CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
401 CVE-2019-10248 669 2019-04-22 2019-04-26
6.8
None Remote Medium Not required Partial Partial Partial
Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected.
402 CVE-2019-10240 310 2019-04-03 2019-04-08
6.8
None Remote Medium Not required Partial Partial Partial
Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected.
403 CVE-2019-10237 352 CSRF 2019-03-27 2019-03-28
6.8
None Remote Medium Not required Partial Partial Partial
S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via the 4.edu.php/admin/ajax.php?type=admin&action=add&lang=0 URI, a related issue to CVE-2019-9040.
404 CVE-2019-10233 362 2019-03-27 2019-03-28
6.8
None Remote Medium Not required Partial Partial Partial
Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie.
405 CVE-2019-10199 20 2019-08-14 2019-08-19
6.8
None Remote Medium Not required Partial Partial Partial
It was found that Keycloak's account console, up to 6.0.1, did not perform adequate header checks in some requests. An attacker could use this flaw to trick an authenticated user into performing operations via request from an untrusted domain.
406 CVE-2019-10193 119 Overflow 2019-07-11 2019-07-19
6.5
None Remote Low Single system Partial Partial Partial
A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer.
407 CVE-2019-10192 119 Overflow 2019-07-11 2019-07-19
6.5
None Remote Low Single system Partial Partial Partial
A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer.
408 CVE-2019-10186 352 CSRF 2019-07-31 2019-08-01
6.8
None Remote Medium Not required Partial Partial Partial
A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool.
409 CVE-2019-10185 22 Dir. Trav. 2019-07-31 2019-08-15
6.4
None Remote Low Not required None Partial Partial
It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and, possibly, break out of the sandbox.
410 CVE-2019-10181 345 Exec Code 2019-07-31 2019-08-15
6.8
None Remote Medium Not required Partial Partial Partial
It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox.
411 CVE-2019-10147 200 +Info 2019-06-03 2019-06-04
6.9
None Local Medium Not required Complete Complete Complete
rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`. Processes run with `rkt enter` are not limited by cgroups during stage 2 (the actual environment in which the applications run). Compromised containers could exploit this flaw to access host resources.
412 CVE-2019-10145 200 +Info 2019-06-03 2019-06-04
6.9
None Local Medium Not required Complete Complete Complete
rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`. Processes run with `rkt enter` do not have seccomp filtering during stage 2 (the actual environment in which the applications run). Compromised containers could exploit this flaw to access host resources.
413 CVE-2019-10144 200 +Info 2019-06-03 2019-06-04
6.9
None Local Medium Not required Complete Complete Complete
rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`. Processes run with `rkt enter` are given all capabilities during stage 2 (the actual environment in which the applications run). Compromised containers could exploit this flaw to access host resources.
414 CVE-2019-10143 264 +Priv 2019-05-24 2019-07-09
6.9
None Local Medium Not required Complete Complete Complete
** DISPUTED ** It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated "there is simply no way for anyone to gain privileges through this alleged issue."
415 CVE-2019-10141 89 DoS Sql 2019-07-30 2019-08-15
6.4
None Remote Low Not required None Partial Partial
A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's node_cache.find_node(). This function makes a SQL query using unfiltered data from a server reporting inspection results (by a POST to the /v1/continue endpoint). Because the API is unauthenticated, the flaw could be exploited by an attacker with access to the network on which ironic-inspector is listening. Because of how ironic-inspector uses the query results, it is unlikely that data could be obtained. However, the attacker could pass malicious data and create a denial of service.
416 CVE-2019-10138 284 2019-07-30 2019-08-07
6.5
None Remote Low Single system Partial Partial Partial
A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens.
417 CVE-2019-10135 20 Exec Code 2019-07-11 2019-07-18
6.5
None Remote Low Single system Partial Partial Partial
A flaw was found in the yaml.load() function in the osbs-client versions since 0.46 before 0.56.1. Insecure use of the yaml.load() function allowed the user to load any suspicious object for code execution via the parsing of malicious YAML files.
418 CVE-2019-10132 264 2019-05-22 2019-06-11
6.5
None Remote Low Single system Partial Partial Partial
A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons.
419 CVE-2019-10120 384 2019-07-10 2019-07-17
6.5
None Remote Low Single system Partial Partial Partial
On eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16, automatic login configuration (aka setAutoLogin) can be achieved by continuing to use a session ID after a logout, aka HMCCU-154.
