| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1701 |
CVE-2019-13307 |
119 |
|
Overflow |
2019-07-04 |
2019-08-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows. |
|
1702 |
CVE-2019-13306 |
119 |
|
Overflow |
2019-07-04 |
2019-08-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors. |
|
1703 |
CVE-2019-13305 |
119 |
|
Overflow |
2019-07-04 |
2019-08-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy and an off-by-one error. |
|
1704 |
CVE-2019-13304 |
119 |
|
Overflow |
2019-07-04 |
2019-08-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment. |
|
1705 |
CVE-2019-13303 |
125 |
|
|
2019-07-04 |
2019-08-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/composite.c in CompositeImage. |
|
1706 |
CVE-2019-13302 |
125 |
|
|
2019-07-04 |
2019-08-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/fourier.c in ComplexImages. |
|
1707 |
CVE-2019-13301 |
399 |
|
|
2019-07-04 |
2019-08-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error. |
|
1708 |
CVE-2019-13300 |
119 |
|
Overflow |
2019-07-04 |
2019-08-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns. |
|
1709 |
CVE-2019-13299 |
125 |
|
|
2019-07-04 |
2019-08-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/pixel-accessor.h in GetPixelChannel. |
|
1710 |
CVE-2019-13298 |
119 |
|
Overflow |
2019-07-04 |
2019-08-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/pixel-accessor.h in SetPixelViaPixelInfo because of a MagickCore/enhance.c error. |
|
1711 |
CVE-2019-13297 |
125 |
|
|
2019-07-04 |
2019-08-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled. |
|
1712 |
CVE-2019-13296 |
399 |
|
|
2019-07-04 |
2019-08-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagickMemory because of an error in CLIListOperatorImages in MagickWand/operation.c for a NULL value. |
|
1713 |
CVE-2019-13295 |
125 |
|
|
2019-07-04 |
2019-08-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled. |
|
1714 |
CVE-2019-13294 |
284 |
|
Exec Code |
2019-07-04 |
2019-07-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
AROX School-ERP Pro has a command execution vulnerability. import_stud.php and upload_fille.php do not have session control. Therefore an unauthenticated user can execute a command on the system. |
|
1715 |
CVE-2019-13292 |
89 |
|
Sql |
2019-07-04 |
2019-07-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A SQL Injection issue was discovered in webERP 4.15. Payments.php accepts payment data in base64 format. After this is decoded, it is deserialized. Then, this deserialized data goes directly into a SQL query, with no sanitizing checks. |
|
1716 |
CVE-2019-13291 |
119 |
|
Overflow |
2019-07-04 |
2019-07-08 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In Xpdf 4.01.01, there is a heap-based buffer over-read in the function DCTStream::readScan() located at Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Information Disclosure. |
|
1717 |
CVE-2019-13290 |
119 |
|
Exec Code Overflow |
2019-07-04 |
2019-07-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Artifex MuPDF 1.15.0 has a heap-based buffer overflow in fz_append_display_node located at fitz/list-device.c, allowing remote attackers to execute arbitrary code via a crafted PDF file. This occurs with a large BDC property name that overflows the allocated size of a display list node. |
|
1718 |
CVE-2019-13289 |
416 |
|
|
2019-07-04 |
2019-07-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In Xpdf 4.01.01, there is a use-after-free vulnerability in the function JBIG2Stream::close() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. |
|
1719 |
CVE-2019-13288 |
400 |
|
|
2019-07-04 |
2019-07-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646. |
|
1720 |
CVE-2019-13287 |
125 |
|
|
2019-07-04 |
2019-07-09 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath::strokeAdjust() located at splash/SplashXPath.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure. This is related to CVE-2018-16368. |
|
1721 |
CVE-2019-13286 |
125 |
|
|
2019-07-04 |
2019-07-09 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In Xpdf 4.01.01, there is a heap-based buffer over-read in the function JBIG2Stream::readTextRegionSeg() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure. |
|
1722 |
CVE-2019-13283 |
119 |
|
DoS Overflow +Info |
2019-07-04 |
2019-07-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed-length copy. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact. |
|
1723 |
CVE-2019-13282 |
125 |
|
DoS +Info |
2019-07-04 |
2019-07-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in SampledFunction::transform in Function.cc when using a large index for samples. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact. |
|
1724 |
CVE-2019-13281 |
