CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
301 CVE-2019-7054 476 Exec Code 2019-05-24 2019-08-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .
302 CVE-2019-7052 787 Exec Code 2019-05-24 2019-08-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
303 CVE-2019-7051 476 Exec Code 2019-05-24 2019-08-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .
304 CVE-2019-7050 416 Exec Code 2019-05-24 2019-08-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
305 CVE-2019-7048 416 Exec Code 2019-05-24 2019-08-21
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
306 CVE-2019-7046 476 Exec Code 2019-05-24 2019-08-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .
307 CVE-2019-7044 416 Exec Code 2019-05-24 2019-08-21
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
308 CVE-2019-7043 416 Exec Code 2019-05-24 2019-08-21
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
309 CVE-2019-7042 476 Exec Code 2019-05-24 2019-08-21
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .
310 CVE-2019-7040 416 Exec Code 2019-05-24 2019-08-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
311 CVE-2019-7039 787 Exec Code 2019-05-24 2019-08-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
312 CVE-2019-7037 787 Exec Code 2019-05-24 2019-08-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
313 CVE-2019-7031 416 Exec Code 2019-05-24 2019-08-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
314 CVE-2019-7029 416 Exec Code 2019-05-24 2019-08-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
315 CVE-2019-7027 787 Exec Code 2019-05-24 2019-08-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
316 CVE-2019-7026 416 Exec Code 2019-05-24 2019-08-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
317 CVE-2019-7025 416 Exec Code 2019-05-24 2019-08-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
318 CVE-2019-7020 119 Exec Code Overflow 2019-05-24 2019-08-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution .
319 CVE-2019-7019 787 Exec Code 2019-05-24 2019-08-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
320 CVE-2019-7018 416 Exec Code 2019-05-24 2019-08-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
321 CVE-2019-6989 119 Exec Code Overflow 2019-06-06 2019-06-10
9.0
None Remote Low Single system Complete Complete Complete
TP-Link TL-WR940N is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the ipAddrDispose function. By sending specially crafted ICMP echo request packets, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges.
322 CVE-2019-6971 287 2019-06-19 2019-06-20
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on TP-Link TL-WR1043ND V2 devices. An attacker can send a cookie in an HTTP authentication packet to the router management web interface, and fully control the router without knowledge of the credentials.
323 CVE-2019-6824 119 Exec Code Overflow 2019-07-15 2019-07-17
10.0
None Remote Low Not required Complete Complete Complete
A CWE-119: Buffer Errors vulnerability exists in ProClima (all versions prior to version 8.0.0) which allows an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0.
324 CVE-2019-6823 94 Exec Code 2019-07-15 2019-07-17
10.0
None Remote Low Not required Complete Complete Complete
A CWE-94: Code Injection vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0.
325 CVE-2019-6725 798 2019-05-31 2019-06-03
10.0
None Remote Low Not required Complete Complete Complete
The rpWLANRedirect.asp ASP page is accessible without authentication on ZyXEL P-660HN-T1 V2 (2.00(AAKK.3)) devices. After accessing the page, the admin user's password can be obtained by viewing the HTML source code, and the interface of the modem can be accessed as admin.
326 CVE-2019-6642 264 2019-07-01 2019-07-08
9.0
None Remote Low Single system Complete Complete Complete
In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, and 11.5.2-11.6.4, BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, authenticated users with the ability to upload files (via scp, for example) can escalate their privileges to allow root shell access from within the TMOS Shell (tmsh) interface. The tmsh interface allows users to execute a secondary program via tools like sftp or scp.
327 CVE-2019-6610 20 DoS 2019-04-11 2019-04-24
9.0
None Remote Low Not required Partial Partial Complete
On BIG-IP versions 14.0.0-14.0.0.4, 13.0.0-13.1.1.1, 12.1.0-12.1.4, 11.6.0-11.6.3.4, and 11.5.1-11.5.8, the system is vulnerable to a denial of service attack when performing URL classification.
328 CVE-2019-6570 264 2019-04-17 2019-04-17
9.0
None Remote Low Single system Complete Complete Complete
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Due to insufficient checking of user permissions, an attacker may access URLs that require special authorization. The security vulnerability could be exploited by an attacker with network access to the affected system. An attacker must have access to a low privileged account in order to exploit the vulnerability. An attacker could use the vulnerability to compromise confidentiality, integrity and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known.
329 CVE-2019-6564 427 +Priv 2019-05-09 2019-05-16
9.3
None Remote Medium Not required Complete Complete Complete
GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to place malicious files within the installer file directory, which may allow an attacker to gain administrative privileges on a system during installation or upgrade.
330 CVE-2019-6441 255 2019-03-21 2019-04-02
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have backend validation for the current password and doesn't require any type of authentication. By making a POST request to the apply.cgi file of the router, the attacker can change the admin username and password of the router.
331 CVE-2019-6322 254 2019-05-29 2019-05-31
9.0
None Remote Low Single system Complete Complete Complete
HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. This vulnerability relates to Workstations whose TPM is enabled by default.
332 CVE-2019-6321 254 2019-05-29 2019-05-31
9.0
None Remote Low Single system Complete Complete Complete
HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. This vulnerability relates to Workstations whose TPM is disabled by default.
