CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
151 CVE-2019-10863 77 Exec Code 2019-04-04 2019-04-23
6.5
None Remote Low Single system Partial Partial Partial
A command injection vulnerability exists in TeemIp versions before 2.4.0. The new_config parameter of exec.php allows one to create a new PHP file with the exception of config information. The malicious PHP code sent is executed instantaneously and is not saved on the server.
152 CVE-2019-10852 89 Sql 2019-05-23 2019-05-24
6.5
None Remote Low Single system Partial Partial Partial
Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via the id GET parameter, as demonstrated by the index.php?m=servers&a=start_pulling&id= substring.
153 CVE-2019-10847 352 CSRF 2019-05-24 2019-05-28
6.8
None Remote Medium Not required Partial Partial Partial
Computrols CBAS 18.0.0 allows Cross-Site Request Forgery.
154 CVE-2019-10663 89 Sql 2019-03-30 2019-04-01
6.5
None Remote Low Single system Partial Partial Partial
Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to conduct SQL injection attacks via the sord parameter in a listCodeblueGroup API call to the /cgi? URI.
155 CVE-2019-10660 77 Exec Code 2019-03-30 2019-04-12
6.5
None Remote Low Single system Partial Partial Partial
Grandstream GXV3611IR_HD before 1.0.3.23 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the /goform/systemlog?cmd=set logserver field.
156 CVE-2019-10659 77 Exec Code 2019-03-30 2019-04-12
6.5
None Remote Low Single system Partial Partial Partial
Grandstream GXV3370 before 1.0.1.41 and WP820 before 1.0.3.6 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in a /manager?action=getlogcat priority field.
157 CVE-2019-10658 77 Exec Code 2019-03-30 2019-04-12
6.5
None Remote Low Single system Partial Partial Partial
Grandstream GWN7610 before 1.0.8.18 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/controller.icc.update_nds_webroot_from_tmp update_nds_webroot_from_tmp API call.
158 CVE-2019-10652 434 2019-03-30 2019-04-01
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in flatCore 1.4.7. acp/acp.php allows remote authenticated administrators to upload arbitrary .php files, related to the addons feature.
159 CVE-2019-10644 352 CSRF 2019-03-29 2019-04-01
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in HYBBS 2.2. /?admin/user.html has a CSRF vulnerability that can add an administrator account.
160 CVE-2019-10642 352 CSRF 2019-04-17 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
Contao 4.7 allows CSRF.
161 CVE-2019-10633 94 Exec Code 2019-04-09 2019-04-10
6.5
None Remote Low Single system Partial Partial Partial
An eval injection vulnerability in the Python web server routing on the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to execute arbitrary code via the tjp6jp6y4, simZysh, and ck6fup6 APIs.
162 CVE-2019-10631 77 Exec Code 2019-04-09 2019-04-10
6.5
None Remote Low Single system Partial Partial Partial
Shell Metacharacter Injection in the package installer on Zyxel NAS 326 version 5.21 and below allows an authenticated attacker to execute arbitrary code via multiple different requests.
163 CVE-2019-10338 352 CSRF 2019-06-11 2019-06-13
6.8
None Remote Medium Not required Partial Partial Partial
A cross-site request forgery vulnerability in Jenkins JX Resources Plugin 1.0.36 and earlier in GlobalPluginConfiguration#doValidateClient allowed attackers to have Jenkins connect to an attacker-specified Kubernetes server, potentially leaking credentials.
164 CVE-2019-10328 693 Bypass 2019-05-31 2019-06-03
6.5
None Remote Low Single system Partial Partial Partial
Jenkins Pipeline Remote Loader Plugin 1.4 and earlier provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection.
165 CVE-2019-10315 352 CSRF 2019-04-30 2019-05-06
6.8
None Remote Medium Not required Partial Partial Partial
Jenkins GitHub Authentication Plugin 0.31 and earlier did not use the state parameter of OAuth to prevent CSRF.
166 CVE-2019-10310 352 CSRF 2019-04-30 2019-05-06
6.8
None Remote Medium Not required Partial Partial Partial
A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins
167 CVE-2019-10306 254 Exec Code Bypass 2019-04-18 2019-04-24
6.5
None Remote Low Single system Partial Partial Partial
A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earlier allowed attackers with control over ontrack DSL definitions to execute arbitrary code on the Jenkins master JVM.
168 CVE-2019-10249 254 2019-05-06 2019-05-07
6.8
None Remote Medium Not required Partial Partial Partial
All Xtext & Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised.
