView for VMware vCenter 9.5 could be exploited remotely to allow Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS VMware Oneview For Vmware Vcenter
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-19775 MEDIUM PATCH This Month

The image thumbnailing handler in Zulip Server versions 1.9.0 to before 2.0.8 allowed an open redirect that was visible to logged-in users. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Zulip Server
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-11090 MEDIUM This Month

Cryptographic timing conditions in the subsystem for Intel(R) PTT before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0 and 14.0.10; Intel(R) TXE 3.1.70 and 4.0.20; Intel(R) SPS before. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Intel Information Disclosure Platform Trust Technology Firmware Server Platform Services Firmware +1
NVD
CVSS 3.1
5.9
EPSS
2.3%
CVE-2019-16782 MEDIUM PATCH This Month

There's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Rack Fedora Leap
NVD GitHub
CVSS 3.1
5.9
EPSS
3.7%
CVE-2019-10482 MEDIUM This Month

Due to the use of non-time-constant comparison functions there is issue in timing side channels which can be used as a potential side channel for SUI corruption in Snapdragon Auto, Snapdragon. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Qualcomm Information Disclosure Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +46
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2019-8804 MEDIUM This Month

An inconsistency in Wi-Fi network configuration settings was addressed. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Ipados Iphone Os
NVD
CVSS 3.1
5.7
EPSS
0.4%
CVE-2019-8512 MEDIUM This Month

This issue was addressed with improved transparency. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apple Iphone Os
NVD
CVSS 3.1
5.7
EPSS
0.7%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy