CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
201 CVE-2019-12868 502 Exec Code 2019-06-17 2019-06-18
6.5
None Remote Low Single system Partial Partial Partial
app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator because the PHP file_exists function is used with user-controlled entries, and phar:// URLs trigger deserialization.
202 CVE-2019-12851 352 CSRF 2019-07-03 2019-07-10
6.8
None Remote Medium Not required Partial Partial Partial
A CSRF vulnerability was detected in one of the admin endpoints of JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49852.
203 CVE-2019-12839 77 Exec Code 2019-06-15 2019-06-17
6.5
None Remote Low Single system Partial Partial Partial
In OrangeHRM 4.3.1 and before, there is an input validation error within admin/listMailConfiguration (txtSendmailPath parameter) that allows authenticated attackers to achieve arbitrary command execution.
204 CVE-2019-12836 352 2019-06-21 2019-06-25
6.8
None Remote Medium Not required Partial Partial Partial
The Bobronix JEditor editor before 3.0.6 for Jira allows an attacker to add a URL/Link (to an existing issue) that can cause forgery of a request to an out-of-origin domain. This in turn may allow for a forged request that can be invoked in the context of an authenticated user, leading to stealing of session tokens and account takeover.
205 CVE-2019-12831 20 2019-06-15 2019-06-17
6.5
None Remote Low Single system Partial Partial Partial
In MyBB before 1.8.21, an attacker can abuse a default behavior of MySQL on many systems (that leads to truncation of strings that are too long for a database column) to create a PHP shell in the cache directory of a targeted forum via a crafted XML import, as demonstrated by truncation of aaaaaaaaaaaaaaaaaaaaaaaaaa.php.css to aaaaaaaaaaaaaaaaaaaaaaaaaa.php with a 30-character limit, aka theme import stylesheet name RCE.
206 CVE-2019-12828 19 Exec Code 2019-06-14 2019-06-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Electronic Arts Origin before 10.5.39. Due to improper sanitization of the origin:// and origin2:// URI schemes, it is possible to inject additional arguments into the Origin process and ultimately leverage code execution by loading a backdoored Qt plugin remotely via the platformpluginpath argument supplied with a Windows network share.
207 CVE-2019-12826 352 Exec Code CSRF 2019-07-01 2019-07-31
6.8
None Remote Medium Not required Partial Partial Partial
A Cross-Site-Request-Forgery (CSRF) vulnerability in widget_logic.php in the 2by2host Widget Logic plugin before 5.10.2 for WordPress allows remote attackers to execute PHP code via snippets (that are attached to widgets and then eval'd to dynamically determine their visibility) by crafting a malicious POST request that tricks administrators into adding the code.
208 CVE-2019-12817 119 Overflow 2019-06-25 2019-06-28
6.9
None Local Medium Not required Complete Complete Complete
arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected.
209 CVE-2019-12816 264 Exec Code 2019-06-15 2019-06-20
6.5
None Remote Low Single system Partial Partial Partial
Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin users to escalate privileges and execute arbitrary code by loading a module with a crafted name.
210 CVE-2019-12807 119 Exec Code Overflow 2019-08-13 2019-08-19
6.8
None Remote Medium Not required Partial Partial Partial
Alzip 10.83 and earlier version contains a stack-based buffer overflow vulnerability, caused by improper bounds checking during the parsing of crafted ISO archive file format. By persuading a victim to open a specially-crafted ISO archive file, an attacker could execution arbitrary code.
211 CVE-2019-12806 119 Exec Code Overflow 2019-08-13 2019-08-19
6.8
None Remote Medium Not required Partial Partial Partial
UniSign 2.0.4.0 and earlier version contains a stack-based buffer overflow vulnerability which can overwrite the stack with arbitrary data, due to a buffer overflow in a library. That leads remote attacker to execute arbitrary code via crafted https packets.
212 CVE-2019-12802 119 DoS Overflow 2019-06-13 2019-07-16
6.8
None Remote Medium Not required Partial Partial Partial
In radare2 through 3.5.1, the rcc_context function of libr/egg/egg_lang.c mishandles changing context. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (invalid memory access in r_egg_lang_parsechar; invalid free in rcc_pusharg).
213 CVE-2019-12799 502 Exec Code Bypass 2019-06-13 2019-06-17
6.5
None Remote Low Single system Partial Partial Partial
In createInstanceFromNamedArguments in Shopware through 5.6.x, a crafted web request can trigger a PHP object instantiation vulnerability, which can result in an arbitrary deserialization if the right class is instantiated. An attacker can leverage this deserialization to achieve remote code execution. NOTE: this issue is a bypass for a CVE-2017-18357 whitelist patch.
214 CVE-2019-12794 255 2019-06-11 2019-06-11
6.0
None Remote Medium Single system Partial Partial Partial
An issue was discovered in MISP 2.4.108. Organization admins could reset credentials for site admins (organization admins have the inherent ability to reset passwords for all of their organization's users). This, however, could be abused in a situation where the host organization of an instance creates organization admins. An organization admin could set a password manually for the site admin or simply use the API key of the site admin to impersonate them. The potential for abuse only occurs when the host organization creates lower-privilege organization admins instead of the usual site admins. Also, only organization admins of the same organization as the site admin could abuse this.
