Skip to main content
CVE-2019-7484 MEDIUM This Month

Authenticated SQL Injection in SonicWall SMA100 allow user to gain read-only access to unauthorized resources using viewcacert CGI script. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Sonicwall Sma 100 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2019-15006 MEDIUM PATCH This Month

There was a man-in-the-middle (MITM) vulnerability present in the Confluence Previews plugin in Confluence Server and Confluence Data Center. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required.

Atlassian Information Disclosure Confluence Confluence Server
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2019-19910 MEDIUM PATCH This Month

The MinervaNeue Skin in MediaWiki from 2019-11-05 to 2019-12-13 (1.35 and/or 1.34) mishandles certain HTML attributes, as demonstrated by IMG onmouseover= (impact is XSS) and IMG src=http (impact is. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mediawiki
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-18955 MEDIUM This Month

The web console in Lansweeper 7.2.105.2 has XSS via the URL path. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Lansweeper
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2019-19341 MEDIUM This Month

A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where files in '/var/backup/tower' are left world-readable. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ansible Tower
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-19342 MEDIUM This Month

A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.4, when /websocket is requested and the password contains the '#' character. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ansible Tower
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2019-18615 MEDIUM This Month

In CloudVision Portal (CVP) for all releases in the 2018.2 Train, under certain conditions, the application logs user passwords in plain text for certain API calls, potentially leading to user. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cloudvision Portal
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2019-19903 MEDIUM This Month

An issue was discovered in Backdrop CMS 1.14.x before 1.14.2. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Backdrop Cms
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2019-19901 MEDIUM This Month

An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Backdrop Cms
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2019-19900 MEDIUM This Month

An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Backdrop Cms
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2019-11294 MEDIUM This Month

Cloud Foundry Cloud Controller API (CAPI), version 1.88.0, allows space developers to list all global service brokers, including service broker URLs and GUIDs, which should only be accessible to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Capi Release Cf Deployment
NVD
CVSS 3.1
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy