CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1601 CVE-2019-5974 352 CSRF 2019-07-05 2019-07-15
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Contest Gallery versions prior to 10.4.5 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
1602 CVE-2019-5973 352 CSRF 2019-07-05 2019-07-31
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Online Lesson Booking 0.8.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
1603 CVE-2019-5971 352 CSRF 2019-07-05 2019-07-09
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Attendance Manager 0.5.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
1604 CVE-2019-5968 352 CSRF 2019-07-05 2019-07-09
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in GROWI v3.4.6 and earlier allows remote attackers to hijack the authentication of administrators via updating user's 'Basic Info'.
1605 CVE-2019-5963 352 CSRF 2019-07-05 2019-07-31
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
1606 CVE-2019-5960 352 CSRF 2019-07-05 2019-07-08
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in WP Open Graph 1.6.1 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
1607 CVE-2019-5958 426 +Priv 2019-05-17 2019-05-21
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in Electronic reception and examination of application for radio licenses Offline 1.0.9.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
1608 CVE-2019-5957 426 +Priv 2019-05-17 2019-05-21
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in Installer of Electronic reception and examination of application for radio licenses Online 1.0.9.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
1609 CVE-2019-5954 284 Bypass +Info 2019-05-17 2019-05-20
6.4
None Remote Low Not required Partial Partial None
JR East Japan train operation information push notification App for Android version 1.2.4 and earlier allows remote attackers to bypass access restriction to obtain or alter the user's registered information via unspecified vectors.
1610 CVE-2019-5934 89 Exec Code Sql 2019-05-17 2019-05-20
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.0 allows attacker with administrator rights to execute arbitrary SQL commands via the Log Search function of application 'logging'.
1611 CVE-2019-5924 352 CSRF 2019-03-12 2019-08-22
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Smart Forms 2.6.15 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page.
1612 CVE-2019-5887 22 Dir. Trav. 2019-01-10 2019-01-18
6.4
None Remote Low Not required None Partial Partial
An issue was discovered in ShopXO 1.2.0. In the UnlinkDir method of the FileUtil.php file, the input parameters are not checked, resulting in input mishandling by the rmdir method. Attackers can delete arbitrary files by using "../" directory traversal.
1613 CVE-2019-5883 284 2019-05-17 2019-05-20
6.4
None Remote Low Not required Partial Partial None
An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 6.0 and later but before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. The issue comments feature could allow a user to comment on an issue which they shouldn't be allowed to.
1614 CVE-2019-5836 119 Overflow 2019-06-27 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1615 CVE-2019-5831 119 Overflow 2019-06-27 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1616 CVE-2019-5829 416 Overflow 2019-06-27 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in download manager in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
1617 CVE-2019-5828 416 2019-06-27 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
1618 CVE-2019-5827 190 Overflow 2019-06-27 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1619 CVE-2019-5824 119 Overflow 2019-06-27 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1620 CVE-2019-5822 284 Bypass 2019-06-27 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
1621 CVE-2019-5821 190 Overflow 2019-06-27 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
1622 CVE-2019-5820 190 Overflow 2019-06-27 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
1623 CVE-2019-5817 119 Overflow 2019-06-27 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1624 CVE-2019-5816 664 2019-06-27 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Process lifetime issue in Chrome in Google Chrome on Android prior to 74.0.3729.108 allowed a remote attacker to potentially persist an exploited process via a crafted HTML page.
1625 CVE-2019-5813 416 2019-06-27 2019-06-28
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1626 CVE-2019-5811 19 Bypass 2019-06-27 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
1627 CVE-2019-5809 416 2019-06-27 2019-07-01
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in file chooser in Google Chrome prior to 74.0.3729.108 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page.
1628 CVE-2019-5808 416 2019-06-27 2019-06-28
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1629 CVE-2019-5807 119 Overflow 2019-06-27 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Object lifetime issue in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1630 CVE-2019-5806 190 Overflow 2019-06-27 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1631 CVE-2019-5795 190 Overflow 2019-05-23 2019-06-28
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file.
1632 CVE-2019-5792 190 Overflow 2019-05-23 2019-06-28
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file.
1633 CVE-2019-5791 125 2019-05-23 2019-06-28
6.8
None Remote Medium Not required Partial Partial Partial
Inappropriate optimization in V8 in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
1634 CVE-2019-5790 190 Exec Code Overflow 2019-05-23 2019-06-28
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow leading to an incorrect capacity of a buffer in JavaScript in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
1635 CVE-2019-5782 20 Exec Code 2019-02-19 2019-04-17
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
1636 CVE-2019-5774 20 Exec Code 2019-02-19 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed an attacker who convinced a user to download a .desktop file to execute arbitrary code via a downloaded .desktop file.
1637 CVE-2019-5772 416 2019-02-19 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
Sharing of objects over calls into JavaScript runtime in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
1638 CVE-2019-5771 119 Exec Code Overflow 2019-02-19 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
1639 CVE-2019-5770 125 2019-02-19 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient input validation in WebGL in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
1640 CVE-2019-5769 20 2019-02-19 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect handling of invalid end character position when front rendering in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1641 CVE-2019-5764 416 2019-02-19 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect pointer management in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1642 CVE-2019-5763 20 2019-02-19 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
Failure to check error conditions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1643 CVE-2019-5762 119 Exec Code Overflow 2019-02-19 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
1644 CVE-2019-5761 416 2019-02-19 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect object lifecycle management in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1645 CVE-2019-5760 416 2019-02-19 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1646 CVE-2019-5759 416 2019-02-19 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
1647 CVE-2019-5758 416 2019-02-19 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1648 CVE-2019-5757 704 2019-02-19 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.
1649 CVE-2019-5756 416 Exec Code 2019-02-19 2019-04-17
6.8
None Remote Medium Not required Partial Partial Partial
Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
1650 CVE-2019-5674 264 DoS Exec Code 2019-03-28 2019-04-18
6.9
None Local Medium Not required Complete Complete Complete
NVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is enabled. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.