CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
151 CVE-2019-13241 20 Dir. Trav. 2019-07-04 2019-07-15
6.8
None Remote Medium Not required Partial Partial Partial
FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction.
152 CVE-2019-13229 59 2019-07-04 2019-08-14
6.6
None Local Low Not required None Complete Complete
deepin-clone before 1.1.3 uses a fixed path /tmp/partclone.log in the Helper::getPartitionSizeInfo() function to write a log file as root, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker controlled.
153 CVE-2019-13228 59 2019-07-04 2019-07-27
6.6
None Local Medium Not required Partial Complete Complete
deepin-clone before 1.1.3 uses a fixed path /tmp/repo.iso in the BootDoctor::fix() function to download an ISO file, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker controlled. By winning a race condition to replace the /tmp/repo.iso symlink by an attacker controlled ISO file, further privilege escalation may be possible.
154 CVE-2019-13227 59 2019-07-04 2019-07-27
6.6
None Local Low Not required None Complete Complete
In GUI mode, deepin-clone before 1.1.3 creates a log file at the fixed path /tmp/.deepin-clone.log as root, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker controlled.
155 CVE-2019-13226 59 2019-07-04 2019-07-27
6.9
None Local Medium Not required Complete Complete Complete
deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/<block-dev-basename> in the Helper::temporaryMountDevice() function to temporarily mount a file system as root. An unprivileged user can prepare a symlink at this location to have the file system mounted in an arbitrary location. By winning a race condition, the attacker can also enter the mount point, thereby preventing a subsequent unmount of the file system.
156 CVE-2019-13183 352 CSRF 2019-07-07 2019-07-09
6.8
None Remote Medium Not required Partial Partial Partial
Flarum before 0.1.0-beta.9 allows CSRF against all POST endpoints, as demonstrated by changing admin settings.
157 CVE-2019-13178 362 2019-07-02 2019-08-12
6.8
None Remote Medium Not required Partial Partial Partial
modules/luksbootkeyfile/main.py in Calamares versions 3.1 through 3.2.10 has a race condition between the time when the LUKS encryption keyfile is created and when secure permissions are set.
158 CVE-2019-13173 20 2019-07-02 2019-08-12
6.4
None Remote Low Not required None Partial Partial
fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable.
159 CVE-2019-13155 77 2019-07-02 2019-07-02
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the IP Address in Add Virtual Server.
160 CVE-2019-13154 77 2019-07-02 2019-07-02
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the TCP Ports To Open in Add Gaming Rule.
161 CVE-2019-13153 77 2019-07-02 2019-07-02
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the Private Port in Add Virtual Server.
162 CVE-2019-13152 77 2019-07-02 2019-07-02
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the IP Address in Add Gaming Rule.
163 CVE-2019-13151 77 2019-07-02 2019-07-02
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the action set_sta_enrollee_pin_5g and the key wps_sta_enrollee_pin.
164 CVE-2019-13150 77 2019-07-02 2019-07-02
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication). The command injection exists in the key ip_addr.
165 CVE-2019-13149 77 2019-07-02 2019-07-02
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the key passwd in Routing RIP Settings.
166 CVE-2019-13148 77 2019-07-02 2019-07-02
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the UDP Ports To Open in Add Gaming Rule.
167 CVE-2019-13142 264 2019-07-09 2019-07-15
6.6
None Local Low Not required None Complete Complete
The RzSurroundVADStreamingService (RzSurroundVADStreamingService.exe) in Razer Surround 1.1.63.0 runs as the SYSTEM user using an executable located in %PROGRAMDATA%\Razer\Synapse\Devices\Razer Surround\Driver\. The DACL on this folder allows any user to overwrite contents of files in this folder, resulting in Elevation of Privilege.
168 CVE-2019-13136 190 Overflow 2019-07-01 2019-07-02
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick before 7.0.8-50 has an integer overflow vulnerability in the function TIFFSeekCustomStream in coders/tiff.c.
169 CVE-2019-13135 20 2019-07-01 2019-08-16
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c.
170 CVE-2019-13125 264 2019-07-01 2019-07-10
6.8
None Remote Medium Not required Partial Partial Partial
HaboMalHunter through 2.0.0.3 in Tencent Habo allows attackers to evade dynamic malware analysis via PIE compilation.
171 CVE-2019-13105 415 2019-08-06 2019-08-13
6.8
None Remote Medium Not required Partial Partial Partial
Das U-Boot versions 2019.07-rc1 through 2019.07-rc4 can double-free a cached block of data when listing files in a crafted ext4 filesystem.
172 CVE-2019-13104 119 Overflow 2019-08-06 2019-08-13
6.8
None Remote Medium Not required Partial Partial Partial
In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem.
173 CVE-2019-13103 399 2019-07-29 2019-08-06
6.4
None Remote Low Not required None Partial Partial
A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data.
174 CVE-2019-13085 787 2019-06-30 2019-07-03
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000030ecfa.
175 CVE-2019-13084 787 2019-06-30 2019-07-03
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000026b739.
176 CVE-2019-13083 787 2019-06-30 2019-07-03
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000384e2a.
177 CVE-2019-13071 352 CSRF 2019-07-10 2019-07-17
6.8
None Remote Medium Not required Partial Partial Partial
CSRF in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows an attacker to submit POST requests to any forms in the web application. This can be exploited by tricking an authenticated user into visiting an attacker controlled web page.