119 |
|
DoS Overflow +Info |
2019-07-04 |
2019-07-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DCTStream::decodeImage() in Stream.cc when writing to frameBuf memory. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service, an information leak, or possibly unspecified other impact. |
|
1725 |
CVE-2019-13280 |
119 |
|
Exec Code Overflow |
2019-07-09 |
2019-07-15 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow while returning an error message to the user about failure to resolve a hostname during a ping or traceroute attempt. This allows an authenticated user to execute arbitrary code. The exploit can be exercised on the local intranet or remotely if remote administration is enabled. |
|
1726 |
CVE-2019-13279 |
119 |
|
Exec Code Overflow |
2019-07-10 |
2019-07-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple stack-based buffer overflows when processing user input for the setup wizard, allowing an unauthenticated user to execute arbitrary code. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled. |
|
1727 |
CVE-2019-13278 |
77 |
|
|
2019-07-10 |
2019-07-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple command injections when processing user input for the setup wizard, allowing an unauthenticated user to run arbitrary commands on the device. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled. |
|
1728 |
CVE-2019-13277 |
119 |
|
DoS Overflow |
2019-07-09 |
2019-07-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
TRENDnet TEW-827DRU with firmware up to and including 2.04B03 allows an unauthenticated attacker to execute setup wizard functionality, giving this attacker the ability to change configuration values, potentially leading to a denial of service. The request can be made on the local intranet or remotely if remote administration is enabled. |
|
1729 |
CVE-2019-13276 |
119 |
|
Exec Code Overflow |
2019-07-10 |
2019-07-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by providing a sufficiently long query string when POSTing to any valid cgi, txt, asp, or js file. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled. |
|
1730 |
CVE-2019-13275 |
89 |
|
Sql |
2019-07-04 |
2019-07-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in the VeronaLabs wp-statistics plugin before 12.6.7 for WordPress. The v1/hit endpoint of the API, when the non-default "use cache plugin" setting is enabled, is vulnerable to unauthenticated blind SQL Injection. |
|
1731 |
CVE-2019-13274 |
79 |
|
XSS |
2019-08-27 |
2019-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In Xymon through 4.3.28, an XSS vulnerability exists in the csvinfo CGI script due to insufficient filtering of the db parameter. |
|
1732 |
CVE-2019-13273 |
119 |
|
Overflow |
2019-08-27 |
2019-09-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Xymon through 4.3.28, a buffer overflow vulnerability exists in the csvinfo CGI script. The overflow may be exploited by sending a crafted GET request that triggers an sprintf of the srcdb parameter. |
|
1733 |
CVE-2019-13272 |
264 |
|
|
2019-07-17 |
2019-07-25 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments. |
|
1734 |
CVE-2019-13271 |
284 |
|
|
2019-08-27 |
2019-09-03 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
Edimax BR-6208AC V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. They forward ARP requests, which are sent as broadcast packets, between the host and the guest networks. To use this leakage as a direct covert channel, the sender can trivially issue an ARP request to an arbitrary computer on the network. (In general, some routers restrict ARP forwarding only to requests destined for the network's subnet mask, but these routers did not restrict this traffic in any way. Depending on this factor, one must use either the lower 8 bits of the IP address, or the entire 32 bits, as the data payload.) |
|
1735 |
CVE-2019-13270 |
20 |
|
|
2019-08-27 |
2019-09-03 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
Edimax BR-6208AC V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. In order to transfer data from the host network to the guest network, the sender joins and then leaves an IGMP group. After it leaves, the router (following the IGMP protocol) creates an IGMP Membership Query packet with the Group IP and sends it to both the Host and the Guest networks. The data is transferred within the Group IP field, which is completely controlled by the sender. |
|
1736 |
CVE-2019-13269 |
20 |
|
|
2019-08-27 |
2019-09-03 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
