CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
951 CVE-2019-13229 59 2019-07-04 2019-08-14
6.6
None Local Low Not required None Complete Complete
deepin-clone before 1.1.3 uses a fixed path /tmp/partclone.log in the Helper::getPartitionSizeInfo() function to write a log file as root, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker controlled.
952 CVE-2019-13228 59 2019-07-04 2019-07-27
6.6
None Local Medium Not required Partial Complete Complete
deepin-clone before 1.1.3 uses a fixed path /tmp/repo.iso in the BootDoctor::fix() function to download an ISO file, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker controlled. By winning a race condition to replace the /tmp/repo.iso symlink by an attacker controlled ISO file, further privilege escalation may be possible.
953 CVE-2019-13227 59 2019-07-04 2019-07-27
6.6
None Local Low Not required None Complete Complete
In GUI mode, deepin-clone before 1.1.3 creates a log file at the fixed path /tmp/.deepin-clone.log as root, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker controlled.
954 CVE-2019-13226 59 2019-07-04 2019-07-27
6.9
None Local Medium Not required Complete Complete Complete
deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/<block-dev-basename> in the Helper::temporaryMountDevice() function to temporarily mount a file system as root. An unprivileged user can prepare a symlink at this location to have the file system mounted in an arbitrary location. By winning a race condition, the attacker can also enter the mount point, thereby preventing a subsequent unmount of the file system.
955 CVE-2019-13221 119 DoS Exec Code Overflow 2019-08-15 2019-08-20
6.8
None Remote Medium Not required Partial Partial Partial
A stack buffer overflow in the compute_codewords function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file.
956 CVE-2019-13217 119 DoS Exec Code Overflow 2019-08-15 2019-08-20
6.8
None Remote Medium Not required Partial Partial Partial
A heap buffer overflow in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file.
957 CVE-2019-13183 352 CSRF 2019-07-07 2019-07-09
6.8
None Remote Medium Not required Partial Partial Partial
Flarum before 0.1.0-beta.9 allows CSRF against all POST endpoints, as demonstrated by changing admin settings.
958 CVE-2019-13178 362 2019-07-02 2019-08-12
6.8
None Remote Medium Not required Partial Partial Partial
modules/luksbootkeyfile/main.py in Calamares versions 3.1 through 3.2.10 has a race condition between the time when the LUKS encryption keyfile is created and when secure permissions are set.
959 CVE-2019-13173 20 2019-07-02 2019-08-12
6.4
None Remote Low Not required None Partial Partial
fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable.
960 CVE-2019-13155 77 2019-07-02 2019-07-02
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the IP Address in Add Virtual Server.
961 CVE-2019-13154 77 2019-07-02 2019-07-02
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the TCP Ports To Open in Add Gaming Rule.
962 CVE-2019-13153 77 2019-07-02 2019-07-02
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the Private Port in Add Virtual Server.
963 CVE-2019-13152 77 2019-07-02 2019-07-02
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the IP Address in Add Gaming Rule.
964 CVE-2019-13151 77 2019-07-02 2019-07-02
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the action set_sta_enrollee_pin_5g and the key wps_sta_enrollee_pin.
965 CVE-2019-13150 77 2019-07-02 2019-07-02
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication). The command injection exists in the key ip_addr.
966 CVE-2019-13149 77 2019-07-02 2019-07-02
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the key passwd in Routing RIP Settings.
967 CVE-2019-13148 77 2019-07-02 2019-07-02
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the UDP Ports To Open in Add Gaming Rule.
968 CVE-2019-13142 264 2019-07-09 2019-07-15
6.6
None Local Low Not required None Complete Complete
The RzSurroundVADStreamingService (RzSurroundVADStreamingService.exe) in Razer Surround 1.1.63.0 runs as the SYSTEM user using an executable located in %PROGRAMDATA%\Razer\Synapse\Devices\Razer Surround\Driver\. The DACL on this folder allows any user to overwrite contents of files in this folder, resulting in Elevation of Privilege.
