CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
251 CVE-2019-10912 502 2019-05-16 2019-07-12
6.5
None Remote Low Single system Partial Partial Partial
In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to. This is related to symfony/cache and symfony/phpunit-bridge.
252 CVE-2019-10911 287 2019-05-16 2019-05-17
6.0
None Remote Medium Single system Partial Partial Partial
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled. This is related to symfony/security.
253 CVE-2019-10905 94 Exec Code 2019-04-06 2019-04-10
6.8
None Remote Medium Not required Partial Partial Partial
Parsedown before 1.7.2, when safe mode is used and HTML markup is disabled, might allow attackers to execute arbitrary JavaScript code if a script (already running on the affected page) executes the contents of any element with a specific class. This occurs because spaces are permitted in code block infostrings, which interferes with the intended behavior of a single class name beginning with the language- substring.
254 CVE-2019-10888 352 CSRF 2019-04-05 2019-04-06
6.8
None Remote Medium Not required Partial Partial Partial
A CSRF Issue that can add an admin user was discovered in UKcms v1.1.10 via admin.php/admin/role/add.html.
255 CVE-2019-10874 352 Exec Code CSRF 2019-04-05 2019-04-08
6.8
None Remote Medium Not required Partial Partial Partial
Cross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable extensions in the file/edit/config/config.yml configuration file.
256 CVE-2019-10872 125 2019-04-05 2019-06-06
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc.
257 CVE-2019-10869 434 Exec Code 2019-05-07 2019-05-10
6.8
None Remote Medium Not required Partial Partial Partial
Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin before 3.0.23 for WordPress (when the Uploads add-on is activated). This allows an attacker to traverse the file system to access files and execute code via the includes/fields/upload.php (aka upload/submit page) name and tmp_name parameters.
258 CVE-2019-10867 502 2019-04-04 2019-05-03
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in Pimcore before 5.7.1. An attacker with classes permission can send a POST request to /admin/class/bulk-commit, which will make it possible to exploit the unserialize function when passing untrusted values in the data parameter to bundles/AdminBundle/Controller/Admin/DataObject/ClassController.php.
259 CVE-2019-10863 77 Exec Code 2019-04-04 2019-04-23
6.5
None Remote Low Single system Partial Partial Partial
A command injection vulnerability exists in TeemIp versions before 2.4.0. The new_config parameter of exec.php allows one to create a new PHP file with the exception of config information. The malicious PHP code sent is executed instantaneously and is not saved on the server.
260 CVE-2019-10852 89 Sql 2019-05-23 2019-05-24
6.5
None Remote Low Single system Partial Partial Partial
Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via the id GET parameter, as demonstrated by the index.php?m=servers&a=start_pulling&id= substring.
261 CVE-2019-10847 352 CSRF 2019-05-24 2019-05-28
6.8
None Remote Medium Not required Partial Partial Partial
Computrols CBAS 18.0.0 allows Cross-Site Request Forgery.
262 CVE-2019-10720 22 Exec Code Dir. Trav. 2019-06-21 2019-06-23
6.5
None Remote Low Single system Partial Partial Partial
BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution via the theme cookie to the File Manager. NOTE: this issue exists because of an incomplete fix for CVE-2019-6714.
263 CVE-2019-10719 22 Exec Code Dir. Trav. 2019-06-21 2019-06-23
6.5
None Remote Low Single system Partial Partial Partial
BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution because file creation is mishandled, related to /api/upload and BlogEngine.NET/AppCode/Api/UploadController.cs. NOTE: this issue exists because of an incomplete fix for CVE-2019-6714.
264 CVE-2019-10663 89 Sql 2019-03-30 2019-04-01
6.5
None Remote Low Single system Partial Partial Partial
Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to conduct SQL injection attacks via the sord parameter in a listCodeblueGroup API call to the /cgi? URI.
265 CVE-2019-10660 77 Exec Code 2019-03-30 2019-04-12
6.5
None Remote Low Single system Partial Partial Partial
Grandstream GXV3611IR_HD before 1.0.3.23 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the /goform/systemlog?cmd=set logserver field.
266 CVE-2019-10659 77 Exec Code 2019-03-30 2019-04-12
6.5
None Remote Low Single system Partial Partial Partial
Grandstream GXV3370 before 1.0.1.41 and WP820 before 1.0.3.6 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in a /manager?action=getlogcat priority field.
