CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1801 CVE-2019-17096 78 2020-01-27 2020-01-31
9.3
None Remote Medium Not required Complete Complete Complete
A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the `get_image_url()` function in special circumstances to inject a system command.
1802 CVE-2019-17095 78 Exec Code 2020-01-27 2020-02-01
10.0
None Remote Low Not required Complete Complete Complete
A command injection vulnerability has been discovered in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method `/api/download_image` unsafely handles the production firmware URL supplied by remote servers, leading to arbitrary execution of system commands. In order to exploit the condition, an unauthenticated attacker should impersonate a infrastructure server to trigger this vulnerability.
1803 CVE-2019-17059 78 Exec Code 2019-10-11 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles.
1804 CVE-2019-17046 434 Exec Code 2019-09-30 2019-10-04
9.0
None Remote Low ??? Complete Complete Complete
Ilch 2.1.22 allows remote code execution because php is listed under "Allowed files" on the index.php/admin/media/settings/index page.
1805 CVE-2019-17006 345 Overflow 2020-10-22 2021-02-19
10.0
None Remote Low Not required Complete Complete Complete
In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.
1806 CVE-2019-16965 78 Exec Code 2019-10-21 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute any commands on the host as www-data.
1807 CVE-2019-16964 78 Exec Code 2019-10-21 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
app/call_centers/cmd.php in the Call Center Queue Module in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated attackers (with at least the permission call_center_queue_add or call_center_queue_edit) to execute any commands on the host as www-data.
1808 CVE-2019-16920 78 Exec Code 2019-09-27 2019-10-10
10.0
None Remote Low Not required Complete Complete Complete
Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.
1809 CVE-2019-16872 2019-11-07 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
Portainer before 1.22.1 has Incorrect Access Control (issue 1 of 4).
1810 CVE-2019-16871 20 Exec Code 2019-12-19 2020-01-09
9.3
None Remote Medium Not required Complete Complete Complete
Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stations, allow an attacker to achieve Remote Code Execution (as SYSTEM) via the Beckhoff ADS protocol.
1811 CVE-2019-16767 2019-11-29 2020-10-16
9.0
None Remote Low ??? Complete Complete Complete
The admin sys mode is now conditional and dedicated for the special case. By default, since [email protected] no instance (container) is launched with advanced capabilities (not launched as root)
1812 CVE-2019-16737 78 Exec Code 2019-12-13 2019-12-18
10.0
None Remote Low Not required Complete Complete Complete
The processCommandSetMac() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.
1813 CVE-2019-16736 787 DoS Overflow 2019-12-13 2019-12-18
10.0
None Remote Low Not required Complete Complete Complete
A stack-based buffer overflow in processCommandUploadSnapshot in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to cause denial of service or run arbitrary code as the root user.
1814 CVE-2019-16735 787 DoS Overflow 2019-12-13 2019-12-18
10.0
None Remote Low Not required Complete Complete Complete
A stack-based buffer overflow in processCommandUploadLog in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to cause denial of service or run arbitrary code as the root user.
1815 CVE-2019-16734 798 Exec Code 2019-12-13 2019-12-18
10.0
None Remote Low Not required Complete Complete Complete
Use of default credentials for the TELNET server in Petwant PF-103 firmware 4.3.2.50 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.
1816 CVE-2019-16733 78 Exec Code 2019-12-13 2019-12-18
10.0
None Remote Low Not required Complete Complete Complete
processCommandSetUid() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.
1817 CVE-2019-16732 347 2019-12-13 2019-12-18
9.3
None Remote Medium Not required Complete Complete Complete
Unencrypted HTTP communications for firmware upgrades in Petalk AI and PF-103 allow man-in-the-middle attackers to run arbitrary code as the root user.
1818 CVE-2019-16730 20 Exec Code 2019-12-13 2019-12-18
10.0
None Remote Low Not required Complete Complete Complete
processCommandUpgrade() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.
1819 CVE-2019-16701 78 2019-09-25 2019-09-25
9.0
None Remote Low ??? Complete Complete Complete
pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.exec_php call containing shell metacharacters in a parameter value.
1820 CVE-2019-16663 78 Exec Code 2019-10-28 2019-10-29
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution.
1821 CVE-2019-16662 78 Exec Code 2019-10-28 2019-10-29
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution.
1822 CVE-2019-16647 428 2019-10-29 2019-11-05
9.0
None Remote Low ??? Complete Complete Complete
Unquoted Search Path in Maxthon 5.1.0 to 5.2.7 Browser for Windows.
1823 CVE-2019-16530 434 Exec Code 2019-10-21 2019-10-22
9.0
None Remote Low ??? Complete Complete Complete
Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution.
1824 CVE-2019-16508 190 Overflow +Priv 2019-10-01 2019-10-08
9.3
None Remote Medium Not required Complete Complete Complete
The Imagination Technologies driver for Chrome OS before R74-11895.B, R75 before R75-12105.B, and R76 before R76-12208.0.0 allows attackers to trigger an Integer Overflow and gain privileges via a malicious application. This occurs because of intentional access for the GPU process to /dev/dri/card1 and the PowerVR ioctl handler, as demonstrated by PVRSRVBridgeSyncPrimOpCreate.
