CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
551 CVE-2019-10192 119 Overflow 2019-07-11 2019-07-19
6.5
None Remote Low Single system Partial Partial Partial
A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer.
552 CVE-2019-10186 352 CSRF 2019-07-31 2019-08-27
6.8
None Remote Medium Not required Partial Partial Partial
A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool.
553 CVE-2019-10185 22 Dir. Trav. 2019-07-31 2019-08-15
6.4
None Remote Low Not required None Partial Partial
It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and, possibly, break out of the sandbox.
554 CVE-2019-10181 345 Exec Code 2019-07-31 2019-08-15
6.8
None Remote Medium Not required Partial Partial Partial
It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox.
555 CVE-2019-10147 200 +Info 2019-06-03 2019-06-04
6.9
None Local Medium Not required Complete Complete Complete
rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`. Processes run with `rkt enter` are not limited by cgroups during stage 2 (the actual environment in which the applications run). Compromised containers could exploit this flaw to access host resources.
556 CVE-2019-10145 200 +Info 2019-06-03 2019-06-04
6.9
None Local Medium Not required Complete Complete Complete
rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`. Processes run with `rkt enter` do not have seccomp filtering during stage 2 (the actual environment in which the applications run). Compromised containers could exploit this flaw to access host resources.
557 CVE-2019-10144 200 +Info 2019-06-03 2019-06-04
6.9
None Local Medium Not required Complete Complete Complete
rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`. Processes run with `rkt enter` are given all capabilities during stage 2 (the actual environment in which the applications run). Compromised containers could exploit this flaw to access host resources.
558 CVE-2019-10143 264 +Priv 2019-05-24 2019-07-09
6.9
None Local Medium Not required Complete Complete Complete
** DISPUTED ** It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated "there is simply no way for anyone to gain privileges through this alleged issue."
559 CVE-2019-10141 89 DoS Sql 2019-07-30 2019-08-15
6.4
None Remote Low Not required None Partial Partial
A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's node_cache.find_node(). This function makes a SQL query using unfiltered data from a server reporting inspection results (by a POST to the /v1/continue endpoint). Because the API is unauthenticated, the flaw could be exploited by an attacker with access to the network on which ironic-inspector is listening. Because of how ironic-inspector uses the query results, it is unlikely that data could be obtained. However, the attacker could pass malicious data and create a denial of service.
560 CVE-2019-10138 284 2019-07-30 2019-08-07
6.5
None Remote Low Single system Partial Partial Partial
A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens.
561 CVE-2019-10135 20 Exec Code 2019-07-11 2019-07-18
6.5
None Remote Low Single system Partial Partial Partial
A flaw was found in the yaml.load() function in the osbs-client versions since 0.46 before 0.56.1. Insecure use of the yaml.load() function allowed the user to load any suspicious object for code execution via the parsing of malicious YAML files.
562 CVE-2019-10132 264 2019-05-22 2019-06-11
6.5
None Remote Low Single system Partial Partial Partial
A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons.
563 CVE-2019-10120 384 2019-07-10 2019-07-17
6.5
None Remote Low Single system Partial Partial Partial
On eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16, automatic login configuration (aka setAutoLogin) can be achieved by continuing to use a session ID after a logout, aka HMCCU-154.
564 CVE-2019-10103 20 2019-07-03 2019-07-12
6.8
None Remote Medium Not required Partial Partial Partial
JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/JVM Server) IDE Template were resolving Gradle artifacts using an http connection, potentially allowing an MITM attack. This issue, which was fixed in Kotlin plugin version 1.3.30, is similar to CVE-2019-10101.
565 CVE-2019-10102 20 2019-07-03 2019-07-12
6.8
None Remote Medium Not required Partial Partial Partial
JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed in Kotlin plugin version 1.3.30.
566 CVE-2019-10101 310 2019-07-03 2019-07-20
6.8
None Remote Medium Not required Partial Partial Partial
JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack.
567 CVE-2019-10094 119 Overflow 2019-08-02 2019-08-12
6.8
None Remote Medium Not required Partial Partial Partial
A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file (a quine), causes a StackOverflowError in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Apache Tika users should upgrade to 1.22 or later.
568 CVE-2019-10088 119 Overflow 2019-08-02 2019-08-12
6.8
None Remote Medium Not required Partial Partial Partial
A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Users should upgrade to 1.22 or later.