267 CVE-2019-10658 77 Exec Code 2019-03-30 2019-04-12
6.5
None Remote Low Single system Partial Partial Partial
Grandstream GWN7610 before 1.0.8.18 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/controller.icc.update_nds_webroot_from_tmp update_nds_webroot_from_tmp API call.
268 CVE-2019-10652 434 2019-03-30 2019-04-01
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in flatCore 1.4.7. acp/acp.php allows remote authenticated administrators to upload arbitrary .php files, related to the addons feature.
269 CVE-2019-10644 352 CSRF 2019-03-29 2019-04-01
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in HYBBS 2.2. /?admin/user.html has a CSRF vulnerability that can add an administrator account.
270 CVE-2019-10642 352 CSRF 2019-04-17 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
Contao 4.7 allows CSRF.
271 CVE-2019-10633 94 Exec Code 2019-04-09 2019-04-10
6.5
None Remote Low Single system Partial Partial Partial
An eval injection vulnerability in the Python web server routing on the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to execute arbitrary code via the tjp6jp6y4, simZysh, and ck6fup6 APIs.
272 CVE-2019-10631 77 Exec Code 2019-04-09 2019-04-10
6.5
None Remote Low Single system Partial Partial Partial
Shell Metacharacter Injection in the package installer on Zyxel NAS 326 version 5.21 and below allows an authenticated attacker to execute arbitrary code via multiple different requests.
273 CVE-2019-10340 352 CSRF 2019-07-11 2019-07-15
6.8
None Remote Medium Not required Partial Partial Partial
A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
274 CVE-2019-10338 352 CSRF 2019-06-11 2019-06-13
6.8
None Remote Medium Not required Partial Partial Partial
A cross-site request forgery vulnerability in Jenkins JX Resources Plugin 1.0.36 and earlier in GlobalPluginConfiguration#doValidateClient allowed attackers to have Jenkins connect to an attacker-specified Kubernetes server, potentially leaking credentials.
275 CVE-2019-10328 693 Bypass 2019-05-31 2019-06-03
6.5
None Remote Low Single system Partial Partial Partial
Jenkins Pipeline Remote Loader Plugin 1.4 and earlier provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection.
276 CVE-2019-10315 352 CSRF 2019-04-30 2019-05-06
6.8
None Remote Medium Not required Partial Partial Partial
Jenkins GitHub Authentication Plugin 0.31 and earlier did not use the state parameter of OAuth to prevent CSRF.
277 CVE-2019-10310 352 CSRF 2019-04-30 2019-05-06
6.8
None Remote Medium Not required Partial Partial Partial
A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins
278 CVE-2019-10306 254 Exec Code Bypass 2019-04-18 2019-04-24
6.5
None Remote Low Single system Partial Partial Partial
A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earlier allowed attackers with control over ontrack DSL definitions to execute arbitrary code on the Jenkins master JVM.
279 CVE-2019-10249 254 2019-05-06 2019-05-07
6.8
None Remote Medium Not required Partial Partial Partial
All Xtext & Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised.
280 CVE-2019-10248 669 2019-04-22 2019-04-26
6.8
None Remote Medium Not required Partial Partial Partial
Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected.
281 CVE-2019-10240 310 2019-04-03 2019-04-08
6.8
None Remote Medium Not required Partial Partial Partial
Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected.
282 CVE-2019-10237 352 CSRF 2019-03-27 2019-03-28
6.8
None Remote Medium Not required Partial Partial Partial
S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via the 4.edu.php/admin/ajax.php?type=admin&action=add&lang=0 URI, a related issue to CVE-2019-9040.
283 CVE-2019-10233 362 2019-03-27 2019-03-28
6.8
None Remote Medium Not required Partial Partial Partial
Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie.
284 CVE-2019-10147 200 +Info 2019-06-03 2019-06-04
6.9
None Local Medium Not required Complete Complete Complete
rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`. Processes run with `rkt enter` are not limited by cgroups during stage 2 (the actual environment in which the applications run). Compromised containers could exploit this flaw to access host resources.
285 CVE-2019-10145 200 +Info 2019-06-03 2019-06-04
6.9
None Local Medium Not required Complete Complete Complete
rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`. Processes run with `rkt enter` do not have seccomp filtering during stage 2 (the actual environment in which the applications run). Compromised containers could exploit this flaw to access host resources.
286 CVE-2019-10144 200 +Info 2019-06-03 2019-06-04
6.9
None Local Medium Not required Complete Complete Complete
rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`. Processes run with `rkt enter` are given all capabilities during stage 2 (the actual environment in which the applications run). Compromised containers could exploit this flaw to access host resources.
