CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-1010298 119 Exec Code Overflow 2019-07-15 2019-07-16
10.0
None Remote Low Not required Complete Complete Complete
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in the context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later.
2 CVE-2019-1010297 119 Exec Code Overflow 2019-07-15 2019-07-16
10.0
None Remote Low Not required Complete Complete Complete
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Execution of code in TEE core (kernel) context. The component is: optee_os. The fixed version is: 3.4.0 and later.
3 CVE-2019-1010296 119 Exec Code Overflow 2019-07-15 2019-07-16
10.0
None Remote Low Not required Complete Complete Complete
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later.
4 CVE-2019-1010260 284 Exec Code 2019-04-02 2019-04-04
9.3
None Remote Medium Not required Complete Complete Complete
Using ktlint to download and execute custom rulesets can result in arbitrary code execution as the served jars can be compromised by a MITM. This attack is exploitable via Man in the Middle of the HTTP connection to the artifact servers. This vulnerability appears to have been fixed in 0.30.0 and later; after commit 5e547b287d6c260d328a2cb658dbe6b7a7ff2261.
5 CVE-2019-1010200 78 Exec Code 2019-07-23 2019-08-02
10.0
None Remote Low Not required Complete Complete Complete
Voice Builder Prior to commit c145d4604df67e6fc625992412eef0bf9a85e26b and f6660e6d8f0d1d931359d591dbdec580fef36d36 is affected by: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). The impact is: Remote code execution with the same privileges as the servers. The component is: Two web servers in the projects expose three vulnerable endpoints that can be accessed remotely. The endpoints are defined at: - /tts: https://github.com/google/voice-builder/blob/3a449a3e8d5100ff323161c89b897f6d5ccdb6f9/merlin_model_server/api.js#L34 - /alignment: https://github.com/google/voice-builder/blob/3a449a3e8d5100ff323161c89b897f6d5ccdb6f9/festival_model_server/api.js#L28 - /tts: https://github.com/google/voice-builder/blob/3a449a3e8d5100ff323161c89b897f6d5ccdb6f9/festival_model_server/api.js#L65. The attack vector is: Attacker sends a GET request to the vulnerable endpoint with a specially formatted query parameter. The fixed version is: After commit f6660e6d8f0d1d931359d591dbdec580fef36d36.
6 CVE-2019-14986 77 2019-08-13 2019-08-21
9.3
None Remote Medium Not required Complete Complete Complete
eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installed allow administrative operations by unauthenticated attackers with access to the web interface, because features such as File-Browser and Shell Command (as well as "Set root password") are exposed.
7 CVE-2019-14771 20 Exec Code 2019-08-07 2019-08-19
9.3
None Remote Medium Not required Complete Complete Complete
Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 allows the upload of entire-site configuration archives through the user interface or command line. It does not sufficiently check uploaded archives for invalid data, potentially allowing non-configuration scripts to be uploaded to the server. (This attack is mitigated by the attacker needing the "Synchronize, import, and export configuration" permission, a permission that only trusted administrators should be given. Other preventative measures in Backdrop CMS prevent the execution of PHP scripts, so another server-side scripting language must be accessible on the server to execute code.)
8 CVE-2019-14699 78 Exec Code 2019-08-06 2019-08-13
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can exploit OS Command Injection in the filename parameter for remote code execution as root. This occurs in the Mainproc executable file, which can be run from the HTTPD web server.
9 CVE-2019-14417 20 Exec Code 2019-07-29 2019-08-02
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to DNS functionality.
10 CVE-2019-14416 20 Exec Code 2019-07-29 2019-08-02
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to resiliency plans and custom script functionality.
11 CVE-2019-14363 119 Exec Code Overflow 2019-07-28 2019-08-05
10.0
None Remote Low Not required Complete Complete Complete
A stack-based buffer overflow in the upnpd binary running on NETGEAR WNDR3400v3 routers with firmware version 1.0.1.18_1.0.63 allows an attacker to remotely execute arbitrary code via a crafted UPnP SSDP packet.
12 CVE-2019-14313 89 Exec Code Sql 2019-07-30 2019-08-13
10.0
None Remote Low Not required Complete Complete Complete
A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via filemanager/model.php.
13 CVE-2019-13917 19 Exec Code 2019-07-25 2019-07-30
10.0
None Remote Low Not required Complete Complete Complete
Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain).
14 CVE-2019-13638 78 2019-07-26 2019-08-16
9.3
None Remote Medium Not required Complete Complete Complete
GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156.
15 CVE-2019-13637 20 Exec Code 2019-07-17 2019-07-25
9.3
None Remote Medium Not required Complete Complete Complete
In LogMeIn join.me before 3.16.0.5505, an attacker could execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI that is defined in Windows. An attacker could exploit this vulnerability by convincing a targeted user to follow a malicious link. Successful exploitation could cause the application to load libraries from the directory targeted by the URI link. The attacker could use this behavior to execute arbitrary commands on the system with the privileges of the targeted user if the attacker can place a crafted library in a directory that is accessible to the vulnerable system.
