CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
251 CVE-2019-10269 119 Overflow 2019-03-29 2019-08-06
10.0
None Remote Low Not required Complete Complete Complete
BWA (aka Burrow-Wheeler Aligner) before 2019-01-23 has a stack-based buffer overflow in the bns_restore function in bntseq.c via a long sequence name in a .alt file.
252 CVE-2019-10267 434 Exec Code 2019-07-26 2019-07-31
9.0
None Remote Low Single system Complete Complete Complete
An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50. It is possible to upload a file into any directory of the server. One can insert a JSP shell into the web server's directory and execute it. This leads to full access to the system, as the configured user (e.g., Administrator).
253 CVE-2019-10164 119 Exec Code Overflow 2019-06-26 2019-07-21
9.0
None Remote Low Single system Complete Complete Complete
PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account.
254 CVE-2019-10125 94 2019-03-27 2019-06-14
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by the close of a pair of pipes) after the return of vfs_poll(), and this will cause a use-after-free.
255 CVE-2019-10048 78 Exec Code 2019-05-31 2019-06-03
9.0
None Remote Low Single system Complete Complete Complete
The ImageMagick plugin that is installed by default in Pydio through 8.2.2 does not perform the appropriate validation and sanitization of user supplied input in the plugin's configuration options, allowing arbitrary shell commands to be entered that result in command execution on the underlying operating system, with the privileges of the local user running the web server. The attacker must be authenticated into the application with an administrator user account in order to be able to edit the affected plugin configuration.
256 CVE-2019-9949 59 Exec Code 2019-05-23 2019-05-28
9.0
None Remote Low Single system Complete Complete Complete
Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100, DL2100, DL4100, PR2100 and PR4100 before firmware 2.31.183 are affected by a code execution (as root, starting from a low-privilege user session) vulnerability. The cgi-bin/webfile_mgr.cgi file allows arbitrary file write by abusing symlinks. Specifically, this occurs by uploading a tar archive that contains a symbolic link, then uploading another archive that writes a file to the link using the "cgi_untar" command. Other commands might also be susceptible. Code can be executed because the "name" parameter passed to the cgi_unzip command is not sanitized.
257 CVE-2019-9933 119 Overflow 2019-08-28 2019-09-03
10.0
None Remote Low Not required Complete Complete Complete
Various Lexmark products have a Buffer Overflow (issue 3 of 3).
258 CVE-2019-9932 119 Overflow 2019-08-28 2019-09-03
10.0
None Remote Low Not required Complete Complete Complete
Various Lexmark products have a Buffer Overflow (issue 2 of 3).
259 CVE-2019-9930 190 Overflow 2019-08-28 2019-08-29
10.0
None Remote Low Not required Complete Complete Complete
Various Lexmark products have an Integer Overflow.
260 CVE-2019-9929 275 2019-06-06 2019-06-07
9.0
None Remote Low Single system Complete Complete Complete
Northern.tech CFEngine Enterprise 3.12.1 has Insecure Permissions.
261 CVE-2019-9891 264 Exec Code 2019-05-31 2019-06-04
10.0
None Remote Low Not required Complete Complete Complete
The function getopt_simple as described in Advanced Bash Scripting Guide (ISBN 978-1435752184) allows privilege escalation and execution of commands when used in a shell script called, for example, via sudo.
262 CVE-2019-9884 264 Bypass 2019-07-25 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
eClass platform < ip.2.5.10.2.1 allows an attacker to use GETS method to request /admin page to bypass the password validation and access management page.
263 CVE-2019-9871 264 Exec Code 2019-05-31 2019-06-03
10.0
None Remote Low Not required Complete Complete Complete
Jector Smart TV FM-K75 devices allow remote code execution because there is an adb open port with root permission.
264 CVE-2019-9863 326 2019-03-27 2019-03-28
10.0
None Remote Low Not required Complete Complete Complete
Due to the use of an insecure algorithm for rolling codes in the ABUS Secvest wireless alarm system FUAA50000 3.01.01 and its remote controls FUBE50014 and FUBE50015, an attacker is able to predict valid future rolling codes, and can thus remotely control the alarm system in an unauthorized way.
