CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
801 CVE-2019-9136 119 Exec Code Overflow 2019-04-25 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
DaviewIndy 8.98.7 and earlier versions have a Heap-based overflow vulnerability, triggered when the user opens a malformed JPEG2000 format file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.
802 CVE-2019-9135 119 Exec Code Overflow 2019-04-25 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
DaviewIndy 8.98.7 and earlier versions have a Heap-based overflow vulnerability, triggered when the user opens a malformed DIB format file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.
803 CVE-2019-9132 20 Exec Code 2019-04-01 2019-04-02
6.8
None Remote Medium Not required Partial Partial Partial
Remote code execution vulnerability exists in KaKaoTalk PC messenger when user clicks specially crafted link in the message window. This affects KaKaoTalk windows version 2.7.5.2024 or lower.
804 CVE-2019-9077 119 Overflow 2019-02-23 2019-05-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.
805 CVE-2019-9075 119 Overflow 2019-02-23 2019-05-23
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.
806 CVE-2019-9070 125 2019-02-23 2019-05-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls.
807 CVE-2019-9056 74 2019-04-11 2019-04-12
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in CMS Made Simple 2.2.8. In the module FrontEndUsers (in the file class.FrontEndUsersManipulate.php or class.FrontEndUsersManipulator.php), it is possible to reach an unserialize call with an untrusted __FEU__ cookie, and achieve authenticated object injection.
808 CVE-2019-9053 89 Sql 2019-03-26 2019-04-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
809 CVE-2019-9042 434 Exec Code 2019-02-23 2019-04-16
6.5
None Remote Low Single system Partial Partial Partial
** DISPUTED ** An issue was discovered in Sitemagic CMS v4.4. In the index.php?SMExt=SMFiles URI, the user can upload a .php file to execute arbitrary code, as demonstrated by 404.php. This can only occur if the administrator neglects to set FileExtensionFilter and there are untrusted user accounts. NOTE: The maintainer states that this is not a vulnerability but a feature used in conjunction with External Modules.
810 CVE-2019-9008 732 2019-09-17 2019-09-17
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30. A user with low privileges can take full control over the runtime.
811 CVE-2019-9005 22 Dir. Trav. 2019-04-18 2019-04-19
6.8
None Remote Low Single system Complete None None
The Cprime Power Scripts app before 4.0.14 for Atlassian Jira allows Directory Traversal.
812 CVE-2019-8992 434 Exec Code 2019-04-24 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
The administrative server component of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains a vulnerability wherein a user without privileges to upload distributed application archives ("Upload DAA" permission) can theoretically upload arbitrary code, and in some circumstances then execute that code on ActiveMatrix Service Grid nodes. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, TIBCO ActiveMatrix Policy Director: versions up to and including 1.1.0, TIBCO ActiveMatrix Service Bus: versions up to and including 3.3.0, TIBCO ActiveMatrix Service Grid: versions up to and including 3.3.1, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric: versions up to and including 3.3.0, TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid: versions up to and including 1.3.1.
813 CVE-2019-8991 352 XSS CSRF 2019-04-24 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
The administrator web interface of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains multiple vulnerabilities that may allow for cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, TIBCO ActiveMatrix Policy Director: versions up to and including 1.1.0, TIBCO ActiveMatrix Service Bus: versions up to and including 3.3.0, TIBCO ActiveMatrix Service Grid: versions up to and including 3.3.1, TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid: versions up to and including 1.3.1.
814 CVE-2019-8990 287 2019-04-09 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
The HTTP Connector component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks contains a vulnerability that theoretically allows unauthenticated HTTP requests to be processed by the BusinessWorks engine even when authentication is required. This possibility is restricted to circumstances where HTTP "Basic Authentication" policy is used in conjunction with an XML Authentication resource. The BusinessWorks engine might instead use credentials from a prior HTTP request for authorization purposes. Affected releases are TIBCO Software Inc. TIBCO ActiveMatrix BusinessWorks: versions up to and including 6.4.2.
815 CVE-2019-8978 362 DoS 2019-05-14 2019-05-16
6.8
None Remote Medium Not required Partial Partial Partial
An improper authentication vulnerability can be exploited through a race condition that occurs in Ellucian Banner Web Tailor 8.8.3, 8.8.4, and 8.9 and Banner Enterprise Identity Services 8.3, 8.3.1, 8.3.2, and 8.4, in conjunction with SSO Manager. This vulnerability allows remote attackers to steal a victim's session (and cause a denial of service) by repeatedly requesting the initial Banner Web Tailor main page with the IDMSESSID cookie set to the victim's UDCID, which in the case tested is the institutional ID. During a login attempt by a victim, the attacker can leverage the race condition and will be issued the SESSID that was meant for this victim.
