CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
5801 CVE-2019-5016 200 DoS +Info 2019-06-17 2019-06-20
6.4
None Remote Low Not required Partial None Partial
An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module which enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. A specially crafted index value can cause an invalid memory read, resulting in a denial of service or remote information disclosure. An unauthenticated attacker can send a crafted packet on the local network to trigger this vulnerability.
5802 CVE-2019-5011 20 2019-03-21 2019-03-22
6.6
None Local Low Not required None Complete Complete
An exploitable privilege escalation vulnerability exists in the helper service CleanMyMac X, version 4.20, due to improper updating. The application failed to remove the vulnerable components upon upgrading to the latest version, leaving the user open to attack. A user with local access can use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a successful exploit.
5803 CVE-2019-5009 434 Exec Code Bypass 2019-01-04 2019-10-24
6.5
None Remote Low ??? Partial Partial Partial
Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension "php3" in the logo upload field, if the uploaded file is in PNG format and has a size of 150x40. One can put PHP code into the image; PHP code can be executed using "<? ?>" tags, as demonstrated by a CompanyDetailsSave action. This bypasses the bad-file-extensions protection mechanism. It is related to actions/CompanyDetailsSave.php, actions/UpdateCompanyLogo.php, and models/CompanyDetails.php.
5804 CVE-2019-4752 89 Sql 2020-02-20 2020-02-21
6.5
None Remote Low ??? Partial Partial Partial
IBM Emptoris Spend Analysis and IBM Emptoris Strategic Supply Management Platform 10.1.0.x, 10.1.1.x, and 10.1.3.x is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 173348.
5805 CVE-2019-4750 352 CSRF 2020-04-24 2020-05-01
6.8
None Remote Medium Not required Partial Partial Partial
IBM Cloud App Management 2019.3.0 and 2019.4.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 173310.
5806 CVE-2019-4732 426 Exec Code 2020-02-03 2020-02-06
6.9
None Local Medium Not required Complete Complete Complete
IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially-crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 172618.
5807 CVE-2019-4680 89 Sql 2020-10-20 2020-10-20
6.5
None Remote Low ??? Partial Partial Partial
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.2.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171733.
5808 CVE-2019-4671 89 Sql 2020-09-15 2020-09-16
6.5
None Remote Low ??? Partial Partial Partial
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171437.
5809 CVE-2019-4669 89 Sql 2020-02-27 2020-02-28
6.5
None Remote Low ??? Partial Partial Partial
IBM Business Process Manager 8.5.7.0 through 8.5.7.0 2017.06, 8.6.0.0 through 8.6.0.0 CF2018.03, and IBM Business Automation Workflow 18.0.0.1 through 19.0.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171254.
5810 CVE-2019-4650 89 Sql 2020-06-26 2020-07-01
6.5
None Remote Low ??? Partial Partial Partial
IBM Maximo Asset Management 7.6.1.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 170961.
5811 CVE-2019-4621 1188 2019-12-09 2019-12-17
6.8
None Remote Medium Not required Partial Partial Partial
IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2018.4.1.5 have a default administrator account that is enabled if the IPMI LAN channel is enabled. A remote attacker could use this account to gain unauthorised access to the BMC. IBM X-Force ID: 168883.
5812 CVE-2019-4613 352 CSRF 2020-02-05 2020-02-06
6.8
None Remote Medium Not required Partial Partial Partial
IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 168524.
5813 CVE-2019-4612 434 2019-12-09 2019-12-11
6.5
None Remote Low ??? Partial Partial Partial
IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 168523.
5814 CVE-2019-4606 426 Exec Code 2019-12-12 2019-12-16
6.9
None Local Medium Not required Complete Complete Complete
IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 could allow a local attacker to execute arbitrary code on the system, caused by an untrusted search path vulnerability. By using a executable file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 168298.
5815 CVE-2019-4598 89 Sql 2020-02-26 2020-02-27
6.5
None Remote Low ??? Partial Partial Partial
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 167881.
5816 CVE-2019-4597 89 Sql 2020-02-26 2020-02-27
6.5
None Remote Low ??? Partial Partial Partial
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 167880.
5817 CVE-2019-4546 269 2019-10-29 2019-10-30
6.5
None Remote Low ??? Partial Partial Partial
After installing the IBM Maximo Health- Safety and Environment Manager 7.6.1, a user is granted additional privileges that they are not normally allowed to access. IBM X-Force ID: 165948.
5818 CVE-2019-4541 20 Bypass 2020-02-04 2020-02-05
6.5
None Remote Low ??? Partial Partial Partial
IBM Security Directory Server 6.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 165814.
5819 CVE-2019-4513 611 2019-08-26 2019-10-09
6.4
None Remote Low Not required Partial None Partial
IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 164555.
5820 CVE-2019-4433 611 2019-08-20 2019-10-09
6.4
None Remote Low Not required Partial None Partial
IBM InfoSphere Global Name Management 5.0 and 6.0 and IBM InfoSphere Identity Insight 8.1 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162890.
5821 CVE-2019-4424 611 2019-08-20 2019-10-09
6.4
None Remote Low Not required Partial None Partial
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, and 19.0.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162770.
5822 CVE-2019-4422 2019-10-03 2020-08-24
6.5
None Remote Low ??? Partial Partial Partial
IBM Security Guardium 9.0, 9.5, and 10.6 are vulnerable to a privilege escalation which could allow an authenticated user to change the accessmgr password. IBM X-Force ID: 162768.
5823 CVE-2019-4419 611 2019-08-20 2019-10-09
6.4
None Remote Low Not required Partial None Partial
IBM Intelligent Operations Center V5.1.0 through V5.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162737.