969 CVE-2019-13136 190 Overflow 2019-07-01 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick before 7.0.8-50 has an integer overflow vulnerability in the function TIFFSeekCustomStream in coders/tiff.c.
970 CVE-2019-13135 20 2019-07-01 2019-08-16
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c.
971 CVE-2019-13125 264 2019-07-01 2019-07-10
6.8
None Remote Medium Not required Partial Partial Partial
HaboMalHunter through 2.0.0.3 in Tencent Habo allows attackers to evade dynamic malware analysis via PIE compilation.
972 CVE-2019-13105 415 2019-08-06 2019-08-13
6.8
None Remote Medium Not required Partial Partial Partial
Das U-Boot versions 2019.07-rc1 through 2019.07-rc4 can double-free a cached block of data when listing files in a crafted ext4 filesystem.
973 CVE-2019-13104 119 Overflow 2019-08-06 2019-10-01
6.8
None Remote Medium Not required Partial Partial Partial
In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem.
974 CVE-2019-13103 399 2019-07-29 2019-08-06
6.4
None Remote Low Not required None Partial Partial
A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data.
975 CVE-2019-13085 787 2019-06-30 2019-07-03
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000030ecfa.
976 CVE-2019-13084 787 2019-06-30 2019-07-03
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000026b739.
977 CVE-2019-13083 787 2019-06-30 2019-07-03
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000384e2a.
978 CVE-2019-13071 352 CSRF 2019-07-10 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
CSRF in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows an attacker to submit POST requests to any forms in the web application. This can be exploited by tricking an authenticated user into visiting an attacker controlled web page.
979 CVE-2019-13056 352 CSRF 2019-07-02 2019-07-03
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in CyberPanel through 1.8.4. On the user edit page, an attacker can edit the administrator's e-mail and password because of the lack of CSRF protection.
980 CVE-2019-13051 78 2019-10-09 2019-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Pi-Hole 4.3 allows Command Injection.
981 CVE-2019-13045 416 2019-06-29 2019-07-03
6.8
None Remote Medium Not required Partial Partial Partial
Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when SASL is enabled, has a use after free when sending SASL login to the server.
982 CVE-2019-13031 611 2019-06-28 2019-08-26
6.8
None Remote Medium Not required Partial Partial Partial
LemonLDAP::NG before 1.9.20 has an XML External Entity (XXE) issue when submitting a notification to the notification server. By default, the notification server is not enabled and has a "deny all" rule.
983 CVE-2019-13030 284 2019-08-14 2019-08-28
6.4
None Remote Low Not required Partial None Partial
eQ-3 Homematic CCU3 AddOn 'Mediola NEO Server for Homematic CCU3' prior to 2.4.5 allows uncontrolled admin access to start or stop the Node.js process, resulting in the ability to obtain mediola configuration details. This is related to improper access control for addons configuration pages and a missing check in rc.d/97NeoServer.
984 CVE-2019-13028 284 Exec Code 2019-06-28 2019-07-05
6.8
None Remote Medium Not required Partial Partial Partial
An incorrect implementation of a local web server in eID client (Windows version before 3.1.2, Linux version before 3.0.3) allows remote attackers to execute arbitrary code (.cgi, .pl, or .php) or delete arbitrary files via a crafted HTML page. This is a product from the Ministry of Interior of the Slovak Republic.
985 CVE-2019-13020 918 2019-08-26 2019-09-06
6.4
None Remote Low Not required Partial Partial None
The fetch API in Tightrope Media Carousel before 7.1.3 has CarouselAPI/v0/fetch?url= SSRF. This has two potential areas for abuse. First, a specially crafted URL could be used in a phishing attack to hijack the trust the user and the browser have with the website and could serve malicious content from a third-party attacker-controlled system. Second, arguably more severe, is the potential for an attacker to circumvent firewall controls, by proxying traffic, unauthenticated, into the internal network from the internet.
986 CVE-2019-12994 918 2019-08-08 2019-08-16
6.5
None Remote Low Single system Partial Partial Partial
Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL.