265 CVE-2019-9743 77 2019-03-26 2019-04-05
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered on PHOENIX CONTACT RAD-80211-XD and RAD-80211-XD/HP-BUS devices. Command injection can occur in the WebHMI component.
266 CVE-2019-9653 77 Exec Code 2019-05-31 2019-06-03
10.0
None Remote Low Not required Complete Complete Complete
NUUO Network Video Recorder Firmware 1.7.x through 3.3.x allows unauthenticated attackers to execute arbitrary commands via shell metacharacters to handle_load_config.php.
267 CVE-2019-9505 20 Exec Code 2019-05-08 2019-05-10
10.0
None Remote Low Not required Complete Complete Complete
The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not sanitize special characters allowing for remote unauthorized changes to configuration files. An unauthenticated attacker may be able to remotely execute arbitrary code with SYSTEM privileges.
268 CVE-2019-9486 284 Exec Code 2019-04-30 2019-05-03
9.0
None Remote Low Single system Complete Complete Complete
STRATO HiDrive Desktop Client 5.0.1.0 for Windows suffers from a SYSTEM privilege escalation vulnerability through the HiDriveMaintenanceService service. This service establishes a NetNamedPipe endpoint that allows applications to connect and call publicly exposed methods. An attacker can inject and execute code by hijacking the insecure communications with the service. This vulnerability also affects Telekom MagentaCLOUD through 5.7.0.0 and 1&1 Online Storage through 6.1.0.0.
269 CVE-2019-9193 78 Exec Code 2019-04-01 2019-10-10
9.0
None Remote Low Single system Complete Complete Complete
** DISPUTED ** In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary operating system commands on Windows, Linux, and macOS. NOTE: Third parties claim/state this is not an issue because PostgreSQL functionality for ?COPY TO/FROM PROGRAM? is acting as intended. References state that in PostgreSQL, a superuser can execute commands as the server user without using the ?COPY FROM PROGRAM?.
270 CVE-2019-9189 434 Exec Code 2019-06-05 2019-07-31
9.0
None Remote Low Single system Complete Complete Complete
Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application allows the upload of arbitrary Python scripts when configuring the main central controller. These scripts can be immediately executed because of root code execution, not as a web server user, allowing an authenticated attacker to gain full system access.
271 CVE-2019-9161 77 Exec Code 2019-04-18 2019-04-19
10.0
None Remote Low Not required Complete Complete Complete
WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a Remote Code Execution issue allowing remote attackers to achieve full access to the system, because shell metacharacters in the nginx_webconsole.php Cookie header can be used to read an etc/config/wac/wns_cfg_admin_detail.xml file containing the admin password. (The password for root is the WebUI admin password concatenated with a static string.)
272 CVE-2019-9160 798 2019-04-18 2019-04-19
10.0
None Remote Low Not required Complete Complete Complete
WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a backdoor account allowing a remote attacker to login to the system via SSH (on TCP port 22345) and escalate to root (because the password for root is the WebUI admin password concatenated with a static string).
273 CVE-2019-8985 119 DoS Exec Code Overflow 2019-02-21 2019-03-28
9.0
None Remote Low Not required Partial Partial Complete
On Netis WF2411 with firmware 2.1.36123 and other Netis WF2xxx devices (possibly WF2411 through WF2880), there is a stack-based buffer overflow that does not require authentication. This can cause denial of service (device restart) or remote code execution. This vulnerability can be triggered by a GET request with a long HTTP "Authorization: Basic" header that is mishandled by user_auth->user_ok in /bin/boa.
274 CVE-2019-8371 94 Exec Code 2019-09-16 2019-09-16
9.0
None Remote Low Single system Complete Complete Complete
OpenEMR v5.0.1-6 allows code execution.
275 CVE-2019-8285 119 Exec Code Overflow 2019-05-08 2019-05-10
9.0
None Remote Low Single system Complete Complete Complete
Kaspersky Lab Antivirus Engine version before 04.apr.2019 has a heap-based buffer overflow vulnerability that potentially allow arbitrary code execution
276 CVE-2019-8074 22 Dir. Trav. Bypass 2019-09-27 2019-10-01
10.0
None Remote Low Not required Complete Complete Complete
ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Path Traversal vulnerability. Successful exploitation could lead to Access Control Bypass in the context of the current user.
