CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
451 CVE-2019-5789 190 Exec Code Overflow 2019-05-23 2019-06-28
9.3
None Remote Medium Not required Complete Complete Complete
An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
452 CVE-2019-5788 190 Exec Code Overflow 2019-05-23 2019-06-28
9.3
None Remote Medium Not required Complete Complete Complete
An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
453 CVE-2019-5787 416 2019-05-23 2019-06-28
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-garbage-collection in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
454 CVE-2019-5736 216 Exec Code 2019-02-11 2019-06-03
9.3
None Remote Medium Not required Complete Complete Complete
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
455 CVE-2019-5685 787 DoS Exec Code 2019-08-06 2019-08-13
10.0
None Remote Low Not required Complete Complete Complete
NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access to a shader local temporary array, which may lead to denial of service or code execution.
456 CVE-2019-5684 787 DoS Exec Code 2019-08-06 2019-08-13
10.0
None Remote Low Not required Complete Complete Complete
NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access of an input texture array, which may lead to denial of service or code execution.
457 CVE-2019-5631 426 2019-08-19 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
The Rapid7 InsightAppSec broker suffers from a DLL injection vulnerability in the 'prunsrv.exe' component of the product. If exploited, a local user of the system (who must already be authenticated to the operating system) can elevate their privileges with this vulnerability to the privilege level of InsightAppSec (usually, SYSTEM). This issue affects version 2019.06.24 and prior versions of the product.
458 CVE-2019-5602 264 +Priv 2019-07-03 2019-07-15
9.0
None Remote Low Single system Complete Complete Complete
In FreeBSD 12.0-STABLE before r349628, 12.0-RELEASE before 12.0-RELEASE-p7, 11.3-PRERELEASE before r349629, 11.3-RC3 before 11.3-RC3-p1, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the cdrom driver allows users with read access to the cdrom device to arbitrarily overwrite kernel memory when media is present thereby allowing a malicious user in the operator group to gain root privileges.
459 CVE-2019-5589 426 Exec Code 2019-05-28 2019-05-29
9.3
None Remote Medium Not required Complete Complete Complete
An Unsafe Search Path vulnerability in FortiClient Online Installer (Windows version before 6.0.6) may allow an unauthenticated, remote attacker with control over the directory in which FortiClientOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious .dll files in that directory.
460 CVE-2019-5526 264 2019-05-15 2019-05-17
9.3
None Remote Medium Not required Complete Complete Complete
VMware Workstation (15.x before 15.1.0) contains a DLL hijacking issue because some DLL files are improperly loaded by the application. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to administrator on a windows host where Workstation is installed.
461 CVE-2019-5524 787 Exec Code 2019-04-02 2019-04-04
9.0
None Remote Low Single system Complete Complete Complete
VMware Workstation (14.x before 14.1.6) and Fusion (10.x before 10.1.6) contain an out-of-bounds write vulnerability in the e1000 virtual network adapter. This issue may allow a guest to execute code on the host.
462 CVE-2019-5515 787 DoS Exec Code 2019-04-02 2019-05-29
9.0
None Remote Low Single system Complete Complete Complete
VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) and Fusion (11.x before 11.0.3, 10.x before 10.1.6) updates address an out-of-bounds write vulnerability in the e1000 and e1000e virtual network adapters. Exploitation of this issue may lead to code execution on the host from the guest but it is more likely to result in a denial of service of the guest.
463 CVE-2019-5490 264 Exec Code 2019-03-21 2019-04-18
10.0
None Remote Low Not required Complete Complete Complete
Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed version of Service Processor firmware IMMEDIATELY.
464 CVE-2019-5485 78 2019-09-13 2019-09-25
10.0
None Remote Low Not required Complete Complete Complete
NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injection vulnerability. Arbitrary commands can be injected through the repository name.
465 CVE-2019-5475 78 Exec Code 2019-09-03 2019-10-09
9.0
None Remote Low Single system Complete Complete Complete
The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability.
466 CVE-2019-5446 77 Exec Code 2019-07-10 2019-10-09
9.0
None Remote Low Single system Complete Complete Complete
Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to execute commands as root.
467 CVE-2019-5441 78 2019-06-07 2019-06-11
9.0
None Remote Low Single system Complete Complete Complete
An OS Command Injection has been discovered in the Nextcloud App: Extract prior to version 1.2.0.
468 CVE-2019-5425 77 Exec Code Bypass 2019-04-10 2019-04-11
9.0
None Remote Low Single system Complete Complete Complete
In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an authenticated user can execute arbitrary shell commands over the SSH interface bypassing the CLI interface, which allow them to escalate privileges to root.
