CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
301 CVE-2019-11362 89 Sql 2019-04-20 2019-04-22
7.5
None Remote Low Not required Partial Partial Partial
app/controllers/frontend/PostController.php in ROCBOSS V2.2.1 has SQL injection via the Post:doReward score paramter, as demonstrated by the /do/reward/3 URI.
302 CVE-2019-11356 119 Exec Code Overflow 2019-06-03 2019-06-10
7.5
None Remote Low Not required Partial Partial Partial
The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name.
303 CVE-2019-11344 434 Exec Code 2019-04-19 2019-04-22
7.5
None Remote Low Not required Partial Partial Partial
data/inc/files.php in Pluck 4.7.8 allows remote attackers to execute arbitrary code by uploading a .htaccess file that specifies SetHandler x-httpd-php for a .txt file, because only certain PHP-related filename extensions are blocked.
304 CVE-2019-11322 77 Exec Code 2019-04-18 2019-04-19
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function startRmtAssist in hnap, which leads to remote code execution via shell metacharacters in a JSON value.
305 CVE-2019-11320 264 2019-04-18 2019-04-19
7.5
None Remote Low Not required Partial Partial Partial
In Motorola CX2 1.01 and M2 1.01, users can access the router's /priv_mgt.html web page to launch telnetd, as demonstrated by the 192.168.51.1 address.
306 CVE-2019-11319 77 Exec Code 2019-04-18 2019-04-19
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function downloadFirmware in hnap, which leads to remote code execution via shell metacharacters in a JSON value.
307 CVE-2019-11272 255 2019-06-26 2019-06-27
7.5
None Remote Low Not required Partial Partial Partial
Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of "null".
308 CVE-2019-11235 345 2019-04-22 2019-05-13
7.5
None Remote Low Not required Partial Partial Partial
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499.
309 CVE-2019-11234 287 2019-04-22 2019-05-13
7.5
None Remote Low Not required Partial Partial Partial
FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.
310 CVE-2019-11229 20 Exec Code 2019-04-15 2019-04-16
7.5
None Remote Low Not required Partial Partial Partial
models/repo_mirror.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 mishandles mirror repo URL settings, leading to remote code execution.
311 CVE-2019-11223 434 Exec Code 2019-04-18 2019-08-01
7.5
None Remote Low Not required Partial Partial Partial
An Unrestricted File Upload Vulnerability in the SupportCandy plugin through 2.0.0 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension.
312 CVE-2019-11217 77 Exec Code 2019-04-24 2019-04-25
7.5
None Remote Low Not required Partial Partial Partial
The GitController in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows execution of arbitrary commands in the context of the web server via a crafted http request.
313 CVE-2019-11202 255 2019-07-30 2019-08-12
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered that affects the following versions of Rancher: v2.0.0 through v2.0.13, v2.1.0 through v2.1.8, and v2.2.0 through 2.2.1. When Rancher starts for the first time, it creates a default admin user with a well-known password. After initial setup, the Rancher administrator may choose to delete this default admin user. If Rancher is restarted, the default admin user will be recreated with the well-known default password. An attacker could exploit this by logging in with the default admin credentials. This can be mitigated by deactivating the default admin user rather than completing deleting them.
314 CVE-2019-11185 434 2019-06-03 2019-06-04
7.5
None Remote Low Not required Partial Partial Partial
The WP Live Chat Support Pro plugin through 8.0.26 for WordPress contains an arbitrary file upload vulnerability. This results from an incomplete patch for CVE-2018-12426. Arbitrary file upload is achieved by using a non-blacklisted executable file extension in conjunction with a whitelisted file extension, and prepending "magic bytes" to the payload to pass MIME checks. Specifically, an unauthenticated remote user submits a crafted file upload POST request to the REST api remote_upload endpoint. The file contains data that will fool the plugin's MIME check into classifying it as an image (which is a whitelisted file extension) and finally a trailing .phtml file extension.
315 CVE-2019-11119 20 2019-06-13 2019-06-24
7.5
None Remote Low Not required Partial Partial Partial
Insufficient session validation in the service API for Intel(R) RWC3 version 4.186 and before may allow an unauthenticated user to potentially enable escalation of privilege via network access.
316 CVE-2019-11076 77 2019-04-23 2019-04-29
7.5
None Remote Low Not required Partial Partial Partial
Cribl UI 1.5.0 allows remote attackers to run arbitrary commands via an unauthenticated web request.
317 CVE-2019-11072 190 DoS Overflow 2019-04-10 2019-04-23
7.5
None Remote Low Not required Partial Partial Partial
** DISPUTED ** lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burl_normalize_2F_to_slash_fix in burl.c. NOTE: The developer states "The feature which can be abused to cause the crash is a new feature in lighttpd 1.4.50, and is not enabled by default. It must be explicitly configured in the config file (e.g. lighttpd.conf). Certain input will trigger an abort() in lighttpd when that feature is enabled. lighttpd detects the underflow or realloc() will fail (in both 32-bit and 64-bit executables), also detected in lighttpd. Either triggers an explicit abort() by lighttpd. This is not exploitable beyond triggering the explicit abort() with subsequent application exit."
