CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2019-10656 77 Exec Code 2019-03-30 2019-04-12
9.0
None Remote Low Single system Complete Complete Complete
Grandstream GWN7000 before 1.0.6.32 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/uci.apply update_nds_webroot_from_tmp API call.
102 CVE-2019-10479 798 2019-04-05 2019-04-09
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. A hard-coded username and password were identified that allow a remote attacker to gain admin access to the Front Circle Controller web interface.
103 CVE-2019-10478 434 Exec Code 2019-04-05 2019-04-09
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. An unrestricted file upload vulnerability in the Front Circle Controller glytoolcgi/settingfile_upload.cgi allows attackers to upload supplied data. This can be used to place attacker controlled code on the filesystem that can be executed and can lead to a reverse root shell.
104 CVE-2019-10269 119 Overflow 2019-03-29 2019-04-24
10.0
None Remote Low Not required Complete Complete Complete
BWA (aka Burrow-Wheeler Aligner) before 2019-01-23 has a stack-based buffer overflow in the bns_restore function in bntseq.c via a long sequence name in a .alt file.
105 CVE-2019-10125 94 2019-03-27 2019-06-14
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by the close of a pair of pipes) after the return of vfs_poll(), and this will cause a use-after-free.
106 CVE-2019-10048 78 Exec Code 2019-05-31 2019-06-03
9.0
None Remote Low Single system Complete Complete Complete
The ImageMagick plugin that is installed by default in Pydio through 8.2.2 does not perform the appropriate validation and sanitization of user supplied input in the plugin's configuration options, allowing arbitrary shell commands to be entered that result in command execution on the underlying operating system, with the privileges of the local user running the web server. The attacker must be authenticated into the application with an administrator user account in order to be able to edit the affected plugin configuration.
107 CVE-2019-9949 59 Exec Code 2019-05-23 2019-05-28
9.0
None Remote Low Single system Complete Complete Complete
Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100, DL2100, DL4100, PR2100 and PR4100 before firmware 2.31.183 are affected by a code execution (as root, starting from a low-privilege user session) vulnerability. The cgi-bin/webfile_mgr.cgi file allows arbitrary file write by abusing symlinks. Specifically, this occurs by uploading a tar archive that contains a symbolic link, then uploading another archive that writes a file to the link using the "cgi_untar" command. Other commands might also be susceptible. Code can be executed because the "name" parameter passed to the cgi_unzip command is not sanitized.
108 CVE-2019-9929 275 2019-06-06 2019-06-07
9.0
None Remote Low Single system Complete Complete Complete
Northern.tech CFEngine Enterprise 3.12.1 has Insecure Permissions.
109 CVE-2019-9891 264 Exec Code 2019-05-31 2019-06-04
10.0
None Remote Low Not required Complete Complete Complete
The function getopt_simple as described in Advanced Bash Scripting Guide (ISBN 978-1435752184) allows privilege escalation and execution of commands when used in a shell script called, for example, via sudo.
110 CVE-2019-9871 264 Exec Code 2019-05-31 2019-06-03
10.0
None Remote Low Not required Complete Complete Complete
Jector Smart TV FM-K75 devices allow remote code execution because there is an adb open port with root permission.
111 CVE-2019-9863 326 2019-03-27 2019-03-28
10.0
None Remote Low Not required Complete Complete Complete
Due to the use of an insecure algorithm for rolling codes in the ABUS Secvest wireless alarm system FUAA50000 3.01.01 and its remote controls FUBE50014 and FUBE50015, an attacker is able to predict valid future rolling codes, and can thus remotely control the alarm system in an unauthorized way.
112 CVE-2019-9743 77 2019-03-26 2019-04-05
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered on PHOENIX CONTACT RAD-80211-XD and RAD-80211-XD/HP-BUS devices. Command injection can occur in the WebHMI component.
113 CVE-2019-9653 77 Exec Code 2019-05-31 2019-06-03
10.0
None Remote Low Not required Complete Complete Complete
NUUO Network Video Recorder Firmware 1.7.x through 3.3.x allows unauthenticated attackers to execute arbitrary commands via shell metacharacters to handle_load_config.php.
114 CVE-2019-9505 20 Exec Code 2019-05-08 2019-05-10
10.0
None Remote Low Not required Complete Complete Complete
The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not sanitize special characters allowing for remote unauthorized changes to configuration files. An unauthenticated attacker may be able to remotely execute arbitrary code with SYSTEM privileges.
115 CVE-2019-9486 284 Exec Code 2019-04-30 2019-05-03
9.0
None Remote Low Single system Complete Complete Complete
STRATO HiDrive Desktop Client 5.0.1.0 for Windows suffers from a SYSTEM privilege escalation vulnerability through the HiDriveMaintenanceService service. This service establishes a NetNamedPipe endpoint that allows applications to connect and call publicly exposed methods. An attacker can inject and execute code by hijacking the insecure communications with the service. This vulnerability also affects Telekom MagentaCLOUD through 5.7.0.0 and 1&1 Online Storage through 6.1.0.0.
116 CVE-2019-9193 78 Exec Code 2019-04-01 2019-05-13
9.0
None Remote Low Single system Complete Complete Complete
** DISPUTED ** In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_read_server_files' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary operating system commands on Windows, Linux, and macOS. NOTE: Third parties claim/state this is not an issue because PostgreSQL functionality for ?COPY TO/FROM PROGRAM? is acting as intended. References state that in PostgreSQL, a superuser can execute commands as the server user without using the ?COPY FROM PROGRAM?. Furthermore, members in 'pg_read_server_files' can run commands only if either the 'pg_execute_server_program' role or superuser are granted.
