CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
5601 CVE-2019-6030 352 CSRF 2019-12-26 2020-01-03
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Custom Body Class 0.6.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
5602 CVE-2019-6027 352 CSRF 2019-12-26 2020-01-06
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in WP Spell Check 7.1.9 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
5603 CVE-2019-6019 426 +Priv 2019-12-26 2020-01-08
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in STAMP Workbench installer all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
5604 CVE-2019-6013 78 Exec Code 2019-12-26 2020-01-07
6.8
None Local Low ??? Complete Complete Complete
DBA-1510P firmware 1.70b009 and earlier allows authenticated attackers to execute arbitrary OS commands via Command Line Interface (CLI).
5605 CVE-2019-6012 89 Exec Code Sql 2019-12-26 2020-01-03
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in the wpDataTables Lite Version 2.0.11 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
5606 CVE-2019-6010 190 DoS Exec Code Overflow 2019-09-19 2019-09-19
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow vulnerability in LINE(Android) from 4.4.0 to the version before 9.15.1 allows remote attackers to cause a denial of service (DoS) condition or execute arbitrary code via a specially crafted image.
5607 CVE-2019-6008 428 Exec Code +Priv 2019-12-26 2020-01-08
6.8
None Remote Medium Not required Partial Partial Partial
An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)) allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges.
5608 CVE-2019-6007 190 DoS Exec Code Overflow 2019-09-12 2019-09-19
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow vulnerability in apng-drawable 1.0.0 to 1.6.0 allows an attacker to cause a denial of service (DoS) condition or execute arbitrary code via unspecified vectors.
5609 CVE-2019-5996 89 Exec Code Sql 2019-09-12 2019-09-13
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in the Video Insight VMS 7.3.2.5 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
5610 CVE-2019-5993 352 CSRF 2019-09-12 2019-09-16
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Category Specific RSS feed Subscription version v2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
5611 CVE-2019-5992 352 CSRF 2019-09-12 2019-09-13
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in WordPress Ultra Simple Paypal Shopping Cart v4.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
5612 CVE-2019-5991 89 Exec Code Sql 2019-09-12 2019-09-13
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
5613 CVE-2019-5986 352 CSRF 2019-09-12 2019-09-16
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, RS-500KI firmware version Ver.01.00.0070 and earlier, PR-500MI/RT-500MI firmware version Ver.01.01.0014 and earlier, and RS-500MI firmware version Ver.03.01.0019 and earlier, and Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, and PR-500MI/RT-500MI firmware version Ver.01.01.0011 and earlier) allow remote attackers to hijack the authentication of administrators via unspecified vectors.
5614 CVE-2019-5984 352 CSRF 2019-07-05 2019-07-09
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Custom CSS Pro 1.0.3 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
5615 CVE-2019-5983 352 CSRF 2019-07-05 2019-07-09
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in HTML5 Maps 1.6.5.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
5616 CVE-2019-5981 2019-07-05 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Improper authorization vulnerability in VAIO Update 7.3.0.03150 and earlier allows an attackers to execute arbitrary executable file with administrative privilege via unspecified vectors.
5617 CVE-2019-5980 352 CSRF 2019-07-05 2019-07-31
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Related YouTube Videos versions prior to 1.9.9 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
5618 CVE-2019-5979 352 CSRF 2019-07-05 2019-07-31
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Personalized WooCommerce Cart Page 2.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
5619 CVE-2019-5974 352 CSRF 2019-07-05 2019-07-15
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Contest Gallery versions prior to 10.4.5 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
5620 CVE-2019-5973 352 CSRF 2019-07-05 2019-07-31
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Online Lesson Booking 0.8.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
5621 CVE-2019-5971 352 CSRF 2019-07-05 2019-07-09
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Attendance Manager 0.5.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
5622 CVE-2019-5968 352 CSRF 2019-07-05 2019-07-09
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in GROWI v3.4.6 and earlier allows remote attackers to hijack the authentication of administrators via updating user's 'Basic Info'.