16 CVE-2019-13625 611 2019-07-16 2019-07-19
9.4
None Remote Low Not required None Complete Complete
NSA Ghidra before 9.0.1 allows XXE when a project is opened or restored, or a tool is imported, as demonstrated by a project.prp file.
17 CVE-2019-13624 19 2019-07-16 2019-07-19
10.0
None Remote Low Not required Complete Complete Complete
In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within strings that can be used in a shell command.
18 CVE-2019-13598 78 Exec Code 2019-07-14 2019-07-15
10.0
None Remote Low Not required Complete Complete Complete
LuaUPnP in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via the code parameter to /port_3480/data_request because the "No unsafe lua allowed" code block is skipped.
19 CVE-2019-13573 89 Exec Code Sql 2019-07-17 2019-07-31
10.0
None Remote Low Not required Complete Complete Complete
A SQL injection vulnerability exists in the FolioVision FV Flowplayer Video Player plugin before 7.3.19.727 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.
20 CVE-2019-13569 89 Exec Code Sql 2019-07-19 2019-07-31
10.0
None Remote Low Not required Complete Complete Complete
A SQL injection vulnerability exists in the Icegram Email Subscribers & Newsletters plugin through 4.1.7 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.
21 CVE-2019-13561 77 Exec Code 2019-07-11 2019-07-12
10.0
None Remote Low Not required Complete Complete Complete
D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to execute arbitrary commands via shell metacharacters in the online_firmware_check.cgi check_fw_url parameter.
22 CVE-2019-13482 77 2019-07-10 2019-07-12
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Type field to SetWanSettings.
23 CVE-2019-13481 77 2019-07-10 2019-07-12
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the MTU field to SetWanSettings.
24 CVE-2019-13447 89 Sql 2019-07-17 2019-07-18
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Sertek Xpare 3.67. The login form does not sanitize input data. Because of this, a malicious agent could access the backend database via SQL injection.
25 CVE-2019-13404 284 2019-07-07 2019-07-15
9.3
None Remote Medium Not required Complete Complete Complete
** DISPUTED ** The MSI installer for Python through 2.7.16 on Windows defaults to the C:\Python27 directory, which makes it easier for local users to deploy Trojan horse code. (This also affects old 3.x releases before 3.5.) NOTE: the vendor's position is that it is the user's responsibility to ensure C:\Python27 access control or choose a different directory, because backwards compatibility requires that C:\Python27 remain the default for 2.7.x.
26 CVE-2019-13398 77 Exec Code 2019-07-07 2019-07-09
9.0
None Remote Low Single system Complete Complete Complete
Dynacolor FCM-MB40 v1.2.0.0 devices allow remote attackers to execute arbitrary commands via a crafted parameter to a CGI script, as demonstrated by sed injection in cgi-bin/camctrl_save_profile.cgi (save parameter) and cgi-bin/ddns.cgi.
27 CVE-2019-13382 264 2019-07-26 2019-08-09
9.3
None Remote Medium Not required Complete Complete Complete
UploaderService in SnagIT 2019.1.2 allows elevation of privilege by placing an invalid presentation file in %PROGRAMDATA%\TechSmith\TechSmith Recorder\QueuedPresentations and then creating a symbolic link in %PROGRAMDATA%\Techsmith\TechSmith Recorder\InvalidPresentations that points to an arbitrary folder with an arbitrary file name. TechSmith Relay Classic Recorder prior to 5.2.1 on Windows is vulnerable. The vulnerability was introduced in SnagIT Windows 12.4.1.
28 CVE-2019-13379 287 2019-07-07 2019-08-09
9.0
None Remote Low Single system Complete Complete Complete
On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device's web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults&src=RA reset and using the default credentials to get in.
29 CVE-2019-13352 798 2019-07-05 2019-07-15
10.0
None Remote Low Not required Complete Complete Complete
WolfVision Cynap before 1.30j uses a static, hard-coded cryptographic secret for generating support PINs for the 'forgot password' feature. By knowing this static secret and the corresponding algorithm for calculating support PINs, an attacker can reset the ADMIN password and thus gain remote access.
30 CVE-2019-13294 284 Exec Code 2019-07-04 2019-07-10
10.0
None Remote Low Not required Complete Complete Complete
AROX School-ERP Pro has a command execution vulnerability. import_stud.php and upload_fille.php do not have session control. Therefore an unauthenticated user can execute a command on the system.
31 CVE-2019-13278 77 2019-07-10 2019-07-16
10.0
None Remote Low Not required Complete Complete Complete
TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple command injections when processing user input for the setup wizard, allowing an unauthenticated user to run arbitrary commands on the device. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled.