1825 CVE-2019-16464 416 Exec Code 2019-12-19 2019-12-30
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
1826 CVE-2019-16463 476 Exec Code 2019-12-19 2019-12-30
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .
1827 CVE-2019-16462 Exec Code 2019-12-19 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution .
1828 CVE-2019-16460 476 Exec Code 2019-12-19 2019-12-30
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .
1829 CVE-2019-16459 416 Exec Code 2019-12-19 2019-12-30
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
1830 CVE-2019-16455 476 Exec Code 2019-12-19 2019-12-30
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .
1831 CVE-2019-16454 787 Exec Code 2019-12-19 2019-12-30
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
1832 CVE-2019-16453 20 Exec Code Bypass 2019-12-19 2019-12-30
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary code execution.
1833 CVE-2019-16452 416 Exec Code 2019-12-19 2019-12-30
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
1834 CVE-2019-16451 787 Exec Code Overflow 2019-12-19 2020-02-03
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .
1835 CVE-2019-16450 787 Exec Code 2019-12-19 2019-12-30
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
1836 CVE-2019-16448 416 Exec Code 2019-12-19 2019-12-30
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
1837 CVE-2019-16446 476 Exec Code 2019-12-19 2019-12-30
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .
1838 CVE-2019-16445 416 Exec Code 2019-12-19 2019-12-30
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
1839 CVE-2019-16405 20 Exec Code 2019-11-21 2019-12-31
9.0
None Remote Low ??? Complete Complete Complete
Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location settings. CVE-2019-16405 and CVE-2019-17501 are similar to one another and may be the same.
1840 CVE-2019-16284 Exec Code 2019-11-05 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of privilege. The EFI_BOOT_SERVICES structure might be overwritten by an attacker to execute arbitrary SMM (System Management Mode) code. A list of affected products and versions are available in https://support.hp.com/rs-en/document/c06456250.
1841 CVE-2019-16273 Exec Code 2020-01-06 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
DTEN D5 and D7 before 1.3.4 devices allow unauthenticated root shell access through Android Debug Bridge (adb), leading to arbitrary code execution and system administration. Also, this provides a covert ability to capture screen data from the Zoom Client on Windows by executing commands on the Android OS.
1842 CVE-2019-16213 78 Exec Code 2020-06-25 2020-07-01
9.0
None Remote Low ??? Complete Complete Complete
Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted string, an attacker could modify the device name of an attached PLC adapter to inject and execute arbitrary commands on the system with root privileges.
1843 CVE-2019-16139 125 2019-09-09 2019-09-09
9.0
None Remote Low Not required Partial Partial Complete
An issue was discovered in the compact_arena crate before 0.4.0 for Rust. Generativity is mishandled, leading to an out-of-bounds write or read.
1844 CVE-2019-16103 2019-09-08 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows privilege escalation (by administrators) from the menu to a root Bash OS shell via the spsshell feature.
1845 CVE-2019-16072 78 Exec Code 2020-03-20 2020-03-24
10.0
None Remote Low Not required Complete Complete Complete
An OS command injection vulnerability in the discover_and_manage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows an attacker to execute arbitrary code because of improper neutralization of shell metacharacters in the ip_address variable within an snmp_browser action.
1846 CVE-2019-16066 434 Exec Code 2020-03-19 2020-03-23
9.0
None Remote Low ??? Complete Complete Complete
An unrestricted file upload vulnerability exists in user and system file upload functions in NETSAS Enigma NMS 65.0.0 and prior. This allows an attacker to upload malicious files and perform arbitrary code execution on the system.
1847 CVE-2019-16065 89 Exec Code Sql 2020-03-19 2020-03-23
9.0
None Remote Low ??? Complete Complete Complete
A remote SQL injection web vulnerability was discovered in the Enigma NMS 65.0.0 and prior web application that allows an attacker to execute SQL commands to expose and compromise the web server, expose database tables and values, and potentially execute system-based commands as the mysql user. This affects the search_pattern value of the manage_hosts_short.cgi script.
1848 CVE-2019-16057 78 2019-09-16 2019-09-16
10.0
None Remote Low Not required Complete Complete Complete
The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection.
1849 CVE-2019-16028 287 +Priv Bypass 2020-09-23 2020-10-07
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability is due to improper handling of Lightweight Directory Access Protocol (LDAP) authentication responses from an external authentication server. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to gain administrative access to the web-based management interface of the affected device.
1850 CVE-2019-16005 20 Exec Code 2020-01-26 2020-10-19
9.0
None Remote Low ??? Complete Complete Complete
A vulnerability in the web-based management interface of Cisco Webex Video Mesh could allow an authenticated, remote attacker to execute arbitrary commands on the affected system. The vulnerability is due to improper validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by logging in to the web-based management interface with administrative privileges and supplying crafted requests to the application. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with root privileges on a targeted node.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.