5623 CVE-2019-5963 352 CSRF 2019-07-05 2019-07-31
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
5624 CVE-2019-5960 352 CSRF 2019-07-05 2019-07-08
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in WP Open Graph 1.6.1 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
5625 CVE-2019-5958 426 +Priv 2019-05-17 2019-05-21
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in Electronic reception and examination of application for radio licenses Offline 1.0.9.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
5626 CVE-2019-5957 426 +Priv 2019-05-17 2019-05-21
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in Installer of Electronic reception and examination of application for radio licenses Online 1.0.9.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
5627 CVE-2019-5954 Bypass +Info 2019-05-17 2020-08-24
6.4
None Remote Low Not required Partial Partial None
JR East Japan train operation information push notification App for Android version 1.2.4 and earlier allows remote attackers to bypass access restriction to obtain or alter the user's registered information via unspecified vectors.
5628 CVE-2019-5934 89 Exec Code Sql 2019-05-17 2019-05-20
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.0 allows attacker with administrator rights to execute arbitrary SQL commands via the Log Search function of application 'logging'.
5629 CVE-2019-5924 352 CSRF 2019-03-12 2019-08-23
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Smart Forms 2.6.15 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page.
5630 CVE-2019-5922 426 +Priv 2019-03-12 2019-03-13
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in The installer of Microsoft Teams allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
5631 CVE-2019-5921 426 +Priv 2019-03-12 2019-03-13
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in Windows 7 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
5632 CVE-2019-5920 352 CSRF 2019-03-12 2019-03-14
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in FormCraft 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page.
5633 CVE-2019-5919 310 +Info 2019-03-12 2019-03-13
6.4
None Remote Low Not required Partial Partial None
An incomplete cryptography of the data store function by using hidden tag in Nablarch 5 (5, and 5u1 to 5u13) allows remote attackers to obtain information of the stored data, to register invalid value, or alter the value via unspecified vectors.
5634 CVE-2019-5913 426 +Priv 2019-02-13 2019-02-19
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in the installer of LHMelting (LHMelting for Win32 Ver 1.65.3.6 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
5635 CVE-2019-5912 426 +Priv 2019-02-13 2019-02-19
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in the installer of UNARJ32.DLL (UNARJ32.DLL for Win32 Ver 1.10.1.25 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
5636 CVE-2019-5911 426 +Priv 2019-02-13 2019-02-19
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in the installer of UNLHA32.DLL (UNLHA32.DLL for Win32 Ver 2.67.1.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
5637 CVE-2019-5887 22 Dir. Trav. 2019-01-10 2019-01-18
6.4
None Remote Low Not required None Partial Partial
An issue was discovered in ShopXO 1.2.0. In the UnlinkDir method of the FileUtil.php file, the input parameters are not checked, resulting in input mishandling by the rmdir method. Attackers can delete arbitrary files by using "../" directory traversal.
5638 CVE-2019-5883 2019-05-17 2020-08-24
6.4
None Remote Low Not required Partial Partial None
An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 6.0 and later but before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. The issue comments feature could allow a user to comment on an issue which they shouldn't be allowed to.
5639 CVE-2019-5878 787 2019-11-25 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in V8 in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
5640 CVE-2019-5877 787 Mem. Corr. 2019-11-25 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Out of bounds memory access in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
5641 CVE-2019-5876 787 2019-11-25 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in media in Google Chrome on Android prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
5642 CVE-2019-5874 20 Bypass 2019-11-25 2019-12-02
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient filtering in URI schemes in Google Chrome on Windows prior to 77.0.3865.75 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
5643 CVE-2019-5871 787 Overflow 2019-11-25 2019-12-02
6.8
None Remote Medium Not required Partial Partial Partial
Heap buffer overflow in Skia in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
5644 CVE-2019-5870 416 2019-11-25 2019-11-25
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in media in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
5645 CVE-2019-5859 20 Bypass 2019-11-25 2019-12-02
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient filtering in URI schemes in Google Chrome on Windows prior to 76.0.3809.87 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
5646 CVE-2019-5858 20 Exec Code 2019-11-25 2019-12-02
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect security UI in MacOS services integration in Google Chrome on OS X prior to 76.0.3809.87 allowed a local attacker to execute arbitrary code via a crafted HTML page.
5647 CVE-2019-5856 20 Bypass 2019-11-25 2019-12-02
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient policy enforcement in storage in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
5648 CVE-2019-5854 787 Overflow 2019-11-25 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
5649 CVE-2019-5853 682 2019-11-25 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
5650 CVE-2019-5851 787 2019-11-25 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in WebAudio in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.