178 CVE-2019-13056 352 CSRF 2019-07-02 2019-07-03
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in CyberPanel through 1.8.4. On the user edit page, an attacker can edit the administrator's e-mail and password because of the lack of CSRF protection.
179 CVE-2019-13045 416 2019-06-29 2019-07-03
6.8
None Remote Medium Not required Partial Partial Partial
Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when SASL is enabled, has a use after free when sending SASL login to the server.
180 CVE-2019-13031 611 2019-06-28 2019-07-05
6.8
None Remote Medium Not required Partial Partial Partial
LemonLDAP::NG before 1.9.20 has an XML External Entity (XXE) issue when submitting a notification to the notification server. By default, the notification server is not enabled and has a "deny all" rule.
181 CVE-2019-13028 284 Exec Code 2019-06-28 2019-07-05
6.8
None Remote Medium Not required Partial Partial Partial
An incorrect implementation of a local web server in eID client (Windows version before 3.1.2, Linux version before 3.0.3) allows remote attackers to execute arbitrary code (.cgi, .pl, or .php) or delete arbitrary files via a crafted HTML page. This is a product from the Ministry of Interior of the Slovak Republic.
182 CVE-2019-12994 918 2019-08-08 2019-08-16
6.5
None Remote Low Single system Partial Partial Partial
Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL.
183 CVE-2019-12981 119 Overflow 2019-06-26 2019-07-02
6.8
None Remote Medium Not required Partial Partial Partial
Ming (aka libming) 0.4.8 has an "fill overflow" vulnerability in the function SWFShape_setLeftFillStyle in blocks/shape.c.
184 CVE-2019-12979 665 2019-06-26 2019-06-28
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the SyncImageSettings function in MagickCore/image.c. This is related to AcquireImage in magick/image.c.
185 CVE-2019-12978 665 2019-06-26 2019-06-28
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the ReadPANGOImage function in coders/pango.c.
186 CVE-2019-12977 665 2019-06-26 2019-06-28
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the WriteJP2Image function in coders/jp2.c.
187 CVE-2019-12961 74 2019-06-25 2019-06-25
6.8
None Remote Medium Not required Partial Partial Partial
LiveZilla Server before 8.0.1.1 is vulnerable to CSV Injection in the Export Function.
188 CVE-2019-12959 918 2019-08-08 2019-08-16
6.5
None Remote Low Single system Partial Partial Partial
Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL in a parameter.
189 CVE-2019-12957 125 DoS +Info 2019-06-24 2019-06-25
6.8
None Remote Medium Not required Partial Partial Partial
In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C::convertToType1 in fofi/FoFiType1C.cc when the index number is larger than the charset array bounds. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact.
190 CVE-2019-12948 749 DoS Exec Code 2019-07-29 2019-08-06
6.5
None Remote Low Single system Partial Partial Partial
A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote attacker with admin privileges to cause a denial of service (DoS) condition or execute arbitrary code.
191 CVE-2019-12936 20 2019-06-23 2019-07-10
6.0
None Remote Medium Single system Partial Partial Partial
BlueStacks App Player 2, 3, and 4 before 4.90 allows DNS Rebinding for attacks on exposed IPC functions.
192 CVE-2019-12934 352 XSS CSRF 2019-07-19 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the wp-code-highlightjs plugin through 0.6.2 for WordPress. wp-admin/options-general.php?page=wp-code-highlight-js allows CSRF, as demonstrated by an XSS payload in the hljs_additional_css parameter.
193 CVE-2019-12926 284 2019-07-08 2019-07-16
6.5
None Remote Low Single system Partial Partial Partial
MailEnable Enterprise Premium 10.23 did not use appropriate access control checks in a number of areas. As a result, it was possible to perform a number of actions, when logged in as a user, that that user should not have had permission to perform. It was also possible to gain access to areas within the application for which the accounts used were supposed to have insufficient access.
194 CVE-2019-12925 22 Dir. Trav. 2019-07-08 2019-07-16
6.5
None Remote Low Single system Partial Partial Partial
MailEnable Enterprise Premium 10.23 was vulnerable to multiple directory traversal issues, with which authenticated users could add, remove, or potentially read files in arbitrary folders accessible by the IIS user. This could lead to reading other users' credentials including those of SYSADMIN accounts, reading other users' emails, or adding emails or files to other users' accounts.
195 CVE-2019-12901 264 2019-06-19 2019-06-21
6.5
None Remote Low Single system Partial Partial Partial
Pydio Cells before 1.5.0 fails to neutralize '../' elements, allowing an attacker with minimum privilege to Upload files to, and Delete files/folders from, an unprivileged directory, leading to Privilege escalation.
196 CVE-2019-12887 284 2019-06-27 2019-07-01
6.8
None Remote Medium Not required Partial Partial Partial
KeyIdentity LinOTP before 2.10.5.3 has Incorrect Access Control (issue 1 of 2).
197 CVE-2019-12872 89 Sql 2019-06-18 2019-06-18
6.5
None Remote Low Single system Partial Partial Partial
dotCMS before 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker of the role Publisher via view_unpushed_bundles.jsp.
198 CVE-2019-12871 416 Exec Code 2019-06-24 2019-06-27
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to a Use-After-Free and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation.
199 CVE-2019-12870 824 Exec Code 2019-06-24 2019-06-27
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Uninitialized Pointer and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation.
200 CVE-2019-12869 125 Exec Code 2019-06-24 2019-06-27
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-Of-Bounds Read, Information Disclosure, and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.