569 CVE-2019-10063 20 Exec Code Bypass 2019-03-26 2019-05-13
6.8
None Remote Medium Not required Partial Partial Partial
Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226 by using a seccomp filter to prevent sandboxed apps from using the TIOCSTI ioctl, which could otherwise be used to inject commands into the controlling terminal so that they would be executed outside the sandbox after the sandboxed app exits. This fix was incomplete: on 64-bit platforms, the seccomp filter could be bypassed by an ioctl request number that has TIOCSTI in its 32 least significant bits and an arbitrary nonzero value in its 32 most significant bits, which the Linux kernel would treat as equivalent to TIOCSTI.
570 CVE-2019-10060 119 Exec Code Overflow 2019-03-25 2019-03-28
6.8
None Remote Medium Not required Partial Partial Partial
The Verix Multi-app Conductor application 2.7 for Verifone Verix suffers from a buffer overflow vulnerability that allows attackers to execute arbitrary code via a long configuration key value. An attacker must be able to download files to the device in order to exploit this vulnerability.
571 CVE-2019-10058 284 2019-08-28 2019-08-29
6.4
None Remote Low Not required Partial Partial None
Various Lexmark products have Incorrect Access Control.
572 CVE-2019-10045 384 2019-05-31 2019-06-03
6.4
None Remote Low Not required Partial Partial None
The "action" get_sess_id in the web application of Pydio through 8.2.2 discloses the session cookie value in the response body, enabling scripts to get access to its value. This identifier can be reused by an attacker to impersonate a user and perform actions on behalf of him/her (if the session is still active).
573 CVE-2019-10044 20 2019-03-25 2019-04-07
6.8
None Remote Medium Not required Partial Partial Partial
Telegram Desktop before 1.5.12 on Windows, and the Telegram applications for Android, iOS, and Linux, is vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets.
574 CVE-2019-10012 434 Exec Code 2019-03-25 2019-04-07
6.0
None Remote Medium Single system Partial Partial Partial
Jenzabar JICS (aka Internet Campus Solution) before 9 allows remote attackers to upload and execute arbitrary .aspx code by placing it in a ZIP archive and using the MoxieManager (for .NET) plugin before 2.1.4 in the moxiemanager directory within the installation folder ICS\ICS.NET\ICSFileServer.
575 CVE-2019-10008 384 2019-04-24 2019-04-25
6.5
None Remote Low Single system Partial Partial Partial
Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privilege escalation because an established guest session is automatically converted into an established administrator session when the guest user enters the administrator username, with an arbitrary incorrect password, in an mc/ login attempt within a different browser tab.
576 CVE-2019-9977 20 Exec Code 2019-03-24 2019-04-07
6.8
None Remote Medium Not required Partial Partial Partial
The renderer process in the entertainment system on Tesla Model 3 vehicles mishandles JIT compilation, which allows attackers to trigger firmware code execution, and display a crafted message to vehicle occupants.
577 CVE-2019-9974 285 2019-04-11 2019-04-12
6.4
None Remote Low Not required Partial None Partial
diag_tool.cgi on DASAN H660RM GPON routers with firmware 1.03-0022 lacks any authorization check, which allows remote attackers to run a ping command via a GET request to enumerate LAN devices or crash the router with a DoS attack.
578 CVE-2019-9958 352 CSRF 2019-06-24 2019-07-03
6.8
None Remote Medium Not required Partial Partial Partial
CSRF within the admin panel in Quadbase EspressReport ES (ERES) v7.0 update 7 allows remote attackers to escalate privileges, or create new admin accounts by crafting a malicious web page that issues specific requests, using a target admin's session to process their requests.
579 CVE-2019-9956 119 DoS Exec Code Overflow 2019-03-23 2019-05-14
6.8
None Remote Medium Not required Partial Partial Partial
In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file.
580 CVE-2019-9948 254 Bypass 2019-03-23 2019-06-18
6.4
None Remote Low Not required Partial Partial None
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.
581 CVE-2019-9928 119 Exec Code Overflow 2019-04-24 2019-06-27
6.8
None Remote Medium Not required Partial Partial Partial
GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution.
582 CVE-2019-9920 264 2019-03-29 2019-04-01
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to perform an action within the context of the account of another user.
583 CVE-2019-9918 89 Sql 2019-03-29 2019-03-29
6.4
None Remote Low Not required Partial Partial None
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Input does not get validated and queries are not written in a way to prevent SQL injection. Therefore arbitrary SQL-Statements can be executed in the database.
584 CVE-2019-9894 320 2019-03-21 2019-04-26
6.4
None Remote Low Not required None Partial Partial
A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.
585 CVE-2019-9890 275 2019-04-17 2019-04-17
6.4
None Remote Low Not required Partial Partial None
An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions.