318 CVE-2019-11068 284 Bypass 2019-04-10 2019-06-13
7.5
None Remote Low Not required Partial Partial Partial
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
319 CVE-2019-11066 918 2019-05-10 2019-05-13
7.5
None Remote Low Not required Partial Partial Partial
openid.php in LightOpenID through 1.3.1 allows SSRF via a crafted OpenID 2.0 assertion request using the HTTP GET method.
320 CVE-2019-11059 119 Overflow 2019-05-10 2019-05-13
7.5
None Remote Low Not required Partial Partial Partial
Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit extension, resulting in a buffer overflow.
321 CVE-2019-11037 787 2019-05-03 2019-05-16
7.5
None Remote Low Not required Partial Partial Partial
In PHP imagick extension in versions between 3.3.0 and 3.4.4, writing to an array of values in ImagickKernel::fromMatrix() function did not check that the address will be within the allocated array. This could lead to out of bounds write to memory if the function is called with the data controlled by untrusted party.
322 CVE-2019-11011 502 Exec Code 2019-06-21 2019-06-23
7.5
None Remote Low Not required Partial Partial Partial
Akamai CloudTest before 58.30 allows remote code execution.
323 CVE-2019-11005 119 DoS Overflow 2019-04-08 2019-05-01
7.5
None Remote Low Not required Partial Partial Partial
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a quoted font family value.
324 CVE-2019-10997 119 Overflow 2019-06-17 2019-06-20
7.1
None Remote Medium Not required None None Complete
An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0 LTS devices. Protocol Fuzzing on PC WORX Engineer by a man in the middle attacker stops the PLC service. The device must be rebooted, or the PLC service must be restarted manually via a Linux shell.
325 CVE-2019-10993 476 Exec Code 2019-06-28 2019-07-02
7.5
None Remote Low Not required Partial Partial Partial
In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code.
326 CVE-2019-10991 119 Exec Code Overflow 2019-06-28 2019-07-02
7.5
None Remote Low Not required Partial Partial Partial
In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.
327 CVE-2019-10989 119 Exec Code Overflow 2019-06-28 2019-07-02
7.5
None Remote Low Not required Partial Partial Partial
In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. Note: A different vulnerability than CVE-2019-10991.
328 CVE-2019-10979 798 2019-07-01 2019-08-01
7.5
None Remote Low Not required Partial Partial Partial
SICK MSC800 all versions prior to Version 4.0, the affected firmware versions contain a hard-coded customer account password.
329 CVE-2019-10977 400 2019-05-23 2019-05-28
7.8
None Remote Low Not required None None Complete
In Mitsubishi Electric MELSEC-Q series Ethernet module QJ71E71-100 serial number 20121 and prior, an attacker could send crafted TCP packets against the FTP service, forcing the target devices to enter an error mode and cause a denial-of-service condition.
330 CVE-2019-10972 400 2019-07-25 2019-08-05
7.1
None Remote Medium Not required None None Complete
Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability can be triggered when an attacker provides the target with a rogue project file (.frc2). Once a user opens the rogue project, CPU exhaustion occurs, which causes the software to quit responding until the application is restarted.
331 CVE-2019-10959 434 2019-06-13 2019-06-20
7.5
None Remote Low Not required Partial Partial Partial
BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build 11, 1.2 Build 15, 1.3.0 Build 14, 1.3.1 Build 13, This does not impact the latest firmware Versions 1.3.2 and 1.6.1, Additionally, the following products using software Version 2.3.6 and below, Alaris GS, Alaris GH, Alaris CC, Alaris TIVA, The application does not restrict the upload of malicious files during a firmware update.
332 CVE-2019-10954 119 Overflow 2019-05-01 2019-05-03
7.8
None Remote Low Not required None None Complete
An attacker could send crafted SMTP packets to cause a denial-of-service condition where the controller enters a major non-recoverable faulted state (MNRF) in CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 to 30.014 and earlier.
333 CVE-2019-10952 119 Exec Code Overflow 2019-05-01 2019-05-03
7.5
None Remote Low Not required Partial Partial Partial
An attacker could send a crafted HTTP/HTTPS request to render the web server unavailable and/or lead to remote code execution caused by a stack-based buffer overflow vulnerability. A cold restart is required for recovering CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 to 30.014 and earlier systems.
334 CVE-2019-10948 400 Overflow 2019-04-30 2019-05-03
7.8
None Remote Low Not required None None Complete
Fujifilm FCR Capsula X/ Carbon X/ FCR XC-2, model versions CR-IR 357 FCR Carbon X, CR-IR 357 FCR XC-2, FCR-IR 357 FCR Capsula X are susceptible to a denial-of-service condition as a result of an overflow of TCP packets, which requires the device to be manually rebooted.
