CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
651 CVE-2019-8443 284 2019-05-22 2019-05-27
6.8
None Remote Medium Not required Partial Partial Partial
The ViewUpgrades resource in Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers who have obtained access to administrator's session to access the ViewUpgrades administrative resource without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability.
652 CVE-2019-8383 119 DoS Overflow 2019-02-16 2019-05-09
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in AdvanceCOMP through 2.1. An invalid memory address occurs in the function adv_png_unfilter_8 in lib/png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file.
653 CVE-2019-8381 119 DoS Overflow 2019-02-16 2019-03-29
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs in do_checksum in checksum.c. It can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
654 CVE-2019-8379 476 DoS 2019-02-16 2019-05-09
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in AdvanceCOMP through 2.1. A NULL pointer dereference exists in the function be_uint32_read() located in endianrw.h. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file.
655 CVE-2019-8377 476 DoS 2019-02-16 2019-03-29
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_ipv6_l4proto() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
656 CVE-2019-8376 476 DoS 2019-02-16 2019-03-29
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_layer4_v6() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
657 CVE-2019-8324 20 2019-06-17 2019-07-21
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check.
658 CVE-2019-8076 426 Exec Code 2019-09-12 2019-09-13
6.8
None Remote Medium Not required Partial Partial Partial
Adobe application manager installer version 10.0 have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.
659 CVE-2019-8062 426 Exec Code 2019-08-14 2019-08-20
6.8
None Remote Medium Not required Partial Partial Partial
Adobe After Effects versions 16 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution.
660 CVE-2019-8057 416 Exec Code 2019-08-20 2019-08-22
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
661 CVE-2019-8039 416 Exec Code 2019-08-20 2019-08-22
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
662 CVE-2019-8038 416 Exec Code 2019-08-20 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
663 CVE-2019-8034 416 Exec Code 2019-08-20 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
664 CVE-2019-8033 416 Exec Code 2019-08-20 2019-08-22
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
665 CVE-2019-8027 787 Exec Code 2019-08-20 2019-08-22
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
666 CVE-2019-8019 704 Exec Code 2019-08-20 2019-08-22
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .
667 CVE-2019-8014 119 Exec Code Overflow 2019-08-20 2019-08-22
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .
668 CVE-2019-8013 416 Exec Code 2019-08-20 2019-08-22
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
669 CVE-2019-8008 787 Exec Code 2019-08-20 2019-08-22
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
670 CVE-2019-7996 125 2019-08-26 2019-08-27
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak.
671 CVE-2019-7995 125 2019-08-26 2019-08-27
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak.
672 CVE-2019-7991 125 2019-08-26 2019-08-27
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak.
673 CVE-2019-7989 77 Exec Code 2019-08-26 2019-08-27
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
674 CVE-2019-7988 787 Exec Code 2019-08-26 2019-08-27
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.
675 CVE-2019-7986 787 Exec Code 2019-08-26 2019-08-27
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.
676 CVE-2019-7985 119 Exec Code Overflow 2019-08-26 2019-08-27
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
677 CVE-2019-7984 787 Exec Code 2019-08-26 2019-08-27
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.
678 CVE-2019-7983 787 Exec Code 2019-08-26 2019-08-27
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.
679 CVE-2019-7982 787 Exec Code 2019-08-26 2019-08-27
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.
680 CVE-2019-7980 119 Exec Code Overflow 2019-08-26 2019-08-28
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
681 CVE-2019-7979 787 Exec Code 2019-08-26 2019-08-28
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.
682 CVE-2019-7978 119 Exec Code Overflow 2019-08-26 2019-08-28
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
683 CVE-2019-7961 426 Exec Code 2019-08-14 2019-08-20
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Prelude CC versions 8.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution.
684 CVE-2019-7956 426 2019-07-18 2019-07-19
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Dreamweaver direct download installer versions 19.0 and below, 18.0 and below have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Privilege Escalation in the context of the current user.
685 CVE-2019-7942 94 Exec Code 2019-08-02 2019-08-07
6.5
None Remote Low Single system Partial Partial Partial
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create or edit a product can execute arbitrary code via malicious XML layout updates.
686 CVE-2019-7932 94 Exec Code 2019-08-02 2019-08-08
6.5
None Remote Low Single system Partial Partial Partial
A remote code execution vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create sitemaps can execute arbitrary PHP code by creating a malicious sitemap file.
687 CVE-2019-7931 426 Exec Code 2019-08-14 2019-08-20
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Premiere Pro CC versions 13.1.2 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution.
688 CVE-2019-7923 918 Exec Code 2019-08-02 2019-08-07
6.5
None Remote Low Single system Partial Partial Partial
A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by authenticated user with admin privileges to manipulate shipment settings to execute arbitrary code.
689 CVE-2019-7913 918 Exec Code 2019-08-02 2019-08-07
6.5
None Remote Low Single system Partial Partial Partial
A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with admin privileges to manipulate shipment methods to execute arbitrary code.
690 CVE-2019-7912 434 Bypass 2019-08-02 2019-08-08
6.5
None Remote Low Single system Partial Partial Partial
A file upload filter bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with admin privileges to edit configuration keys to remove file extension filters, potentially resulting in the malicious upload and execution of malicious files on the server.
691 CVE-2019-7911 918 Exec Code 2019-08-02 2019-08-08
6.5
None Remote Low Single system Partial Partial Partial
A server-side request forgery (SSRF) vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to the admin panel to manipulate system configuration and execute arbitrary code.
692 CVE-2019-7903 94 Exec Code 2019-08-02 2019-08-08
6.5
None Remote Low Single system Partial Partial Partial
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to email templates can execute arbitrary code by previewing a malicious template.
693 CVE-2019-7896 20 Exec Code 2019-08-02 2019-08-07
6.5
None Remote Low Single system Partial Partial Partial
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to layouts can execute arbitrary code through a combination of product import, crafted csv file and XML layout update.
694 CVE-2019-7895 20 Exec Code 2019-08-02 2019-08-08
6.5
None Remote Low Single system Partial Partial Partial
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to layouts can execute arbitrary code through a crafted XML layout update.
695 CVE-2019-7892 918 Exec Code 2019-08-02 2019-08-07
6.5
None Remote Low Single system Partial Partial Partial
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to access shipment settings can execute arbitrary code via server-side request forgery.
696 CVE-2019-7885 20 Exec Code 2019-08-02 2019-08-07
6.5
None Remote Low Single system Partial Partial Partial
Insufficient input validation in the config builder of the Elastic search module could lead to remote code execution in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This vulnerability could be abused by an authenticated user with the ability to configure the catalog search.
697 CVE-2019-7876 20 Exec Code 2019-08-02 2019-08-07
6.5
None Remote Low Single system Partial Partial Partial
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manipulate layouts can insert a malicious payload into the layout.
698 CVE-2019-7871 254 Exec Code Bypass 2019-08-02 2019-08-07
6.5
None Remote Low Single system Partial Partial Partial
A security bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 that could be abused to execute arbitrary PHP code. An authenticated user can bypass security protections that prevent arbitrary PHP script upload via form data injection.
699 CVE-2019-7870 426 Exec Code 2019-08-14 2019-08-20
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Character Animator versions 2.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution.
700 CVE-2019-7865 352 CSRF 2019-08-02 2019-08-06
6.8
None Remote Medium Not required Partial Partial Partial
A cross-site request forgery (CSRF) vulnerability exists in the checkout cart item of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited at the time of editing or configuration.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.