215 CVE-2019-12790 125 DoS 2019-06-10 2019-07-16
6.8
None Remote Medium Not required Partial Partial Partial
In radare2 through 3.5.1, there is a heap-based buffer over-read in the r_egg_lang_parsechar function of egg_lang.c. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because of missing length validation in libr/egg/egg.c.
216 CVE-2019-12788 119 Overflow 2019-06-10 2019-06-12
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Photodex ProShow Producer v9.0.3797 (an application that runs with Administrator privileges). It is possible to perform a buffer overflow via a crafted file.
217 CVE-2019-12787 91 2019-06-10 2019-06-11
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. There is a command injection in HNAP1 SetWanSettings via an XML injection of the value of the Gateway key.
218 CVE-2019-12786 77 2019-06-10 2019-06-11
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. There is a command injection in HNAP1 SetWanSettings via an XML injection of the value of the IPAddress key.
219 CVE-2019-12779 59 2019-06-07 2019-07-19
6.6
None Local Low Not required None Complete Complete
libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames (under /dev/shm and /tmp) without O_EXCL.
220 CVE-2019-12760 502 Exec Code 2019-06-06 2019-07-05
6.0
None Remote Medium Single system Partial Partial Partial
** DISPUTED ** A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code Execution. NOTE: This is disputed because "the cache directory is not under control of the attacker in any common configuration."
221 CVE-2019-12744 77 Exec Code 2019-06-20 2019-06-24
6.0
None Remote Medium Single system Partial Partial Partial
SeedDMS before 5.1.11 allows Remote Command Execution (RCE) because of unvalidated file upload of PHP scripts, a different vulnerability than CVE-2018-12940.
222 CVE-2019-12742 287 2019-06-05 2019-06-06
6.5
None Remote Low Single system Partial Partial Partial
Bludit prior to 3.9.1 allows a non-privileged user to change the password of any account, including admin. This occurs because of bl-kernel/admin/controllers/user-password.php Insecure Direct Object Reference (a modified username POST parameter).
223 CVE-2019-12739 78 Exec Code 2019-06-05 2019-06-06
6.5
None Remote Low Single system Partial Partial Partial
lib/Controller/ExtractionController.php in the Extract add-on before 1.2.0 for Nextcloud allows Remote Code Execution via shell metacharacters in a RAR filename via ajax/extractRar.php (nameOfFile and directory parameters).
224 CVE-2019-12728 669 2019-06-04 2019-06-04
6.8
None Remote Medium Not required Partial Partial Partial
Grails before 3.3.10 used cleartext HTTP to resolve the SDKMan notification service. NOTE: users' apps were not resolving dependencies over cleartext HTTP.
225 CVE-2019-12591 77 2019-06-03 2019-06-03
6.5
None Remote Low Single system Partial Partial Partial
NETGEAR Insight Cloud with firmware before Insight 5.6 allows remote authenticated users to achieve command injection.
226 CVE-2019-12583 264 DoS 2019-06-27 2019-06-28
6.4
None Remote Low Not required None Partial Partial
Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial of Service.
227 CVE-2019-12573 59 DoS 2019-07-11 2019-07-16
6.6
None Local Low Not required None Complete Complete
A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for Linux and macOS could allow an authenticated, local attacker to overwrite arbitrary files. The openvpn_launcher binary is setuid root. This binary supports the --log option, which accepts a path as an argument. This parameter is not sanitized, which allows a local unprivileged user to overwrite arbitrary files owned by any user on the system, including root. This creates a denial of service condition and possible data loss if leveraged by a malicious local user.
228 CVE-2019-12571 59 DoS 2019-07-11 2019-07-16
6.6
None Local Low Not required None Complete Complete
A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v0.9.8 beta (build 02099) for macOS could allow an authenticated, local attacker to overwrite arbitrary files. When the client initiates a connection, the XML /tmp/pia-watcher.plist file is created. If the file exists, it will be truncated and the contents completely overwritten. This file is removed on disconnect. An unprivileged user can create a hard or soft link to arbitrary files owned by any user on the system, including root. This creates a denial of service condition and possible data loss if leveraged by a malicious local user.
229 CVE-2019-12570 89 Exec Code Sql 2019-07-03 2019-07-05
6.5
None Remote Low Single system Partial Partial Partial
A SQL injection vulnerability in the Xpert Solution "Server Status by Hostname/IP" plugin 4.6 for WordPress allows an authenticated user to execute arbitrary SQL commands via GET parameters.
230 CVE-2019-12548 94 Exec Code 2019-06-03 2019-06-04
6.5
None Remote Low Single system Partial Partial Partial
Bludit before 3.9.0 allows remote code execution for an authenticated user by uploading a php file while changing the logo through /admin/ajax/upload-logo.
231 CVE-2019-12527 119 Overflow 2019-07-11 2019-07-18
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user controlled data.