420 CVE-2019-10103 20 2019-07-03 2019-07-12
6.8
None Remote Medium Not required Partial Partial Partial
JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/JVM Server) IDE Template were resolving Gradle artifacts using an http connection, potentially allowing an MITM attack. This issue, which was fixed in Kotlin plugin version 1.3.30, is similar to CVE-2019-10101.
421 CVE-2019-10102 20 2019-07-03 2019-07-12
6.8
None Remote Medium Not required Partial Partial Partial
JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed in Kotlin plugin version 1.3.30.
422 CVE-2019-10101 310 2019-07-03 2019-07-20
6.8
None Remote Medium Not required Partial Partial Partial
JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack.
423 CVE-2019-10094 119 Overflow 2019-08-02 2019-08-12
6.8
None Remote Medium Not required Partial Partial Partial
A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file (a quine), causes a StackOverflowError in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Apache Tika users should upgrade to 1.22 or later.
424 CVE-2019-10088 119 Overflow 2019-08-02 2019-08-12
6.8
None Remote Medium Not required Partial Partial Partial
A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Users should upgrade to 1.22 or later.
425 CVE-2019-10063 20 Exec Code Bypass 2019-03-26 2019-05-13
6.8
None Remote Medium Not required Partial Partial Partial
Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226 by using a seccomp filter to prevent sandboxed apps from using the TIOCSTI ioctl, which could otherwise be used to inject commands into the controlling terminal so that they would be executed outside the sandbox after the sandboxed app exits. This fix was incomplete: on 64-bit platforms, the seccomp filter could be bypassed by an ioctl request number that has TIOCSTI in its 32 least significant bits and an arbitrary nonzero value in its 32 most significant bits, which the Linux kernel would treat as equivalent to TIOCSTI.
426 CVE-2019-10060 119 Exec Code Overflow 2019-03-25 2019-03-28
6.8
None Remote Medium Not required Partial Partial Partial
The Verix Multi-app Conductor application 2.7 for Verifone Verix suffers from a buffer overflow vulnerability that allows attackers to execute arbitrary code via a long configuration key value. An attacker must be able to download files to the device in order to exploit this vulnerability.
427 CVE-2019-10045 384 2019-05-31 2019-06-03
6.4
None Remote Low Not required Partial Partial None
The "action" get_sess_id in the web application of Pydio through 8.2.2 discloses the session cookie value in the response body, enabling scripts to get access to its value. This identifier can be reused by an attacker to impersonate a user and perform actions on behalf of him/her (if the session is still active).
428 CVE-2019-10044 20 2019-03-25 2019-04-07
6.8
None Remote Medium Not required Partial Partial Partial
Telegram Desktop before 1.5.12 on Windows, and the Telegram applications for Android, iOS, and Linux, is vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets.
429 CVE-2019-10012 434 Exec Code 2019-03-25 2019-04-07
6.0
None Remote Medium Single system Partial Partial Partial
Jenzabar JICS (aka Internet Campus Solution) before 9 allows remote attackers to upload and execute arbitrary .aspx code by placing it in a ZIP archive and using the MoxieManager (for .NET) plugin before 2.1.4 in the moxiemanager directory within the installation folder ICS\ICS.NET\ICSFileServer.
430 CVE-2019-10008 384 2019-04-24 2019-04-25
6.5
None Remote Low Single system Partial Partial Partial
Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privilege escalation because an established guest session is automatically converted into an established administrator session when the guest user enters the administrator username, with an arbitrary incorrect password, in an mc/ login attempt within a different browser tab.
431 CVE-2019-9977 20 Exec Code 2019-03-24 2019-04-07
6.8
None Remote Medium Not required Partial Partial Partial
The renderer process in the entertainment system on Tesla Model 3 vehicles mishandles JIT compilation, which allows attackers to trigger firmware code execution, and display a crafted message to vehicle occupants.
432 CVE-2019-9974 285 2019-04-11 2019-04-12
6.4
None Remote Low Not required Partial None Partial
diag_tool.cgi on DASAN H660RM GPON routers with firmware 1.03-0022 lacks any authorization check, which allows remote attackers to run a ping command via a GET request to enumerate LAN devices or crash the router with a DoS attack.
433 CVE-2019-9958 352 CSRF 2019-06-24 2019-07-03
6.8
None Remote Medium Not required Partial Partial Partial
CSRF within the admin panel in Quadbase EspressReport ES (ERES) v7.0 update 7 allows remote attackers to escalate privileges, or create new admin accounts by crafting a malicious web page that issues specific requests, using a target admin's session to process their requests.
434 CVE-2019-9956 119 DoS Exec Code Overflow 2019-03-23 2019-05-14
6.8
None Remote Medium Not required Partial Partial Partial
In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file.