335 CVE-2019-10945 22 Dir. Trav. 2019-04-10 2019-04-17
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory.
336 CVE-2019-10938 284 Exec Code 2019-08-02 2019-08-14
7.5
None Remote Low Not required Partial Partial Partial
A vulnerability has been identified in Ethernet plug-in communication modules for SIPROTEC 5 devices with CPU variants CP200 (All versions), SIPROTEC 5 devices with CPU variants CP300 (All versions). An unauthenticated attacker with network access to the device could potentially insert arbitrary code which is executed before firmware verification in the device.
337 CVE-2019-10922 284 Exec Code 2019-05-14 2019-05-21
7.5
None Remote Low Not required Partial Partial Partial
A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 and newer (All versions), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 and newer (All versions). An attacker with network access to affected installations, which are configured without "Encrypted Communication", can execute arbitrary code. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected installation. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.
338 CVE-2019-10919 284 2019-05-14 2019-05-30
7.5
None Remote Low Not required Partial Partial Partial
A vulnerability has been identified in LOGO!8 BM (All versions). Attackers with access to port 10005/tcp could perform device reconfigurations and obtain project files from the devices. The system manual recommends to protect access to this port. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 10005/tcp. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.
339 CVE-2019-10914 119 Overflow XSS 2019-04-08 2019-04-10
7.5
None Remote Low Not required Partial Partial Partial
pubRsaDecryptSignedElementExt in MatrixSSL, as used in Inside Secure TLS Toolkit, through 4.0.2 Open has a stack-based buffer overflow during X.509 certificate verification because of missing validation in psRsaDecryptPubExt in crypto/pubkey/rsa_pub.c.
340 CVE-2019-10913 89 Sql XSS 2019-05-16 2019-05-17
7.5
None Remote Low Not required Partial Partial Partial
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated, possibly causing SQL injection or XSS. This is related to symfony/http-foundation.
341 CVE-2019-10910 89 Exec Code Sql 2019-05-16 2019-05-17
7.5
None Remote Low Not required Partial Partial Partial
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-injection.
342 CVE-2019-10908 310 2019-04-07 2019-04-09
7.5
None Remote Low Not required Partial Partial Partial
In Airsonic 10.2.1, RecoverController.java generates passwords via org.apache.commons.lang.RandomStringUtils, which uses java.util.Random internally. This PRNG has a 48-bit seed that can easily be bruteforced, leading to trivial privilege escalation attacks.
343 CVE-2019-10879 190 Exec Code Overflow 2019-04-05 2019-05-07
7.5
None Remote Low Not required Partial Partial Partial
In Teeworlds 0.7.2, there is an integer overflow in CDataFileReader::Open() in engine/shared/datafile.cpp that can lead to a buffer overflow and possibly remote code execution, because size-related multiplications are mishandled.
344 CVE-2019-10878 787 Exec Code 2019-04-05 2019-05-07
7.5
None Remote Low Not required Partial Partial Partial
In Teeworlds 0.7.2, there is a failed bounds check in CDataFileReader::GetData() and CDataFileReader::ReplaceData() and related functions in engine/shared/datafile.cpp that can lead to an arbitrary free and out-of-bounds pointer write, possibly resulting in remote code execution.
345 CVE-2019-10877 190 Overflow 2019-04-05 2019-05-07
7.5
None Remote Low Not required Partial Partial Partial
In Teeworlds 0.7.2, there is an integer overflow in CMap::Load() in engine/shared/map.cpp that can lead to a buffer overflow, because multiplication of width and height is mishandled.
346 CVE-2019-10866 89 Sql 2019-05-23 2019-08-03
7.5
None Remote Low Not required Partial Partial Partial
In the Form Maker plugin before 1.13.3 for WordPress, it's possible to achieve SQL injection in the function get_labels_parameters in the file form-maker/admin/models/Submissions_fm.php with a crafted value of the /models/Submissioc parameter.
347 CVE-2019-10844 20 2019-04-04 2019-04-05
7.5
None Remote Low Not required Partial Partial Partial
nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries (aka nnabla) through v1.0.14 relies on the HOME environment variable, which might be untrusted.
348 CVE-2019-10744 20 2019-07-25 2019-08-05
7.5
None Remote Low Not required Partial Partial Partial
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
349 CVE-2019-10712 798 2019-05-07 2019-05-28
7.5
None Remote Low Not required Partial Partial Partial
The Web-GUI on WAGO Series 750-88x (750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889) and Series 750-87x (750-830, 750-849, 750-871, 750-872, 750-873) devices has undocumented service access.
350 CVE-2019-10708 89 Sql 2019-04-02 2019-04-03
7.5
None Remote Low Not required Partial Partial Partial
S-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=unlike id parameter.
Total number of vulnerabilities : 26542   Page : 1 2 3 4 5 6 7 (This Page)8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.