Edimax BR-6208AC V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. A DHCP Request is sent to the router with a certain Transaction ID field. Following the DHCP protocol, the router responds with an ACK or NAK message. Studying the NAK case revealed that the router erroneously sends the NAK to both Host and Guest networks with the same Transaction ID as found in the DHCP Request. This allows encoding of data to be sent cross-router into the 32-bit Transaction ID field. |
|
1737 |
CVE-2019-13268 |
20 |
|
|
2019-08-27 |
2019-09-03 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. They forward ARP requests, which are sent as broadcast packets, between the host and the guest networks. To use this leakage as a direct covert channel, the sender can trivially issue an ARP request to an arbitrary computer on the network. (In general, some routers restrict ARP forwarding only to requests destined for the network's subnet mask, but these routers did not restrict this traffic in any way. Depending on this factor, one must use either the lower 8 bits of the IP address, or the entire 32 bits, as the data payload.) |
|
1738 |
CVE-2019-13267 |
20 |
|
|
2019-08-27 |
2019-09-04 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. In order to transfer data from the host network to the guest network, the sender joins and then leaves an IGMP group. After it leaves, the router (following the IGMP protocol) creates an IGMP Membership Query packet with the Group IP and sends it to both the Host and the Guest networks. The data is transferred within the Group IP field, which is completely controlled by the sender. |
|
1739 |
CVE-2019-13266 |
20 |
|
|
2019-08-27 |
2019-09-03 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. A DHCP Request is sent to the router with a certain Transaction ID field. Following the DHCP protocol, the router responds with an ACK or NAK message. Studying the NAK case revealed that the router erroneously sends the NAK to both Host and Guest networks with the same Transaction ID as found in the DHCP Request. This allows encoding of data to be sent cross-router into the 32-bit Transaction ID field. |
|
1740 |
CVE-2019-13265 |
284 |
|
|
2019-08-27 |
2019-09-03 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. They forward ARP requests, which are sent as broadcast packets, between the host and the guest networks. To use this leakage as a direct covert channel, the sender can trivially issue an ARP request to an arbitrary computer on the network. (In general, some routers restrict ARP forwarding only to requests destined for the network's subnet mask, but these routers did not restrict this traffic in any way. Depending on this factor, one must use either the lower 8 bits of the IP address, or the entire 32 bits, as the data payload.) |
|
1741 |
CVE-2019-13264 |
284 |
|
|
2019-08-27 |
2019-09-03 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. In order to transfer data from the host network to the guest network, the sender joins and then leaves an IGMP group. After it leaves, the router (following the IGMP protocol) creates an IGMP Membership Query packet with the Group IP and sends it to both the Host and the Guest networks. The data is transferred within the Group IP field, which is completely controlled by the sender. |
|
1742 |
CVE-2019-13263 |
20 |
|
|
2019-08-27 |
2019-09-03 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. A DHCP Request is sent to the router with a certain Transaction ID field. Following the DHCP protocol, the router responds with an ACK or NAK message. Studying the NAK case revealed that the router erroneously sends the NAK to both Host and Guest networks with the same Transaction ID as found in the DHCP Request. This allows encoding of data to be sent cross-router into the 32-bit Transaction ID field. |
|
1743 |
CVE-2019-13262 |
119 |
|
Overflow |
2019-07-04 |
2019-07-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x00000000003283eb. |
|
1744 |
CVE-2019-13261 |
119 |
|
Overflow |
2019-07-04 |
2019-07-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000328384. |
|
1745 |
CVE-2019-13260 |
119 |
|
Overflow |
2019-07-04 |
2019-07-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000327a07. |
|
1746 |
CVE-2019-13259 |
119 |
|
Overflow |
2019-07-04 |
2019-07-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e566. |
|
1747 |
CVE-2019-13258 |
119 |
|
Overflow |
2019-07-04 |
2019-07-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000328165. |
|
1748 |
CVE-2019-13257 |
119 |
|
Overflow |
2019-07-04 |
2019-07-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x00000000003273aa. |
|
1749 |
CVE-2019-13256 |
119 |
|
Overflow |
2019-07-04 |
2019-07-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e849. |
|
1750 |
CVE-2019-13255 |
119 |
|
Overflow |
2019-07-04 |
2019-07-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000327464. |