333 CVE-2019-6250 190 Exec Code Overflow 2019-01-13 2019-04-03
9.0
None Remote Low Single system Complete Complete Complete
A pointer overflow, with code execution, was discovered in ZeroMQ libzmq (aka 0MQ) 4.2.x and 4.3.x before 4.3.1. A v2_decoder.cpp zmq::v2_decoder_t::size_ready integer overflow allows an authenticated attacker to overwrite an arbitrary amount of bytes beyond the bounds of a buffer, which can be leveraged to run arbitrary code on the target system. The memory layout allows the attacker to inject OS commands into a data structure located immediately after the problematic buffer (i.e., it is not necessary to use a typical buffer-overflow exploitation technique that changes the flow of control).
334 CVE-2019-5890 287 2019-04-01 2019-04-04
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered in OverIT Geocall 6.3 before build 2:346977. Weak authentication and session management allows an authenticated user to obtain access to the Administrative control panel and execute administrative functions.
335 CVE-2019-5789 190 Exec Code Overflow 2019-05-23 2019-06-28
9.3
None Remote Medium Not required Complete Complete Complete
An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
336 CVE-2019-5788 190 Exec Code Overflow 2019-05-23 2019-06-28
9.3
None Remote Medium Not required Complete Complete Complete
An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
337 CVE-2019-5787 416 2019-05-23 2019-06-28
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-garbage-collection in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
338 CVE-2019-5736 216 Exec Code 2019-02-11 2019-06-03
9.3
None Remote Medium Not required Complete Complete Complete
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
339 CVE-2019-5685 787 DoS Exec Code 2019-08-06 2019-08-13
10.0
None Remote Low Not required Complete Complete Complete
NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access to a shader local temporary array, which may lead to denial of service or code execution.
340 CVE-2019-5684 787 DoS Exec Code 2019-08-06 2019-08-13
10.0
None Remote Low Not required Complete Complete Complete
NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access of an input texture array, which may lead to denial of service or code execution.
341 CVE-2019-5602 264 +Priv 2019-07-03 2019-07-15
9.0
None Remote Low Single system Complete Complete Complete
In FreeBSD 12.0-STABLE before r349628, 12.0-RELEASE before 12.0-RELEASE-p7, 11.3-PRERELEASE before r349629, 11.3-RC3 before 11.3-RC3-p1, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the cdrom driver allows users with read access to the cdrom device to arbitrarily overwrite kernel memory when media is present thereby allowing a malicious user in the operator group to gain root privileges.
342 CVE-2019-5589 426 Exec Code 2019-05-28 2019-05-29
9.3
None Remote Medium Not required Complete Complete Complete
An Unsafe Search Path vulnerability in FortiClient Online Installer (Windows version before 6.0.6) may allow an unauthenticated, remote attacker with control over the directory in which FortiClientOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious .dll files in that directory.
343 CVE-2019-5526 264 2019-05-15 2019-05-17
9.3
None Remote Medium Not required Complete Complete Complete
VMware Workstation (15.x before 15.1.0) contains a DLL hijacking issue because some DLL files are improperly loaded by the application. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to administrator on a windows host where Workstation is installed.
344 CVE-2019-5524 787 Exec Code 2019-04-02 2019-04-04
9.0
None Remote Low Single system Complete Complete Complete
VMware Workstation (14.x before 14.1.6) and Fusion (10.x before 10.1.6) contain an out-of-bounds write vulnerability in the e1000 virtual network adapter. This issue may allow a guest to execute code on the host.
345 CVE-2019-5515 787 DoS Exec Code 2019-04-02 2019-05-29
9.0
None Remote Low Single system Complete Complete Complete
VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) and Fusion (11.x before 11.0.3, 10.x before 10.1.6) updates address an out-of-bounds write vulnerability in the e1000 and e1000e virtual network adapters. Exploitation of this issue may lead to code execution on the host from the guest but it is more likely to result in a denial of service of the guest.
346 CVE-2019-5490 264 Exec Code 2019-03-21 2019-04-18
10.0
None Remote Low Not required Complete Complete Complete
Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed version of Service Processor firmware IMMEDIATELY.
347 CVE-2019-5446 77 Exec Code 2019-07-10 2019-07-17
9.0
None Remote Low Single system Complete Complete Complete
Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to execute commands as root.
348 CVE-2019-5441 78 2019-06-07 2019-06-11
9.0
None Remote Low Single system Complete Complete Complete
An OS Command Injection has been discovered in the Nextcloud App: Extract prior to version 1.2.0.
349 CVE-2019-5425 77 Exec Code Bypass 2019-04-10 2019-04-11
9.0
None Remote Low Single system Complete Complete Complete
In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an authenticated user can execute arbitrary shell commands over the SSH interface bypassing the CLI interface, which allow them to escalate privileges to root.
350 CVE-2019-5424 77 Exec Code 2019-04-10 2019-04-11
9.0
None Remote Low Single system Complete Complete Complete
In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, a privileged user can execute arbitrary shell commands over the SSH CLI interface. This allows to execute shell commands under the root user.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.