277 CVE-2019-8073 74 Exec Code 2019-09-27 2019-10-01
10.0
None Remote Low Not required Complete Complete Complete
ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection via Vulnerable component vulnerability. Successful exploitation could lead to Arbitrary code execution in the context of the current user.
278 CVE-2019-8070 416 Exec Code 2019-09-12 2019-09-13
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Use after free vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.
279 CVE-2019-8069 346 Exec Code 2019-09-12 2019-09-13
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Same Origin Method Execution vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.
280 CVE-2019-8060 77 Exec Code 2019-08-20 2019-08-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution .
281 CVE-2019-8049 119 Exec Code Overflow 2019-08-20 2019-08-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
282 CVE-2019-8001 787 Exec Code 2019-08-26 2019-08-27
10.0
None Remote Low Not required Complete Complete Complete
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.
283 CVE-2019-7998 787 Exec Code 2019-08-26 2019-08-27
10.0
None Remote Low Not required Complete Complete Complete
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.
284 CVE-2019-7997 787 Exec Code 2019-08-26 2019-08-27
10.0
None Remote Low Not required Complete Complete Complete
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.
285 CVE-2019-7994 787 Exec Code 2019-08-26 2019-08-27
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.
286 CVE-2019-7993 119 Exec Code Overflow 2019-08-26 2019-08-27
10.0
None Remote Low Not required Complete Complete Complete
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
287 CVE-2019-7992 787 Exec Code 2019-08-26 2019-08-27
10.0
None Remote Low Not required Complete Complete Complete
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.
288 CVE-2019-7990 119 Exec Code Overflow 2019-08-26 2019-08-27
10.0
None Remote Low Not required Complete Complete Complete
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
289 CVE-2019-7976 787 Exec Code 2019-08-26 2019-08-27
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.
290 CVE-2019-7975 704 Exec Code 2019-08-26 2019-08-28
10.0
None Remote Low Not required Complete Complete Complete
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
291 CVE-2019-7974 704 Exec Code 2019-08-26 2019-08-28
10.0
None Remote Low Not required Complete Complete Complete
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
292 CVE-2019-7973 704 Exec Code 2019-08-26 2019-08-28
10.0
None Remote Low Not required Complete Complete Complete
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
293 CVE-2019-7972 704 Exec Code 2019-08-26 2019-08-28
10.0
None Remote Low Not required Complete Complete Complete
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
294 CVE-2019-7971 704 Exec Code 2019-08-26 2019-08-28
10.0
None Remote Low Not required Complete Complete Complete
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
295 CVE-2019-7970 704 Exec Code 2019-08-26 2019-08-28
10.0
None Remote Low Not required Complete Complete Complete
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
296 CVE-2019-7969 704 Exec Code 2019-08-26 2019-08-28
10.0
None Remote Low Not required Complete Complete Complete
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
297 CVE-2019-7968 77 Exec Code 2019-08-26 2019-08-27
10.0
None Remote Low Not required Complete Complete Complete
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
298 CVE-2019-7964 287 Exec Code Bypass 2019-08-16 2019-08-26
10.0
None Remote Low Not required Complete Complete Complete
Adobe Experience Manager versions 6.5, and 6.4 have an authentication bypass vulnerability. Successful exploitation could lead to remote code execution.
299 CVE-2019-7959 20 Exec Code 2019-08-16 2019-08-21
10.0
None Remote Low Not required Complete Complete Complete
Creative Cloud Desktop Application versions 4.6.1 and earlier have a using components with known vulnerabilities vulnerability. Successful exploitation could lead to arbitrary code execution.
300 CVE-2019-7958 264 2019-08-16 2019-08-21
10.0
None Remote Low Not required Complete Complete Complete
Creative Cloud Desktop Application versions 4.6.1 and earlier have an insecure inherited permissions vulnerability. Successful exploitation could lead to privilege escalation.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.