5824 CVE-2019-4391 611 2020-04-07 2020-04-08
6.4
None Remote Low Not required Partial None Partial
HCL AppScan Standard is vulnerable to XML External Entity Injection (XXE) attack when processing XML data
5825 CVE-2019-4387 89 Sql 2019-11-26 2019-12-09
6.5
None Remote Low ??? Partial Partial Partial
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 162715.
5826 CVE-2019-4340 611 2019-08-20 2019-10-09
6.4
None Remote Low Not required Partial None Partial
IBM Security Guardium Big Data Intelligence 4.0 (SonarG) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 161419.
5827 CVE-2019-4306 668 2019-10-29 2019-10-29
6.4
None Remote Low Not required Partial Partial None
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 specifies permissions for a security-critical resource which could lead to the exposure of sensitive information or the modification of that resource by unintended parties. IBM X-Force ID: 160986.
5828 CVE-2019-4304 384 Bypass 2019-09-30 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security restrictions caused by improper session validation. IBM X-Force ID: 160950.
5829 CVE-2019-4301 Exec Code 2020-02-28 2020-08-24
6.0
None Remote Medium ??? Partial Partial Partial
BigFix Self-Service Application (SSA) is vulnerable to arbitrary code execution if Javascript code is included in Running Message or Post Message HTML.
5830 CVE-2019-4292 434 Exec Code 2019-07-02 2019-07-03
6.5
None Remote Low ??? Partial Partial Partial
IBM Security Guardium 10.5 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable web server. IBM X-Force ID: 160698.
5831 CVE-2019-4244 306 2019-12-10 2019-12-13
6.4
None Remote Low Not required Partial Partial None
IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote attacker to gain unauthorized information and unrestricted control over Zookeeper installations due to missing authentication. IBM X-Force ID: 159518.
5832 CVE-2019-4224 89 Sql 2019-06-26 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
IBM PureApplication System 2.2.3.0 through 2.2.5.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 159240.
5833 CVE-2019-4212 352 CSRF 2019-07-25 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 159132.
5834 CVE-2019-4178 22 Dir. Trav. 2019-04-15 2019-05-09
6.4
None Remote Low Not required Partial Partial None
IBM Cognos Analytics 11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to write or view arbitrary files on the system. IBM X-Force ID: 158919.
5835 CVE-2019-4169 1188 2019-08-26 2020-08-24
6.4
None Remote Low Not required Partial Partial None
IBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC password even after BMC password was changed away from the default password. IBM X-Force ID: 158702.
5836 CVE-2019-4147 89 Sql 2019-09-16 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413.
5837 CVE-2019-4142 352 CSRF 2019-06-18 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
IBM Cloud Private 2.1.0, 3.1.0, 3.1.1, and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158338.
5838 CVE-2019-4135 2019-06-25 2020-08-24
6.5
None Remote Low ??? Partial Partial Partial
IBM Security Access Manager 9.0.1 through 9.0.6 is affected by a security vulnerability that could allow authenticated users to impersonate other users. IBM X-Force ID: 158331.
5839 CVE-2019-4130 434 Exec Code 2019-12-03 2019-12-09
6.5
None Remote Low ??? Partial Partial Partial
IBM Cloud Pak System 2.3 and 2.3.0.1 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 158280.
5840 CVE-2019-4117 352 CSRF 2019-08-20 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158116.
5841 CVE-2019-4080 400 DoS 2019-04-02 2019-10-09
6.8
None Remote Low ??? None None Complete
IBM WebSphere Application Server Admin Console 7.5, 8.0, 8.5, and 9.0 is vulnerable to a potential denial of service, caused by improper parameter parsing. A remote attacker could exploit this to consume all available CPU resources. IBM X-Force ID: 157380.
5842 CVE-2019-4072 613 2019-05-09 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) allows users to remain idle within the application even when a user has logged out. Utilizing the application back button users can remain logged in as the current user for a short period of time, therefore users are presented with information for Spectrum Control Application. IBM X-Force ID: 157064.
5843 CVE-2019-4069 434 2019-06-07 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not properly validate file types, allowing an attacker to upload malicious content. IBM X-Force ID: 157014.
5844 CVE-2019-4066 20 Exec Code 2019-06-07 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 could allow an authenciated user to create arbitrary users which could cause ID management issues and result in code execution. IBM X-Force ID: 157011.
5845 CVE-2019-4035 20 2019-03-22 2019-10-09
6.4
None Remote Low Not required Partial Partial None
IBM Content Navigator 3.0CD could allow attackers to direct web traffic to a malicious site. If attackers make a fake IBM Content Navigator site, they can send a link to ICN users to send request to their Edit client directly. Then Edit client will download documents from the fake ICN website. IBM X-Force ID: 156001.
5846 CVE-2019-4034 20 Exec Code 2019-03-14 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
IBM Content Navigator 3.0CD is could allow an attacker to execute arbitrary code on a user's workstation. When editing an executable file in ICN with Edit service, it will be executed on the user's workstation. IBM X-Force ID: 156000.
5847 CVE-2019-3976 20 2019-10-29 2019-11-01
6.5
None Remote Low ??? Partial Partial Partial
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. If an authenticated user installs a malicious package then a directory could be created and the developer shell could be enabled.
5848 CVE-2019-3960 434 Exec Code 2019-07-31 2019-08-06
6.5
None Remote Low ??? Partial Partial Partial
Unrestricted upload of file with dangerous type in WallacePOS 1.4.3 allows a remote, authenticated attacker to execute arbitrary code by uploading a malicious PHP file.
5849 CVE-2019-3959 352 CSRF 2019-07-31 2019-08-02
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery in WallacePOS 1.4.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.
5850 CVE-2019-3941 306 2019-04-09 2020-08-24
6.4
None Remote Low Not required None Partial Partial
Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to delete arbitrary files via IOCTL 10005 RPC.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.