CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
901 CVE-2019-13326 125 Exec Code 2019-10-03 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of fields within Acroform objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8864.
902 CVE-2019-13325 125 Exec Code 2019-10-03 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of EPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8922.
903 CVE-2019-13324 125 Exec Code 2019-10-03 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TIFF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8782.
904 CVE-2019-13323 787 Exec Code 2019-10-03 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8783.
905 CVE-2019-13320 416 Exec Code 2019-10-04 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8814.
906 CVE-2019-13319 416 Exec Code 2019-10-04 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XFA forms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8669.
907 CVE-2019-13317 416 Exec Code 2019-10-04 2019-10-11
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate actions. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8759.
908 CVE-2019-13316 416 Exec Code 2019-10-04 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate actions. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8757.
909 CVE-2019-13315 416 Exec Code 2019-10-04 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8656.
910 CVE-2019-13312 125 2019-07-04 2019-07-08
6.8
None Remote Medium Not required Partial Partial Partial
block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based buffer over-read.
911 CVE-2019-13308 119 Overflow 2019-07-04 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCore/fourier.c in ComplexImage.
912 CVE-2019-13307 119 Overflow 2019-07-04 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows.
913 CVE-2019-13306 119 Overflow 2019-07-04 2019-08-16
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors.
914 CVE-2019-13305 119 Overflow 2019-07-04 2019-08-16
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy and an off-by-one error.
915 CVE-2019-13304 119 Overflow 2019-07-04 2019-08-16
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment.
916 CVE-2019-13303 125 2019-07-04 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/composite.c in CompositeImage.
917 CVE-2019-13302 125 2019-07-04 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/fourier.c in ComplexImages.
918 CVE-2019-13300 119 Overflow 2019-07-04 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns.
919 CVE-2019-13299 125 2019-07-04 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/pixel-accessor.h in GetPixelChannel.
920 CVE-2019-13298 119 Overflow 2019-07-04 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/pixel-accessor.h in SetPixelViaPixelInfo because of a MagickCore/enhance.c error.
921 CVE-2019-13297 125 2019-07-04 2019-08-16
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled.
922 CVE-2019-13295 125 2019-07-04 2019-08-16
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled.
923 CVE-2019-13290 119 Exec Code Overflow 2019-07-04 2019-07-10
6.8
None Remote Medium Not required Partial Partial Partial
Artifex MuPDF 1.15.0 has a heap-based buffer overflow in fz_append_display_node located at fitz/list-device.c, allowing remote attackers to execute arbitrary code via a crafted PDF file. This occurs with a large BDC property name that overflows the allocated size of a display list node.
924 CVE-2019-13289 416 2019-07-04 2019-07-09
6.8
None Remote Medium Not required Partial Partial Partial
In Xpdf 4.01.01, there is a use-after-free vulnerability in the function JBIG2Stream::close() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool.
925 CVE-2019-13283 119 DoS Overflow +Info 2019-07-04 2019-07-09
6.8
None Remote Medium Not required Partial Partial Partial
In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed-length copy. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact.
926 CVE-2019-13282 125 DoS +Info 2019-07-04 2019-07-09
6.8
None Remote Medium Not required Partial Partial Partial
In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in SampledFunction::transform in Function.cc when using a large index for samples. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact.
927 CVE-2019-13281 119 DoS Overflow +Info 2019-07-04 2019-07-09
6.8
None Remote Medium Not required Partial Partial Partial
In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DCTStream::decodeImage() in Stream.cc when writing to frameBuf memory. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service, an information leak, or possibly unspecified other impact.
928 CVE-2019-13280 119 Exec Code Overflow 2019-07-09 2019-07-15
6.5
None Remote Low Single system Partial Partial Partial
TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow while returning an error message to the user about failure to resolve a hostname during a ping or traceroute attempt. This allows an authenticated user to execute arbitrary code. The exploit can be exercised on the local intranet or remotely if remote administration is enabled.
929 CVE-2019-13262 119 Overflow 2019-07-04 2019-07-07
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x00000000003283eb.
930 CVE-2019-13261 119 Overflow 2019-07-04 2019-07-07
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000328384.
931 CVE-2019-13260 119 Overflow 2019-07-04 2019-07-07
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000327a07.
932 CVE-2019-13259 119 Overflow 2019-07-04 2019-07-07
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e566.
933 CVE-2019-13258 119 Overflow 2019-07-04 2019-07-07
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000328165.
934 CVE-2019-13257 119 Overflow 2019-07-04 2019-07-07
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x00000000003273aa.
935 CVE-2019-13256 119 Overflow 2019-07-04 2019-07-07
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e849.
936 CVE-2019-13255 119 Overflow 2019-07-04 2019-07-07
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000327464.
937 CVE-2019-13254 119 Overflow 2019-07-04 2019-07-07
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e808.
938 CVE-2019-13253 119 Overflow 2019-07-04 2019-07-07
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000385474.
939 CVE-2019-13252 119 Overflow 2019-07-04 2019-07-07
6.8
None Remote Medium Not required Partial Partial Partial
ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP_SetColorProfile+0x00000000001172b0.
940 CVE-2019-13251 119 Overflow 2019-07-04 2019-07-07
6.8
None Remote Medium Not required Partial Partial Partial
ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP_SetColorProfile+0x00000000000c47ff.
941 CVE-2019-13250 119 Overflow 2019-07-04 2019-07-07
6.8
None Remote Medium Not required Partial Partial Partial
ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP_SetColorProfile+0x00000000000b9c2f.
942 CVE-2019-13249 119 Overflow 2019-07-04 2019-07-07
6.8
None Remote Medium Not required Partial Partial Partial
ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP_SetColorProfile+0x00000000000b9e7a.
943 CVE-2019-13248 119 Overflow 2019-07-04 2019-07-07
6.8
None Remote Medium Not required Partial Partial Partial
ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!JPEGTransW+0x0000000000002450.
944 CVE-2019-13247 119 Overflow 2019-07-04 2019-07-07
6.8
None Remote Medium Not required Partial Partial Partial
ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!JPEGTransW+0x00000000000024ed.
945 CVE-2019-13246 119 Overflow 2019-07-04 2019-07-08
6.8
None Remote Medium Not required Partial Partial Partial
FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x00000000001a9601.
946 CVE-2019-13245 119 Overflow 2019-07-04 2019-07-08
6.8
None Remote Medium Not required Partial Partial Partial
FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x00000000001a95b1.
947 CVE-2019-13244 119 Overflow 2019-07-04 2019-07-08
6.8
None Remote Medium Not required Partial Partial Partial
FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x0000000000002d7d.
948 CVE-2019-13243 119 Overflow 2019-07-04 2019-07-08
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView 4.52 has a User Mode Write AV starting at image00400000+0x00000000000249c6.
949 CVE-2019-13242 119 Overflow 2019-07-04 2019-07-08
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView 4.52 has a User Mode Write AV starting at image00400000+0x0000000000013a98.
950 CVE-2019-13241 20 Dir. Trav. 2019-07-04 2019-07-15
6.8
None Remote Medium Not required Partial Partial Partial
FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.