987 CVE-2019-12981 119 Overflow 2019-06-26 2019-07-02
6.8
None Remote Medium Not required Partial Partial Partial
Ming (aka libming) 0.4.8 has an "fill overflow" vulnerability in the function SWFShape_setLeftFillStyle in blocks/shape.c.
988 CVE-2019-12979 665 2019-06-26 2019-06-28
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the SyncImageSettings function in MagickCore/image.c. This is related to AcquireImage in magick/image.c.
989 CVE-2019-12978 665 2019-06-26 2019-06-28
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the ReadPANGOImage function in coders/pango.c.
990 CVE-2019-12977 665 2019-06-26 2019-06-28
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the WriteJP2Image function in coders/jp2.c.
991 CVE-2019-12961 74 2019-06-25 2019-06-25
6.8
None Remote Medium Not required Partial Partial Partial
LiveZilla Server before 8.0.1.1 is vulnerable to CSV Injection in the Export Function.
992 CVE-2019-12959 918 2019-08-08 2019-08-16
6.5
None Remote Low Single system Partial Partial Partial
Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL in a parameter.
993 CVE-2019-12957 125 DoS +Info 2019-06-24 2019-06-25
6.8
None Remote Medium Not required Partial Partial Partial
In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C::convertToType1 in fofi/FoFiType1C.cc when the index number is larger than the charset array bounds. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact.
994 CVE-2019-12948 749 DoS Exec Code 2019-07-29 2019-08-06
6.5
None Remote Low Single system Partial Partial Partial
A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote attacker with admin privileges to cause a denial of service (DoS) condition or execute arbitrary code.
995 CVE-2019-12936 20 2019-06-23 2019-10-09
6.0
None Remote Medium Single system Partial Partial Partial
BlueStacks App Player 2, 3, and 4 before 4.90 allows DNS Rebinding for attacks on exposed IPC functions.
996 CVE-2019-12934 352 XSS CSRF 2019-07-19 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the wp-code-highlightjs plugin through 0.6.2 for WordPress. wp-admin/options-general.php?page=wp-code-highlight-js allows CSRF, as demonstrated by an XSS payload in the hljs_additional_css parameter.
997 CVE-2019-12926 284 2019-07-08 2019-07-16
6.5
None Remote Low Single system Partial Partial Partial
MailEnable Enterprise Premium 10.23 did not use appropriate access control checks in a number of areas. As a result, it was possible to perform a number of actions, when logged in as a user, that that user should not have had permission to perform. It was also possible to gain access to areas within the application for which the accounts used were supposed to have insufficient access.
998 CVE-2019-12925 22 Dir. Trav. 2019-07-08 2019-07-16
6.5
None Remote Low Single system Partial Partial Partial
MailEnable Enterprise Premium 10.23 was vulnerable to multiple directory traversal issues, with which authenticated users could add, remove, or potentially read files in arbitrary folders accessible by the IIS user. This could lead to reading other users' credentials including those of SYSADMIN accounts, reading other users' emails, or adding emails or files to other users' accounts.
999 CVE-2019-12901 264 2019-06-19 2019-06-21
6.5
None Remote Low Single system Partial Partial Partial
Pydio Cells before 1.5.0 fails to neutralize '../' elements, allowing an attacker with minimum privilege to Upload files to, and Delete files/folders from, an unprivileged directory, leading to Privilege escalation.
1000 CVE-2019-12889 264 Exec Code 2019-08-20 2019-08-30
6.9
None Local Medium Not required Complete Complete Complete
An unauthenticated privilege escalation exists in SailPoint Desktop Password Reset 7.2. A user with local access to only the Windows logon screen can escalate their privileges to NT AUTHORITY\System. An attacker would need local access to the machine for a successful exploit. The attacker must disconnect the computer from the local network / WAN and connect it to an internet facing access point / network. At that point, the attacker can execute the password-reset functionality, which will expose a web browser. Browsing to a site that calls local Windows system functions (e.g., file upload) will expose the local file system. From there an attacker can launch a privileged command shell.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.