435 CVE-2019-9948 254 Bypass 2019-03-23 2019-06-18
6.4
None Remote Low Not required Partial Partial None
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.
436 CVE-2019-9928 119 Exec Code Overflow 2019-04-24 2019-06-27
6.8
None Remote Medium Not required Partial Partial Partial
GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution.
437 CVE-2019-9920 264 2019-03-29 2019-04-01
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to perform an action within the context of the account of another user.
438 CVE-2019-9918 89 Sql 2019-03-29 2019-03-29
6.4
None Remote Low Not required Partial Partial None
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Input does not get validated and queries are not written in a way to prevent SQL injection. Therefore arbitrary SQL-Statements can be executed in the database.
439 CVE-2019-9894 320 2019-03-21 2019-04-26
6.4
None Remote Low Not required None Partial Partial
A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.
440 CVE-2019-9890 275 2019-04-17 2019-04-17
6.4
None Remote Low Not required Partial Partial None
An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions.
441 CVE-2019-9883 352 CSRF 2019-06-03 2019-06-04
6.8
None Remote Medium Not required Partial Partial Partial
Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account via useradmin/cf_new.cgi?chief=&wk_group=full&cf_name=test&cf_account=test&cf_email=&cf_acl=Management&apply_lang=&dn= without any authorizes.
442 CVE-2019-9882 352 CSRF 2019-06-03 2019-06-04
6.8
None Remote Medium Not required Partial Partial Partial
Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources into whitelist via user/save_list.php?ACSION=&type=email&category=white&locate=big5&cmd=add&[email protected]&new_memo=&add=%E6%96%B0%E5%A2%9E without any authorizes.
443 CVE-2019-9880 306 2019-06-10 2019-06-11
6.4
None Remote Low Not required Partial Partial None
An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such as email address, role, and username.
444 CVE-2019-9875 502 Exec Code CSRF 2019-05-31 2019-06-03
6.5
None Remote Low Single system Partial Partial Partial
Deserialization of Untrusted Data in the anti CSRF module in Sitecore through 9.1 allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in an HTTP POST parameter.
445 CVE-2019-9865 190 DoS Exec Code Overflow 2019-05-29 2019-05-29
6.8
None Remote Medium Not required Partial Partial Partial
When RPC is enabled in Wind River VxWorks 6.9 prior to 6.9.1, a specially crafted RPC request can trigger an integer overflow leading to an out-of-bounds memory copy. It may allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code.
446 CVE-2019-9858 94 Exec Code 2019-05-29 2019-06-16
6.5
None Remote Low Single system Partial Partial Partial
Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the Horde_Form_Type_image method onSubmit() is called on uploads, it invokes the functions getImage() and _getUpload(), which uses unsanitized user input as a path to save the image. The unsanitized POST parameter object[photo][img][file] is saved in the $upload[img][file] PHP variable, allowing an attacker to manipulate the $tmp_file passed to move_uploaded_file() to save the uploaded file. By setting the parameter to (for example) ../usr/share/horde/static/bd.php, one can write a PHP backdoor inside the web root. The static/ destination folder is a good candidate to drop the backdoor because it is always writable in Horde installations. (The unsanitized POST parameter went probably unnoticed because it's never submitted by the forms, which default to securely using a random path.)
447 CVE-2019-9847 20 2019-05-09 2019-05-10
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability in LibreOffice hyperlink processing allows an attacker to construct documents containing hyperlinks pointing to the location of an executable on the target users file system. If the hyperlink is activated by the victim the executable target is unconditionally launched. Under Windows and macOS when processing a hyperlink target explicitly activated by the user there was no judgment made on whether the target was an executable file, so such executable targets were launched unconditionally. This issue affects: All LibreOffice Windows and macOS versions prior to 6.1.6; LibreOffice Windows and macOS versions in the 6.2 series prior to 6.2.3.
448 CVE-2019-9842 434 Exec Code 2019-06-14 2019-06-19
6.5
None Remote Low Single system Partial Partial Partial
madskristensen MiniBlog through 2018-05-18 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in app_code/handlers/PostHandler.cs writes a decoded base64 string to a file without validating the extension.
449 CVE-2019-9821 416 2019-07-23 2019-07-26
6.8
None Remote Medium Not required Partial Partial Partial
A use-after-free vulnerability can occur in AssertWorkerThread due to a race condition with shared workers. This results in a potentially exploitable crash. This vulnerability affects Firefox < 67.
450 CVE-2019-9818 362 2019-07-23 2019-07-26
6.8
None Remote Medium Not required Partial Partial Partial
A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. *Note: this vulnerability only affects Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.