816 CVE-2019-8942 94 Exec Code 2019-02-19 2019-04-25
6.5
None Remote Low Single system Partial Partial Partial
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943.
817 CVE-2019-8907 119 DoS Overflow 2019-02-18 2019-04-12
6.8
None Remote Medium Not required Partial Partial Partial
do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact.
818 CVE-2019-8906 125 2019-02-18 2019-04-16
6.8
None Remote Medium Not required Partial Partial Partial
do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.
819 CVE-2019-8905 125 2019-02-18 2019-04-12
6.8
None Remote Medium Not required Partial Partial Partial
do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.
820 CVE-2019-8461 426 2019-08-29 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed. An attacker can leverage this to gain LPE using a specially crafted DLL placed in any PATH location accessible with write permissions to the user.
821 CVE-2019-8454 264 2019-04-29 2019-10-09
6.9
None Local Medium Not required Complete Complete Complete
A local attacker can create a hard-link between a file to which the Check Point Endpoint Security client for Windows before E80.96 writes and another BAT file, then by impersonating the WPAD server, the attacker can write BAT commands into that file that will later be run by the user or the system.
822 CVE-2019-8451 918 2019-09-11 2019-09-12
6.4
None Remote Low Not required Partial Partial None
The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class.
823 CVE-2019-8443 284 2019-05-22 2019-05-27
6.8
None Remote Medium Not required Partial Partial Partial
The ViewUpgrades resource in Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers who have obtained access to administrator's session to access the ViewUpgrades administrative resource without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability.
824 CVE-2019-8383 119 DoS Overflow 2019-02-16 2019-05-09
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in AdvanceCOMP through 2.1. An invalid memory address occurs in the function adv_png_unfilter_8 in lib/png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file.
825 CVE-2019-8381 119 DoS Overflow 2019-02-16 2019-03-29
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs in do_checksum in checksum.c. It can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
826 CVE-2019-8379 476 DoS 2019-02-16 2019-05-09
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in AdvanceCOMP through 2.1. A NULL pointer dereference exists in the function be_uint32_read() located in endianrw.h. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file.
827 CVE-2019-8377 476 DoS 2019-02-16 2019-03-29
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_ipv6_l4proto() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
828 CVE-2019-8376 476 DoS 2019-02-16 2019-03-29
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_layer4_v6() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
829 CVE-2019-8324 20 2019-06-17 2019-07-21
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check.
830 CVE-2019-8292 306 2019-10-01 2019-10-07
6.4
None Remote Low Not required None Partial Partial
Online Store System v1.0 delete_product.php doesn't check to see if a user authtenticated or has administrative rights allowing arbitrary product deletion.
831 CVE-2019-8291 22 Dir. Trav. 2019-10-01 2019-10-07
6.4
None Remote Low Not required None Partial Partial
Online Store System v1.0 delete_file.php doesn't check to see if a user has administrative rights nor does it check for path traversal.
832 CVE-2019-8076 426 Exec Code 2019-09-12 2019-09-13
6.8
None Remote Medium Not required Partial Partial Partial
Adobe application manager installer version 10.0 have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.
833 CVE-2019-8062 426 Exec Code 2019-08-14 2019-08-20
6.8
None Remote Medium Not required Partial Partial Partial
Adobe After Effects versions 16 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution.
834 CVE-2019-8057 416 Exec Code 2019-08-20 2019-08-22
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
835 CVE-2019-8039 416 Exec Code 2019-08-20 2019-08-22
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
836 CVE-2019-8038 416 Exec Code 2019-08-20 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
837 CVE-2019-8034 416 Exec Code 2019-08-20 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
838 CVE-2019-8033 416 Exec Code 2019-08-20 2019-08-22
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
839 CVE-2019-8027 787 Exec Code 2019-08-20 2019-08-22
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
840 CVE-2019-8019 704 Exec Code 2019-08-20 2019-08-22
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .
841 CVE-2019-8014 119 Exec Code Overflow 2019-08-20 2019-08-22
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .
842 CVE-2019-8013 416 Exec Code 2019-08-20 2019-08-22
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
843 CVE-2019-8008 787 Exec Code 2019-08-20 2019-08-22
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
844 CVE-2019-7996 125 2019-08-26 2019-08-27
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak.
845 CVE-2019-7995 125 2019-08-26 2019-08-27
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak.
846 CVE-2019-7991 125 2019-08-26 2019-08-27
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak.
847 CVE-2019-7989 77 Exec Code 2019-08-26 2019-08-27
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
848 CVE-2019-7988 787 Exec Code 2019-08-26 2019-08-27
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.
849 CVE-2019-7986 787 Exec Code 2019-08-26 2019-08-27
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.
850 CVE-2019-7985 119 Exec Code Overflow 2019-08-26 2019-08-27
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.