586 CVE-2019-9883 352 CSRF 2019-06-03 2019-06-04
6.8
None Remote Medium Not required Partial Partial Partial
Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account via useradmin/cf_new.cgi?chief=&wk_group=full&cf_name=test&cf_account=test&cf_email=&cf_acl=Management&apply_lang=&dn= without any authorizes.
587 CVE-2019-9882 352 CSRF 2019-06-03 2019-06-04
6.8
None Remote Medium Not required Partial Partial Partial
Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources into whitelist via user/save_list.php?ACSION=&type=email&category=white&locate=big5&cmd=add&[email protected]&new_memo=&add=%E6%96%B0%E5%A2%9E without any authorizes.
588 CVE-2019-9880 306 2019-06-10 2019-06-11
6.4
None Remote Low Not required Partial Partial None
An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such as email address, role, and username.
589 CVE-2019-9875 502 Exec Code CSRF 2019-05-31 2019-06-03
6.5
None Remote Low Single system Partial Partial Partial
Deserialization of Untrusted Data in the anti CSRF module in Sitecore through 9.1 allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in an HTTP POST parameter.
590 CVE-2019-9865 190 DoS Exec Code Overflow 2019-05-29 2019-05-29
6.8
None Remote Medium Not required Partial Partial Partial
When RPC is enabled in Wind River VxWorks 6.9 prior to 6.9.1, a specially crafted RPC request can trigger an integer overflow leading to an out-of-bounds memory copy. It may allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code.
591 CVE-2019-9858 94 Exec Code 2019-05-29 2019-06-16
6.5
None Remote Low Single system Partial Partial Partial
Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the Horde_Form_Type_image method onSubmit() is called on uploads, it invokes the functions getImage() and _getUpload(), which uses unsanitized user input as a path to save the image. The unsanitized POST parameter object[photo][img][file] is saved in the $upload[img][file] PHP variable, allowing an attacker to manipulate the $tmp_file passed to move_uploaded_file() to save the uploaded file. By setting the parameter to (for example) ../usr/share/horde/static/bd.php, one can write a PHP backdoor inside the web root. The static/ destination folder is a good candidate to drop the backdoor because it is always writable in Horde installations. (The unsanitized POST parameter went probably unnoticed because it's never submitted by the forms, which default to securely using a random path.)
592 CVE-2019-9847 20 2019-05-09 2019-05-10
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability in LibreOffice hyperlink processing allows an attacker to construct documents containing hyperlinks pointing to the location of an executable on the target users file system. If the hyperlink is activated by the victim the executable target is unconditionally launched. Under Windows and macOS when processing a hyperlink target explicitly activated by the user there was no judgment made on whether the target was an executable file, so such executable targets were launched unconditionally. This issue affects: All LibreOffice Windows and macOS versions prior to 6.1.6; LibreOffice Windows and macOS versions in the 6.2 series prior to 6.2.3.
593 CVE-2019-9842 434 Exec Code 2019-06-14 2019-06-19
6.5
None Remote Low Single system Partial Partial Partial
madskristensen MiniBlog through 2018-05-18 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in app_code/handlers/PostHandler.cs writes a decoded base64 string to a file without validating the extension.
594 CVE-2019-9821 416 2019-07-23 2019-07-26
6.8
None Remote Medium Not required Partial Partial Partial
A use-after-free vulnerability can occur in AssertWorkerThread due to a race condition with shared workers. This results in a potentially exploitable crash. This vulnerability affects Firefox < 67.
595 CVE-2019-9818 362 2019-07-23 2019-07-26
6.8
None Remote Medium Not required Partial Partial Partial
A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. *Note: this vulnerability only affects Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
596 CVE-2019-9815 362 2019-07-23 2019-07-29
6.8
None Remote Medium Not required Partial Partial Partial
If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads. *Note: users need to update to macOS 10.14.5 in order to take advantage of this change.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
597 CVE-2019-9813 704 2019-04-26 2019-05-13
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1.
598 CVE-2019-9810 119 Overflow 2019-04-26 2019-05-13
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1.
599 CVE-2019-9787 352 Exec Code XSS CSRF 2019-03-14 2019-03-31
6.8
None Remote Medium Not required Partial Partial Partial
WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elements is performed incorrectly, leading to XSS. The XSS results in administrative access, which allows arbitrary changes to .php files. This is related to wp-admin/includes/ajax-actions.php and wp-includes/comment.php.
600 CVE-2019-9744 384 2019-03-26 2019-06-05
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered on PHOENIX CONTACT FL NAT SMCS 8TX, FL NAT SMN 8TX, FL NAT SMN 8TX-M, and FL NAT SMN 8TX-M-DMG devices. There is unauthorized access to the WEB-UI by attackers arriving from the same source IP address as an authenticated user, because this IP address is used as a session identifier.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.