232 CVE-2019-12483 119 Overflow 2019-05-30 2019-06-30
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in GPAC 0.7.1. There is a heap-based buffer overflow in the function ReadGF_IPMPX_RemoveToolNotificationListener in odf/ipmpx_code.c in libgpac.a, as demonstrated by MP4Box.
233 CVE-2019-12466 352 CSRF 2019-07-10 2019-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Wikimedia MediaWiki through 1.32.1 allows CSRF.
234 CVE-2019-12448 362 2019-05-29 2019-07-07
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement query_info_on_read/write.
235 CVE-2019-12374 89 Sql 2019-06-03 2019-06-04
6.8
None Remote Medium Not required Partial Partial Partial
A SQL Injection vulnerability exists in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 due to improper username sanitization in the Basic Authentication implementation in core/provisioning.secure/ProvisioningSecure.asmx in Provisioning.Secure.dll.
236 CVE-2019-12363 352 CSRF 2019-07-11 2019-07-17
6.8
None Remote Medium Not required Partial Partial Partial
An CSRF issue was discovered in the JN-Jones MyBB-2FA plugin through 2014-11-05 for MyBB. An attacker can forge a request to an installed mybb2fa plugin to control its state via usercp.php?action=mybb2fa&do=deactivate (or usercp.php?action=mybb2fa&do=activate). A deactivate operation lowers the security of the targeted account by disabling two factor authentication.
237 CVE-2019-12303 77 Exec Code 2019-06-06 2019-06-10
6.5
None Remote Low Single system Partial Partial Partial
In Rancher 2 through 2.2.3, Project owners can inject additional fluentd configuration to read files or execute arbitrary commands inside the fluentd container.
238 CVE-2019-12293 125 2019-05-23 2019-06-06
6.8
None Remote Medium Not required Partial Partial Partial
In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.
239 CVE-2019-12291 284 2019-06-06 2019-06-10
6.4
None Remote Low Not required None Partial Partial
HashiCorp Consul 1.4.0 through 1.5.0 has Incorrect Access Control. Keys not matching a specific ACL rule used for prefix matching in a policy can be deleted by a token using that policy even with default deny settings configured.
240 CVE-2019-12280 427 2019-06-25 2019-06-26
6.8
None Remote Medium Not required Partial Partial Partial
PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element.
241 CVE-2019-12270 275 2019-05-21 2019-05-22
6.8
None Remote Medium Not required Partial Partial Partial
OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4 configure excessive permissions by default on Windows. During installation, a displaylistcache file share is created on the Windows server with full read and write permissions for the Everyone group at both the NTFS and Share levels. The share is used to retrieve documents for processing, and to store processed documents for display in the browser. The only required share level access is read/write by the JobProcessor service account. At the local filesystem level, the only additional required permissions would be read/write from the servlet engine, such as Tomcat. (The affected server components are not installed with Content Server by default, and must be installed separately.) NOTE: the vendor's position is that customers are not supposed to use this default setting without consulting the documentation.
242 CVE-2019-12263 119 Overflow 2019-08-09 2019-08-19
6.8
None Remote Medium Not required Partial Partial Partial
Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition.
243 CVE-2019-12251 89 Sql 2019-05-21 2019-05-21
6.5
None Remote Low Single system Partial Partial Partial
sadmin/ceditpost.php in UCMS 1.4.7 allows SQL Injection via the index.php?do=sadmin_ceditpost cvalue parameter.
244 CVE-2019-12239 89 Sql CSRF 2019-05-20 2019-08-03
6.5
None Remote Low Single system Partial Partial Partial
The WP Booking System plugin 1.5.1 for WordPress has no CSRF protection, which allows attackers to reach certain SQL injection issues that require administrative access.
245 CVE-2019-12219 415 2019-05-20 2019-07-22
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an invalid free error in the SDL function SDL_SetError_REAL at SDL_error.c.
246 CVE-2019-12181 264 2019-06-17 2019-06-18
6.5
None Remote Low Single system Partial Partial Partial
A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux.
247 CVE-2019-12173 20 Exec Code 2019-05-17 2019-05-20
6.8
None Remote Medium Not required Partial Partial Partial
MacDown 0.7.1 (870) allows remote code execution via a file:\\\ URI, with a .app pathname, in the HREF attribute of an A element. This is different from CVE-2019-12138.
248 CVE-2019-12172 20 Exec Code 2019-05-17 2019-05-21
6.8
None Remote Medium Not required Partial Partial Partial
Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137.
249 CVE-2019-12169 434 Exec Code Dir. Trav. 2019-06-03 2019-08-05
6.8
None Remote Medium Not required Partial Partial Partial
ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, resulting in remote code execution via a ".." pathname in a ZIP archive to the mods/_core/languages/language_import.php (aka Import New Language) or mods/_standard/patcher/index_admin.php (aka Patcher) component.
250 CVE-2019-12154 611 DoS 2019-06-11 2019-06-13
6.4
None Remote Low Not required Partial None Partial
XXE in the XML parser library in RealObjects PDFreactor before 10.1.10722 allows attackers to supply malicious XML content in externally referenced resources, leading to disclosure of local file contents and/or denial of service conditions.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.