CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2351 CVE-2019-8669 787 Exec Code Mem. Corr. 2019-12-18 2021-05-18
9.3
None Remote Medium Not required Complete Complete Complete
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
2352 CVE-2019-8637 20 +Priv 2019-12-18 2019-12-19
9.3
None Remote Medium Not required Complete Complete Complete
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to gain root privileges.
2353 CVE-2019-8629 665 Exec Code 2019-12-18 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with system privileges.
2354 CVE-2019-8605 416 Exec Code 2019-12-18 2019-12-20
9.3
None Remote Medium Not required Complete Complete Complete
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to execute arbitrary code with system privileges.
2355 CVE-2019-8593 787 Exec Code Mem. Corr. 2019-12-18 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. An application may be able to execute arbitrary code with system privileges.
2356 CVE-2019-8590 Exec Code 2019-12-18 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with kernel privileges.
2357 CVE-2019-8574 787 Exec Code Mem. Corr. 2019-12-18 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. An application may be able to execute arbitrary code with system privileges.
2358 CVE-2019-8555 119 Exec Code Overflow 2019-12-18 2019-12-19
9.3
None Remote Medium Not required Complete Complete Complete
A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Mojave 10.14.4. A malicious application may be able to execute arbitrary code with kernel privileges.
2359 CVE-2019-8549 20 Exec Code 2019-12-18 2019-12-30
9.3
None Remote Medium Not required Complete Complete Complete
Multiple input validation issues existed in MIG generated code. These issues were addressed with improved validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to execute arbitrary code with system privileges.
2360 CVE-2019-8544 787 Exec Code Mem. Corr. 2019-12-18 2021-05-18
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
2361 CVE-2019-8539 Exec Code 2020-10-27 2020-10-30
9.3
None Remote Medium Not required Complete Complete Complete
A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. A malicious application may be able to execute arbitrary code with system privileges.
2362 CVE-2019-8536 787 Exec Code Mem. Corr. 2019-12-18 2021-05-18
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
2363 CVE-2019-8535 787 Exec Code Mem. Corr. 2019-12-18 2021-05-18
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
2364 CVE-2019-8527 120 Overflow 2019-12-18 2019-12-30
9.4
None Remote Low Not required None Complete Complete
A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.
2365 CVE-2019-8523 787 Exec Code Mem. Corr. 2019-12-18 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
2366 CVE-2019-8518 787 Exec Code Mem. Corr. 2019-12-18 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
2367 CVE-2019-8506 843 Exec Code 2019-12-18 2021-05-18
9.3
None Remote Medium Not required Complete Complete Complete
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
2368 CVE-2019-8503 20 2019-12-18 2019-12-31
9.3
None Remote Medium Not required Complete Complete Complete
A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. A malicious website may be able to execute scripts in the context of another website.
2369 CVE-2019-8371 94 Exec Code 2019-09-16 2019-09-16
9.0
None Remote Low ??? Complete Complete Complete
OpenEMR v5.0.1-6 allows code execution.
2370 CVE-2019-8319 78 Exec Code 2019-02-13 2021-04-23
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetStaticRouteIPv4Settings API function, as demonstrated by shell metacharacters in the Gateway field.
2371 CVE-2019-8318 78 Exec Code 2019-02-13 2021-04-23
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the twsystem function with untrusted input from the request body for the SetSysEmailSettings API function, as demonstrated by shell metacharacters in the SMTPServerPort field.
2372 CVE-2019-8317 78 Exec Code 2019-02-13 2021-04-23
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetStaticRouteIPv6Settings API function, as demonstrated by shell metacharacters in the DestNetwork field.
2373 CVE-2019-8316 78 Exec Code 2019-02-13 2021-04-23
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetWebFilterSettings API function, as demonstrated by shell metacharacters in the WebFilterURLs field.
2374 CVE-2019-8315 78 Exec Code 2019-02-13 2021-04-23
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the twsystem function with untrusted input from the request body for the SetIPv4FirewallSettings API function, as demonstrated by shell metacharacters in the SrcIPv4AddressRangeStart field.