32 CVE-2019-13143 254 2019-08-06 2019-08-14
9.0
None Remote Low Not required Partial Partial Complete
An HTTP parameter pollution issue was discovered on Shenzhen Dragon Brothers Fingerprint Bluetooth Round Padlock FB50 2.3. With the user ID, user name, and the lock's MAC address, anyone can unbind the existing owner of the lock, and bind themselves instead. This leads to complete takeover of the lock. The user ID, name, and MAC address are trivially obtained from APIs found within the Android or iOS application. With only the MAC address of the lock, any attacker can transfer ownership of the lock from the current user, over to the attacker's account. Thus rendering the lock completely inaccessible to the current user.
33 CVE-2019-13128 77 2019-07-01 2019-07-08
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the IPAddress or Gateway field to SetStaticRouteSettings.
34 CVE-2019-13024 77 Exec Code 2019-07-01 2019-07-26
9.0
None Remote Low Single system Complete Complete Complete
Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web before 2.8.29 allows the attacker to execute arbitrary system commands by using the value "init_script"-"Monitoring Engine Binary" in main.get.php to insert a arbitrary command into the database, and execute it by calling the vulnerable page www/include/configuration/configGenerate/xml/generateFiles.php (which passes the inserted value to the database to shell_exec without sanitizing it, allowing one to execute system arbitrary commands).
35 CVE-2019-12997 77 2019-06-28 2019-07-03
9.0
None Remote Low Single system Complete Complete Complete
In Loopchain through 2.2.1.3, an attacker can escalate privileges from a low-privilege shell by changing the environment (aka injection in the DEFAULT_SCORE_HOST environment variable).
36 CVE-2019-12992 77 2019-07-16 2019-07-17
9.0
None Remote Low Single system Complete Complete Complete
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 6 of 6).
37 CVE-2019-12991 77 2019-07-16 2019-07-17
9.0
None Remote Low Single system Complete Complete Complete
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6).
38 CVE-2019-12990 22 Dir. Trav. 2019-07-16 2019-07-17
10.0
None Remote Low Not required Complete Complete Complete
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal.
39 CVE-2019-12988 77 2019-07-16 2019-07-17
10.0
None Remote Low Not required Complete Complete Complete
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 4 of 6).
40 CVE-2019-12987 77 2019-07-16 2019-07-17
10.0
None Remote Low Not required Complete Complete Complete
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of 6).
41 CVE-2019-12986 77 2019-07-16 2019-07-17
10.0
None Remote Low Not required Complete Complete Complete
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 2 of 6).
42 CVE-2019-12985 77 2019-07-16 2019-07-17
10.0
None Remote Low Not required Complete Complete Complete
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 1 of 6).
43 CVE-2019-12971 434 2019-07-05 2019-07-15
10.0
None Remote Low Not required Complete Complete Complete
BKS EBK Ethernet-Buskoppler Pro before 3.01 allows Unrestricted Upload of a File with a Dangerous Type.
44 CVE-2019-12929 78 DoS Exec Code 2019-06-24 2019-07-02
10.0
None Remote Low Not required Complete Complete Complete
** DISPUTED ** The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU's -qmp interface is meant to be used by trusted users. If one is able to access this interface via a tcp socket open to the internet, then it is an insecure configuration issue.
45 CVE-2019-12928 78 DoS Exec Code 2019-06-24 2019-07-02
10.0
None Remote Low Not required Complete Complete Complete
** DISPUTED ** The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU's -qmp interface is meant to be used by trusted users. If one is able to access this interface via a tcp socket open to the internet, then it is an insecure configuration issue.
46 CVE-2019-12920 798 2019-06-20 2019-06-27
10.0
None Remote Low Not required Complete Complete Complete
On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices, an attacker on the network can login remotely to the camera and gain root access. The device ships with a hardcoded 12345678 password for the root account, accessible from a TELNET login prompt.
47 CVE-2019-12840 77 Exec Code 2019-06-15 2019-06-18
9.0
None Remote Low Single system Complete Complete Complete
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
48 CVE-2019-12803 434 2019-07-10 2019-07-30
10.0
None Remote Low Not required Complete Complete Complete
In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, the specific upload web module doesn't verify the file extension and type, and an attacker can upload a webshell. After the webshell upload, an attacker can use the webshell to perform remote code exection such as running a system command.
49 CVE-2019-12776 798 2019-06-07 2019-06-10
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They include a hard-coded SSH backdoor for remote SSH and SCP access as the root user. A command in the relocate and relocate_revB scripts copies the hardcoded key to the root user's authorized_keys file, enabling anyone with the associated private key to gain remote root access to all affected products.
50 CVE-2019-12775 284 2019-06-07 2019-06-10
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They allow high-privileged root access by www-data via sudo without requiring appropriate access control. (Furthermore, the user account that controls the web application service is granted full access to run any system commands with elevated privilege, without the need for password authentication. Should vulnerabilities be identified and exploited within the web application, it may be possible for a threat actor to create or run high-privileged binaries or executables that are available within the operating system of the device.)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.