CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
851 CVE-2019-5831 119 Overflow 2019-06-27 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
852 CVE-2019-5829 416 Overflow 2019-06-27 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in download manager in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
853 CVE-2019-5828 416 2019-06-27 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
854 CVE-2019-5827 190 Overflow 2019-06-27 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
855 CVE-2019-5824 119 Overflow 2019-06-27 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
856 CVE-2019-5822 284 Bypass 2019-06-27 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
857 CVE-2019-5821 190 Overflow 2019-06-27 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
858 CVE-2019-5820 190 Overflow 2019-06-27 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
859 CVE-2019-5817 119 Overflow 2019-06-27 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
860 CVE-2019-5816 664 2019-06-27 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Process lifetime issue in Chrome in Google Chrome on Android prior to 74.0.3729.108 allowed a remote attacker to potentially persist an exploited process via a crafted HTML page.
861 CVE-2019-5813 416 2019-06-27 2019-06-28
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
862 CVE-2019-5811 19 Bypass 2019-06-27 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
863 CVE-2019-5809 416 2019-06-27 2019-07-01
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in file chooser in Google Chrome prior to 74.0.3729.108 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page.
864 CVE-2019-5808 416 2019-06-27 2019-06-28
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
865 CVE-2019-5807 119 Overflow 2019-06-27 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Object lifetime issue in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
866 CVE-2019-5806 190 Overflow 2019-06-27 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
867 CVE-2019-5795 190 Overflow 2019-05-23 2019-06-28
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file.
868 CVE-2019-5792 190 Overflow 2019-05-23 2019-06-28
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file.
869 CVE-2019-5791 125 2019-05-23 2019-06-28
6.8
None Remote Medium Not required Partial Partial Partial
Inappropriate optimization in V8 in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
870 CVE-2019-5790 190 Exec Code Overflow 2019-05-23 2019-06-28
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow leading to an incorrect capacity of a buffer in JavaScript in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
871 CVE-2019-5782 20 Exec Code 2019-02-19 2019-04-17
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
872 CVE-2019-5774 20 Exec Code 2019-02-19 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed an attacker who convinced a user to download a .desktop file to execute arbitrary code via a downloaded .desktop file.
873 CVE-2019-5772 416 2019-02-19 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
Sharing of objects over calls into JavaScript runtime in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
874 CVE-2019-5771 119 Exec Code Overflow 2019-02-19 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
875 CVE-2019-5770 125 2019-02-19 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient input validation in WebGL in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
876 CVE-2019-5769 20 2019-02-19 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect handling of invalid end character position when front rendering in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
877 CVE-2019-5764 416 2019-02-19 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect pointer management in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
878 CVE-2019-5763 20 2019-02-19 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
Failure to check error conditions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
879 CVE-2019-5762 119 Exec Code Overflow 2019-02-19 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
880 CVE-2019-5761 416 2019-02-19 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect object lifecycle management in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
881 CVE-2019-5760 416 2019-02-19 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
882 CVE-2019-5759 416 2019-02-19 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
883 CVE-2019-5758 416 2019-02-19 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
884 CVE-2019-5757 704 2019-02-19 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.
885 CVE-2019-5756 416 Exec Code 2019-02-19 2019-04-17
6.8
None Remote Medium Not required Partial Partial Partial
Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
886 CVE-2019-5674 264 DoS Exec Code 2019-03-28 2019-04-18
6.9
None Local Medium Not required Complete Complete Complete
NVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is enabled. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges.
887 CVE-2019-5672 320 2019-04-11 2019-04-25
6.4
None Remote Low Not required Partial Partial None
NVIDIA Jetson TX1 and TX2 contain a vulnerability in the Linux for Tegra (L4T) operating system (on all versions prior to R28.3) where the Secure Shell (SSH) keys provided in the sample rootfs are not replaced by unique host keys after sample rootsfs generation and flashing, which may lead to information disclosure.
888 CVE-2019-5638 613 2019-08-21 2019-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credential leak, that user account's current session is still valid after the password change, potentially allowing the attacker who originally compromised the credential to remain logged in and able to cause further damage.