287 CVE-2019-10143 264 +Priv 2019-05-24 2019-07-09
6.9
None Local Medium Not required Complete Complete Complete
** DISPUTED ** It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated "there is simply no way for anyone to gain privileges through this alleged issue."
288 CVE-2019-10132 264 2019-05-22 2019-06-11
6.5
None Remote Low Single system Partial Partial Partial
A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons.
289 CVE-2019-10103 20 2019-07-03 2019-07-12
6.8
None Remote Medium Not required Partial Partial Partial
JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/JVM Server) IDE Template were resolving Gradle artifacts using an http connection, potentially allowing an MITM attack. This issue, which was fixed in Kotlin plugin version 1.3.30, is similar to CVE-2019-10101.
290 CVE-2019-10102 20 2019-07-03 2019-07-12
6.8
None Remote Medium Not required Partial Partial Partial
JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed in Kotlin plugin version 1.3.30.
291 CVE-2019-10101 310 2019-07-03 2019-07-10
6.8
None Remote Medium Not required Partial Partial Partial
JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack.
292 CVE-2019-10063 20 Exec Code Bypass 2019-03-26 2019-05-13
6.8
None Remote Medium Not required Partial Partial Partial
Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226 by using a seccomp filter to prevent sandboxed apps from using the TIOCSTI ioctl, which could otherwise be used to inject commands into the controlling terminal so that they would be executed outside the sandbox after the sandboxed app exits. This fix was incomplete: on 64-bit platforms, the seccomp filter could be bypassed by an ioctl request number that has TIOCSTI in its 32 least significant bits and an arbitrary nonzero value in its 32 most significant bits, which the Linux kernel would treat as equivalent to TIOCSTI.
293 CVE-2019-10060 119 Exec Code Overflow 2019-03-25 2019-03-28
6.8
None Remote Medium Not required Partial Partial Partial
The Verix Multi-app Conductor application 2.7 for Verifone Verix suffers from a buffer overflow vulnerability that allows attackers to execute arbitrary code via a long configuration key value. An attacker must be able to download files to the device in order to exploit this vulnerability.
294 CVE-2019-10045 384 2019-05-31 2019-06-03
6.4
None Remote Low Not required Partial Partial None
The "action" get_sess_id in the web application of Pydio through 8.2.2 discloses the session cookie value in the response body, enabling scripts to get access to its value. This identifier can be reused by an attacker to impersonate a user and perform actions on behalf of him/her (if the session is still active).
295 CVE-2019-10044 20 2019-03-25 2019-04-07
6.8
None Remote Medium Not required Partial Partial Partial
Telegram Desktop before 1.5.12 on Windows, and the Telegram applications for Android, iOS, and Linux, is vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets.
296 CVE-2019-10012 434 Exec Code 2019-03-25 2019-04-07
6.0
None Remote Medium Single system Partial Partial Partial
Jenzabar JICS (aka Internet Campus Solution) before 9 allows remote attackers to upload and execute arbitrary .aspx code by placing it in a ZIP archive and using the MoxieManager (for .NET) plugin before 2.1.4 in the moxiemanager directory within the installation folder ICS\ICS.NET\ICSFileServer.
297 CVE-2019-10008 384 2019-04-24 2019-04-25
6.5
None Remote Low Single system Partial Partial Partial
Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privilege escalation because an established guest session is automatically converted into an established administrator session when the guest user enters the administrator username, with an arbitrary incorrect password, in an mc/ login attempt within a different browser tab.
298 CVE-2019-9977 20 Exec Code 2019-03-24 2019-04-07
6.8
None Remote Medium Not required Partial Partial Partial
The renderer process in the entertainment system on Tesla Model 3 vehicles mishandles JIT compilation, which allows attackers to trigger firmware code execution, and display a crafted message to vehicle occupants.
299 CVE-2019-9974 285 2019-04-11 2019-04-12
6.4
None Remote Low Not required Partial None Partial
diag_tool.cgi on DASAN H660RM GPON routers with firmware 1.03-0022 lacks any authorization check, which allows remote attackers to run a ping command via a GET request to enumerate LAN devices or crash the router with a DoS attack.
300 CVE-2019-9958 352 CSRF 2019-06-24 2019-07-03
6.8
None Remote Medium Not required Partial Partial Partial
CSRF within the admin panel in Quadbase EspressReport ES (ERES) v7.0 update 7 allows remote attackers to escalate privileges, or create new admin accounts by crafting a malicious web page that issues specific requests, using a target admin's session to process their requests.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.