469 CVE-2019-5424 77 Exec Code 2019-04-10 2019-10-09
9.0
None Remote Low Single system Complete Complete Complete
In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, a privileged user can execute arbitrary shell commands over the SSH CLI interface. This allows to execute shell commands under the root user.
470 CVE-2019-5414 78 2019-03-21 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
If an attacker can control the port, which in itself is a very sensitive value, they can inject arbitrary OS commands due to the usage of the exec function in a third-party module kill-port < 1.3.2.
471 CVE-2019-5406 384 2019-08-09 2019-08-16
9.0
None Remote Low Single system Complete Complete Complete
A remote session reuse vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
472 CVE-2019-5402 285 Bypass 2019-08-09 2019-08-16
10.0
None Remote Low Not required Complete Complete Complete
A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
473 CVE-2019-5399 285 2019-08-09 2019-08-16
9.7
None Remote Low Not required Partial Complete Complete
A remote gain authorized access vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
474 CVE-2019-5397 254 Bypass 2019-08-09 2019-08-16
9.7
None Remote Low Not required Partial Complete Complete
A remote bypass of security restrictions vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
475 CVE-2019-5396 287 Bypass 2019-08-09 2019-08-16
9.7
None Remote Low Not required Partial Complete Complete
A remote authentication bypass vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
476 CVE-2019-5391 119 Overflow 2019-06-05 2019-06-06
10.0
None Remote Low Not required Complete Complete Complete
A stack buffer overflow vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
477 CVE-2019-5390 77 2019-06-05 2019-06-06
10.0
None Remote Low Not required Complete Complete Complete
A remote command injection vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
478 CVE-2019-5389 74 Exec Code 2019-06-05 2019-06-06
9.0
None Remote Low Single system Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
479 CVE-2019-5388 74 Exec Code 2019-06-05 2019-06-06
9.0
None Remote Low Single system Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
480 CVE-2019-5387 74 Exec Code 2019-06-05 2019-06-06
10.0
None Remote Low Not required Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
481 CVE-2019-5386 74 Exec Code 2019-06-05 2019-06-06
9.0
None Remote Low Single system Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
482 CVE-2019-5385 74 Exec Code 2019-06-05 2019-06-06
9.0
None Remote Low Single system Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
483 CVE-2019-5384 74 Exec Code 2019-06-05 2019-06-07
9.0
None Remote Low Single system Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
484 CVE-2019-5383 74 Exec Code 2019-06-05 2019-06-06
9.0
None Remote Low Single system Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
485 CVE-2019-5382 74 Exec Code 2019-06-05 2019-06-06
9.0
None Remote Low Single system Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
486 CVE-2019-5381 74 Exec Code 2019-06-05 2019-06-06
9.0
None Remote Low Single system Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
487 CVE-2019-5380 74 Exec Code 2019-06-05 2019-06-06
9.0
None Remote Low Single system Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
488 CVE-2019-5379 74 Exec Code 2019-06-05 2019-06-06
9.0
None Remote Low Single system Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
489 CVE-2019-5378 74 Exec Code 2019-06-05 2019-06-06
9.0
None Remote Low Single system Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
490 CVE-2019-5377 74 Exec Code 2019-06-05 2019-06-06
9.0
None Remote Low Single system Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
491 CVE-2019-5376 20 Exec Code 2019-06-05 2019-06-06
9.0
None Remote Low Single system Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
492 CVE-2019-5375 77 Exec Code 2019-06-05 2019-06-06
9.0
None Remote Low Single system Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
493 CVE-2019-5374 77 Exec Code 2019-06-05 2019-06-06
9.0
None Remote Low Single system Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
494 CVE-2019-5373 77 Exec Code 2019-06-05 2019-06-06
9.0
None Remote Low Single system Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
495 CVE-2019-5372 77 Exec Code 2019-06-05 2019-06-06
9.0
None Remote Low Single system Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
496 CVE-2019-5371 77 Exec Code 2019-06-05 2019-06-06
9.0
None Remote Low Single system Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
497 CVE-2019-5370 77 Exec Code 2019-06-05 2019-06-06
9.0
None Remote Low Single system Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
498 CVE-2019-5369 20 Exec Code 2019-06-05 2019-06-06
9.0
None Remote Low Single system Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
499 CVE-2019-5368 20 Exec Code 2019-06-05 2019-06-06
9.0
None Remote Low Single system Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
500 CVE-2019-5367 287 Exec Code 2019-06-05 2019-06-06
10.0
None Remote Low Not required Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.