889 CVE-2019-5630 352 CSRF 2019-07-03 2019-07-05
6.8
None Remote Medium Not required Partial Partial Partial
A Cross-Site Request Forgery (CSRF) vulnerability was found in Rapid7 Nexpose InsightVM Security Console versions 6.5.0 through 6.5.68. This issue allows attackers to exploit CSRF vulnerabilities on API endpoints using Flash to circumvent a cross-domain pre-flight OPTIONS request.
890 CVE-2019-5624 22 Exec Code Dir. Trav. 2019-04-30 2019-05-02
6.5
None Remote Low Single system Partial Partial Partial
Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in the Zip import function of Metasploit. Exploiting this vulnerability can allow an attacker to execute arbitrary code in Metasploit at the privilege level of the user running Metasploit. This issue affects: Rapid7 Metasploit Framework version 4.14.0 and prior versions.
891 CVE-2019-5609 119 Overflow 2019-08-30 2019-09-10
6.4
None Remote Low Not required None Partial Partial
In FreeBSD 12.0-STABLE before r350619, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350619, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bhyve e1000 device emulation used a guest-provided value to determine the size of the on-stack buffer without validation when TCP segmentation offload is requested for a transmitted packet. A misbehaving bhyve guest could overwrite memory in the bhyve process on the host.
892 CVE-2019-5605 200 +Info 2019-07-25 2019-08-14
6.8
None Remote Low Single system Complete None None
In FreeBSD 11.3-STABLE before r350217, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, due to insufficient initialization of memory copied to userland in the freebsd32_ioctl interface, small amounts of kernel memory may be disclosed to userland processes. This may allow an attacker to leverage this information to obtain elevated privileges either directly or indirectly.
893 CVE-2019-5597 20 Bypass 2019-05-15 2019-06-11
6.4
None Remote Low Not required None Partial Partial
In FreeBSD 11.3-PRERELEASE and 12.0-STABLE before r347591, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in the pf IPv6 fragment reassembly logic incorrectly uses the last extension header offset from the last received packet instead of the first packet allowing maliciously crafted IPv6 packets to cause a crash or potentially bypass the packet filter.
894 CVE-2019-5530 20 2019-08-28 2019-09-04
6.8
None Remote Medium Not required Partial Partial Partial
Windows binaries generated with InstallBuilder versions earlier than 19.7.0 are vulnerable to tampering even if they contain a valid Authenticode signature.
895 CVE-2019-5514 20 Exec Code 2019-04-01 2019-04-04
6.8
None Remote Medium Not required Partial Partial Partial
VMware VMware Fusion (11.x before 11.0.3) contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket. An attacker may exploit this issue by tricking the host user to execute a JavaScript to perform unauthorized functions on the guest machine where VMware Tools is installed. This may further be exploited to execute commands on the guest machines.
896 CVE-2019-5502 310 2019-08-05 2019-08-12
6.4
None Remote Low Not required Partial Partial None
SMB in Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 has weak cryptography which when exploited could lead to information disclosure or addition or modification of data.
897 CVE-2019-5473 287 Bypass 2019-09-09 2019-09-10
6.5
None Remote Low Single system Partial Partial Partial
An authentication issue was discovered in GitLab that allowed a bypass of email verification. This was addressed in GitLab 12.1.2 and 12.0.4.
898 CVE-2019-5440 338 Bypass 2019-05-28 2019-05-31
6.8
None Remote Medium Not required Partial Partial Partial
Use of cryptographically weak PRNG in the password recovery token generation of Revive Adserver < v4.2.1 causes a potential authentication bypass attack if an attacker exploits the password recovery functionality. In lib/OA/Dal/PasswordRecovery.php, the function generateRecoveryId() generates a password reset token that relies on the PHP uniqid function and consequently depends only on the current server time, which is often visible in an HTTP Date header.
899 CVE-2019-5430 352 CSRF 2019-05-06 2019-05-06
6.8
None Remote Medium Not required Partial Partial Partial
In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, it is possible to abuse the Web API to make changes on the server configuration without the user consent, requiring the attacker to lure an authenticated user to access on attacker controlled page.
900 CVE-2019-5429 426 +Priv 2019-04-29 2019-05-09
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacker to gain privileges via a malicious 'fzsftp' binary in the user's home directory.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.