117 CVE-2019-9189 434 Exec Code 2019-06-05 2019-06-05
9.0
None Remote Low Single system Complete Complete Complete
On Prima Systems FlexAir devices through 2.4.9api3, an authenticated user can upload Python (.py) scripts and execute arbitrary code with root privileges.
118 CVE-2019-9161 77 Exec Code 2019-04-18 2019-04-19
10.0
None Remote Low Not required Complete Complete Complete
WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a Remote Code Execution issue allowing remote attackers to achieve full access to the system, because shell metacharacters in the nginx_webconsole.php Cookie header can be used to read an etc/config/wac/wns_cfg_admin_detail.xml file containing the admin password. (The password for root is the WebUI admin password concatenated with a static string.)
119 CVE-2019-9160 798 2019-04-18 2019-04-19
10.0
None Remote Low Not required Complete Complete Complete
WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a backdoor account allowing a remote attacker to login to the system via SSH (on TCP port 22345) and escalate to root (because the password for root is the WebUI admin password concatenated with a static string).
120 CVE-2019-8985 119 DoS Exec Code Overflow 2019-02-21 2019-03-28
9.0
None Remote Low Not required Partial Partial Complete
On Netis WF2411 with firmware 2.1.36123 and other Netis WF2xxx devices (possibly WF2411 through WF2880), there is a stack-based buffer overflow that does not require authentication. This can cause denial of service (device restart) or remote code execution. This vulnerability can be triggered by a GET request with a long HTTP "Authorization: Basic" header that is mishandled by user_auth->user_ok in /bin/boa.
121 CVE-2019-8285 119 Exec Code Overflow 2019-05-08 2019-05-10
9.0
None Remote Low Single system Complete Complete Complete
Kaspersky Lab Antivirus Engine version before 04.apr.2019 has a heap-based buffer overflow vulnerability that potentially allow arbitrary code execution
122 CVE-2019-7840 502 Exec Code 2019-06-12 2019-06-14
10.0
None Remote Low Not required Complete Complete Complete
ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.
123 CVE-2019-7839 77 Exec Code 2019-06-12 2019-06-14
10.0
None Remote Low Not required Complete Complete Complete
ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
124 CVE-2019-7838 434 Exec Code Bypass 2019-06-12 2019-06-13
10.0
None Remote Low Not required Complete Complete Complete
ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a file extension blacklist bypass vulnerability. Successful exploitation could lead to arbitrary code execution.
125 CVE-2019-7837 416 Exec Code 2019-05-22 2019-05-23
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player versions 32.0.0.171 and earlier, 32.0.0.171 and earlier, and 32.0.0.171 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
126 CVE-2019-7835 416 Exec Code 2019-05-22 2019-05-23
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier version, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
127 CVE-2019-7834 416 Exec Code 2019-05-22 2019-05-27
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
128 CVE-2019-7833 416 Exec Code 2019-05-22 2019-05-23
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
129 CVE-2019-7832 416 Exec Code 2019-05-22 2019-05-23
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
130 CVE-2019-7831 416 Exec Code 2019-05-22 2019-05-23
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
131 CVE-2019-7830 416 Exec Code 2019-05-22 2019-05-23
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
132 CVE-2019-7829 787 Exec Code 2019-05-22 2019-05-23
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
133 CVE-2019-7828 119 Exec Code Overflow 2019-05-22 2019-05-23
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
134 CVE-2019-7827 119 Exec Code Overflow 2019-05-22 2019-05-23
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
135 CVE-2019-7825 787 Exec Code 2019-05-22 2019-05-23
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
136 CVE-2019-7824 119 Exec Code Overflow 2019-05-22 2019-05-23
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution.
137 CVE-2019-7822 787 Exec Code 2019-05-22 2019-05-23
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
138 CVE-2019-7820 704 Exec Code 2019-05-22 2019-05-22
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
139 CVE-2019-7818 787 Exec Code 2019-05-22 2019-05-23
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
140 CVE-2019-7817 416 Exec Code 2019-05-22 2019-05-22
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
141 CVE-2019-7816 434 Exec Code Bypass 2019-05-24 2019-05-28
10.0
None Remote Low Not required Complete Complete Complete
ColdFusion versions Update 2 and earlier, Update 9 and earlier, and Update 17 and earlier have a file upload restriction bypass vulnerability. Successful exploitation could lead to arbitrary code execution.
142 CVE-2019-7814 416 Exec Code 2019-05-22 2019-05-22
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
143 CVE-2019-7808 416 Exec Code 2019-05-22 2019-05-22
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
144 CVE-2019-7807 416 Exec Code 2019-05-22 2019-05-22
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
145 CVE-2019-7806 416 Exec Code 2019-05-22 2019-05-22
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
146 CVE-2019-7805 416 Exec Code 2019-05-22 2019-05-22
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
147 CVE-2019-7804 787 Exec Code 2019-05-22 2019-05-22
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier version, 2017.011.30138 and earlier version, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
148 CVE-2019-7800 787 Exec Code 2019-05-22 2019-05-22
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
149 CVE-2019-7797 416 Exec Code 2019-05-22 2019-05-22
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier version, 2017.011.30138 and earlier version, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
150 CVE-2019-7796 416 Exec Code 2019-05-22 2019-05-22
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.