169 CVE-2019-10248 669 2019-04-22 2019-04-26
6.8
None Remote Medium Not required Partial Partial Partial
Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected.
170 CVE-2019-10240 310 2019-04-03 2019-04-08
6.8
None Remote Medium Not required Partial Partial Partial
Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected.
171 CVE-2019-10237 352 CSRF 2019-03-27 2019-03-28
6.8
None Remote Medium Not required Partial Partial Partial
S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via the 4.edu.php/admin/ajax.php?type=admin&action=add&lang=0 URI, a related issue to CVE-2019-9040.
172 CVE-2019-10233 362 2019-03-27 2019-03-28
6.8
None Remote Medium Not required Partial Partial Partial
Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie.
173 CVE-2019-10147 200 +Info 2019-06-03 2019-06-04
6.9
None Local Medium Not required Complete Complete Complete
rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`. Processes run with `rkt enter` are not limited by cgroups during stage 2 (the actual environment in which the applications run). Compromised containers could exploit this flaw to access host resources.
174 CVE-2019-10145 200 +Info 2019-06-03 2019-06-04
6.9
None Local Medium Not required Complete Complete Complete
rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`. Processes run with `rkt enter` do not have seccomp filtering during stage 2 (the actual environment in which the applications run). Compromised containers could exploit this flaw to access host resources.
175 CVE-2019-10144 200 +Info 2019-06-03 2019-06-04
6.9
None Local Medium Not required Complete Complete Complete
rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`. Processes run with `rkt enter` are given all capabilities during stage 2 (the actual environment in which the applications run). Compromised containers could exploit this flaw to access host resources.
176 CVE-2019-10143 264 2019-05-24 2019-05-29
6.9
None Local Medium Not required Complete Complete Complete
It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user.
177 CVE-2019-10132 264 2019-05-22 2019-06-11
6.5
None Remote Low Single system Partial Partial Partial
A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons.
178 CVE-2019-10063 20 Exec Code Bypass 2019-03-26 2019-05-13
6.8
None Remote Medium Not required Partial Partial Partial
Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226 by using a seccomp filter to prevent sandboxed apps from using the TIOCSTI ioctl, which could otherwise be used to inject commands into the controlling terminal so that they would be executed outside the sandbox after the sandboxed app exits. This fix was incomplete: on 64-bit platforms, the seccomp filter could be bypassed by an ioctl request number that has TIOCSTI in its 32 least significant bits and an arbitrary nonzero value in its 32 most significant bits, which the Linux kernel would treat as equivalent to TIOCSTI.
179 CVE-2019-10060 119 Exec Code Overflow 2019-03-25 2019-03-28
6.8
None Remote Medium Not required Partial Partial Partial
The Verix Multi-app Conductor application 2.7 for Verifone Verix suffers from a buffer overflow vulnerability that allows attackers to execute arbitrary code via a long configuration key value. An attacker must be able to download files to the device in order to exploit this vulnerability.
180 CVE-2019-10045 384 2019-05-31 2019-06-03
6.4
None Remote Low Not required Partial Partial None
The "action" get_sess_id in the web application of Pydio through 8.2.2 discloses the session cookie value in the response body, enabling scripts to get access to its value. This identifier can be reused by an attacker to impersonate a user and perform actions on behalf of him/her (if the session is still active).
181 CVE-2019-10044 20 2019-03-25 2019-04-07
6.8
None Remote Medium Not required Partial Partial Partial
Telegram Desktop before 1.5.12 on Windows, and the Telegram applications for Android, iOS, and Linux, is vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets.
182 CVE-2019-10012 434 Exec Code 2019-03-25 2019-04-07
6.0
None Remote Medium Single system Partial Partial Partial
Jenzabar JICS (aka Internet Campus Solution) before 9 allows remote attackers to upload and execute arbitrary .aspx code by placing it in a ZIP archive and using the MoxieManager (for .NET) plugin before 2.1.4 in the moxiemanager directory within the installation folder ICS\ICS.NET\ICSFileServer.
183 CVE-2019-10008 384 2019-04-24 2019-04-25
6.5
None Remote Low Single system Partial Partial Partial
Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privilege escalation because an established guest session is automatically converted into an established administrator session when the guest user enters the administrator username, with an arbitrary incorrect password, in an mc/ login attempt within a different browser tab.
184 CVE-2019-9977 20 Exec Code 2019-03-24 2019-04-07
6.8
None Remote Medium Not required Partial Partial Partial
The renderer process in the entertainment system on Tesla Model 3 vehicles mishandles JIT compilation, which allows attackers to trigger firmware code execution, and display a crafted message to vehicle occupants.