2375 CVE-2019-8314 78 Exec Code 2019-02-13 2021-04-23
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetQoSSettings API function, as demonstrated by shell metacharacters in the IPAddress field.
2376 CVE-2019-8313 78 Exec Code 2019-02-13 2021-04-23
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the twsystem function with untrusted input from the request body for the SetIPv6FirewallSettings API function, as demonstrated by shell metacharacters in the SrcIPv6AddressRangeStart field.
2377 CVE-2019-8312 78 Exec Code 2019-02-13 2021-04-23
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the twsystem function with untrusted input from the request body for the SetSysLogSettings API function, as demonstrated by shell metacharacters in the IPAddress field.
2378 CVE-2019-8285 787 Exec Code Overflow 2019-05-08 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
Kaspersky Lab Antivirus Engine version before 04.apr.2019 has a heap-based buffer overflow vulnerability that potentially allow arbitrary code execution
2379 CVE-2019-8255 77 Exec Code 2019-12-19 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
Brackets versions 1.14 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
2380 CVE-2019-8254 787 Exec Code Mem. Corr. 2019-12-19 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Photoshop CC versions before 20.0.8 and 21.0.x before 21.0.2 have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
2381 CVE-2019-8253 787 Exec Code Mem. Corr. 2019-12-19 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Photoshop CC versions before 20.0.8 and 21.0.x before 21.0.2 have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
2382 CVE-2019-8248 787 Exec Code Mem. Corr. 2019-11-14 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
Adobe Illustrator CC versions 23.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution .
2383 CVE-2019-8247 787 Exec Code Mem. Corr. 2019-11-14 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
Adobe Illustrator CC versions 23.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution .
2384 CVE-2019-8246 787 Exec Code 2019-11-14 2019-11-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
2385 CVE-2019-8237 326 Bypass 2019-10-23 2020-07-06
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an insufficiently robust encryption vulnerability. Successful exploitation could lead to security feature bypass.
2386 CVE-2019-8196 476 Exec Code 2019-10-17 2019-11-11
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .
2387 CVE-2019-8195 476 Exec Code 2019-10-17 2019-11-11
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .
2388 CVE-2019-8186 787 Exec Code 2019-10-17 2019-10-22
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
2389 CVE-2019-8183 787 Exec Code Overflow 2019-10-17 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .
2390 CVE-2019-8159 78 Exec Code 2019-11-06 2019-11-07
9.0
None Remote Low ??? Complete Complete Complete
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with system data manipulation privileges can execute aribitrary code through arbitrary file deletion and OS command injection.
2391 CVE-2019-8074 22 Dir. Trav. Bypass 2019-09-27 2020-09-04
10.0
None Remote Low Not required Complete Complete Complete
ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Path Traversal vulnerability. Successful exploitation could lead to Access Control Bypass in the context of the current user.
2392 CVE-2019-8073 77 Exec Code 2019-09-27 2020-09-04
10.0
None Remote Low Not required Complete Complete Complete
ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection via Vulnerable component vulnerability. Successful exploitation could lead to Arbitrary code execution in the context of the current user.
2393 CVE-2019-8070 416 Exec Code 2019-09-12 2019-11-25
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Use after free vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.
2394 CVE-2019-8069 346 Exec Code 2019-09-12 2019-11-25
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Same Origin Method Execution vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.
2395 CVE-2019-8060 77 Exec Code 2019-08-20 2020-07-06
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution .
2396 CVE-2019-8049 787 Exec Code Overflow 2019-08-20 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .
2397 CVE-2019-8001 787 Exec Code 2019-08-26 2019-08-27
10.0
None Remote Low Not required Complete Complete Complete
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.
2398 CVE-2019-7998 787 Exec Code 2019-08-26 2019-08-27
10.0
None Remote Low Not required Complete Complete Complete
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.
2399 CVE-2019-7997 787 Exec Code 2019-08-26 2019-08-27
10.0
None Remote Low Not required Complete Complete Complete
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.
2400 CVE-2019-7994 787 Exec Code 2019-08-26 2019-08-27
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.