How severe is CVE-2019-10753?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2019-10753?

This is classified as CWE-669, which is a common weakness in software security.

CVE-2019-10753

MEDIUM Year: 2019

CVSS v3 Score

5.9

Medium

CVSS v2 Score

4.3

Medium

Weakness Type

CWE-669

View all →

Vulnerability Description

In all versions prior to version 3.9.6 for eclipse-wtp, all versions prior to version 9.4.4 for eclipse-cdt, and all versions prior to version 3.0.1 for eclipse-groovy, Spotless was resolving dependencies over an insecure channel (http). If the build occurred over an insecure connection, a malicious user could have perform a Man-in-the-Middle attack during the build and alter the build artifacts that were produced. In case that any of these artifacts were compromised, any developers using these could be altered. **Note:** In order to validate that this artifact was not compromised, the maintainer would need to confirm that none of the artifacts published to the registry were not altered with. Until this happens, we can not guarantee that this artifact was not compromised even though the probability that this happened is low.

CVE-2020-10778

MEDIUM

CVSS:6.0(Medium)

In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dropping the disabled attribute from the fields since there is no server-side validation. This business...

CWE-6692020

CVE-2022-46173

MEDIUM

CVSS:6.5(Medium)

Elrond-GO is a go implementation for the Elrond Network protocol. Versions prior to 1.3.50 are subject to a processing issue where nodes are affected when trying to process a cross-shard relayed trans...

CWE-6692022

CVE-2023-22950

MEDIUM

CVSS:6.5(Medium)

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. Data loading jobs in gsql_server, created by any user with designer permissions, can read sensitive data from arbitrary locations.

CWE-6692023

CVE-2020-6862

MEDIUM

CVSS:5.3(Medium)

V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by Information leak vulnerability. Unauthorized users could log in directly to obtain page information without entering a verification code.

CWE-6692020

CVE-2022-35916

MEDIUM

CVSS:5.3(Medium)

OpenZeppelin Contracts is a library for secure smart contract development. Contracts using the cross chain utilities for Arbitrum L2, `CrossChainEnabledArbitrumL2` or `LibArbitrumL2`, will classify di...

CWE-6692022

CVE-2023-41894

MEDIUM

CVSS:5.3(Medium)

Home assistant is an open source home automation. The assessment verified that webhooks available in the webhook component are triggerable via the `*.ui.nabu.casa` URL without authentication, even whe...

CWE-6692023

CVE-2019-10753

Vulnerability Description

Related Vulnerabilities

CVE-2020-10778

CVE-2022-46173

CVE-2023-22950

CVE-2020-6862

CVE-2022-35916

CVE-2023-41894