185 CVE-2019-9974 285 2019-04-11 2019-04-12
6.4
None Remote Low Not required Partial None Partial
diag_tool.cgi on DASAN H660RM GPON routers with firmware 1.03-0022 lacks any authorization check, which allows remote attackers to run a ping command via a GET request to enumerate LAN devices or crash the router with a DoS attack.
186 CVE-2019-9956 119 DoS Exec Code Overflow 2019-03-23 2019-05-14
6.8
None Remote Medium Not required Partial Partial Partial
In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file.
187 CVE-2019-9948 254 Bypass 2019-03-23 2019-05-10
6.4
None Remote Low Not required Partial Partial None
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.
188 CVE-2019-9928 119 Exec Code Overflow 2019-04-24 2019-05-01
6.8
None Remote Medium Not required Partial Partial Partial
GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution.
189 CVE-2019-9920 264 2019-03-29 2019-04-01
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to perform an action within the context of the account of another user.
190 CVE-2019-9918 89 Sql 2019-03-29 2019-03-29
6.4
None Remote Low Not required Partial Partial None
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Input does not get validated and queries are not written in a way to prevent SQL injection. Therefore arbitrary SQL-Statements can be executed in the database.
191 CVE-2019-9894 320 2019-03-21 2019-04-26
6.4
None Remote Low Not required None Partial Partial
A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.
192 CVE-2019-9890 275 2019-04-17 2019-04-17
6.4
None Remote Low Not required Partial Partial None
An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions.
193 CVE-2019-9883 352 CSRF 2019-06-03 2019-06-04
6.8
None Remote Medium Not required Partial Partial Partial
Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account via useradmin/cf_new.cgi?chief=&wk_group=full&cf_name=test&cf_account=test&cf_email=&cf_acl=Management&apply_lang=&dn= without any authorizes.
194 CVE-2019-9882 352 CSRF 2019-06-03 2019-06-04
6.8
None Remote Medium Not required Partial Partial Partial
Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources into whitelist via user/save_list.php?ACSION=&type=email&category=white&locate=big5&cmd=add&[email protected]&new_memo=&add=%E6%96%B0%E5%A2%9E without any authorizes.
195 CVE-2019-9880 306 2019-06-10 2019-06-11
6.4
None Remote Low Not required Partial Partial None
An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such as email address, role, and username.
196 CVE-2019-9875 502 Exec Code CSRF 2019-05-31 2019-06-03
6.5
None Remote Low Single system Partial Partial Partial
Deserialization of Untrusted Data in the anti CSRF module in Sitecore through 9.1 allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in an HTTP POST parameter.
197 CVE-2019-9865 190 DoS Exec Code Overflow 2019-05-29 2019-05-29
6.8
None Remote Medium Not required Partial Partial Partial
When RPC is enabled in Wind River VxWorks 6.9 prior to 6.9.1, a specially crafted RPC request can trigger an integer overflow leading to an out-of-bounds memory copy. It may allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code.
198 CVE-2019-9858 94 Exec Code 2019-05-29 2019-06-16
6.5
None Remote Low Single system Partial Partial Partial
Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the Horde_Form_Type_image method onSubmit() is called on uploads, it invokes the functions getImage() and _getUpload(), which uses unsanitized user input as a path to save the image. The unsanitized POST parameter object[photo][img][file] is saved in the $upload[img][file] PHP variable, allowing an attacker to manipulate the $tmp_file passed to move_uploaded_file() to save the uploaded file. By setting the parameter to (for example) ../usr/share/horde/static/bd.php, one can write a PHP backdoor inside the web root. The static/ destination folder is a good candidate to drop the backdoor because it is always writable in Horde installations. (The unsanitized POST parameter went probably unnoticed because it's never submitted by the forms, which default to securely using a random path.)
199 CVE-2019-9847 20 2019-05-09 2019-05-10
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability in LibreOffice hyperlink processing allows an attacker to construct documents containing hyperlinks pointing to the location of an executable on the target users file system. If the hyperlink is activated by the victim the executable target is unconditionally launched. Under Windows and macOS when processing a hyperlink target explicitly activated by the user there was no judgment made on whether the target was an executable file, so such executable targets were launched unconditionally. This issue affects: All LibreOffice Windows and macOS versions prior to 6.1.6; LibreOffice Windows and macOS versions in the 6.2 series prior to 6.2.3.
200 CVE-2019-9813 704 2019-04-26 2019-05-13
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.