CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3801 CVE-2019-20613 89 Sql 2020-03-24 2020-03-30
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is time-based SQL injection in Contacts. The Samsung ID is SVE-2018-13452 (March 2019).
3802 CVE-2019-20597 200 +Info 2020-03-24 2020-03-26
6.4
None Remote Low Not required Partial Partial None
An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) software. SPENgesture allows arbitrary applications to read or modify user-input logs. The Samsung ID is SVE-2019-14170 (June 2019).
3803 CVE-2019-20596 2020-03-24 2020-08-24
6.4
None Remote Low Not required Partial None Partial
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) (Exynos chipsets) software. There is information disclosure in the GateKeeper Trustlet. The Samsung ID is SVE-2019-13958 (June 2019).
3804 CVE-2019-20568 416 2020-03-24 2020-03-27
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) devices (Exynos and Qualcomm chipsets) software. A race condition causes a Use-After-Free. The Samsung ID is SVE-2019-15067 (September 2019).
3805 CVE-2019-20492 Bypass 2020-03-17 2020-08-24
6.5
None Remote Low ??? Partial Partial Partial
cPanel before 82.0.18 allows authentication bypass because of misparsing of the format of the password file (SEC-516).
3806 CVE-2019-20490 Bypass 2020-03-17 2020-08-24
6.5
None Remote Low ??? Partial Partial Partial
cPanel before 82.0.18 allows authentication bypass because webmail usernames are processed inconsistently (SEC-499).
3807 CVE-2019-20487 352 CSRF 2020-03-02 2020-03-04
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple actions within the WNR1000V4 web management console are vulnerable to an unauthenticated GET request (exploitable directly or through CSRF), as demonstrated by the setup.cgi?todo=save_htp_account URI.
3808 CVE-2019-20480 352 CSRF 2020-02-24 2020-02-28
6.8
None Remote Medium Not required Partial Partial Partial
In MIELE XGW 3000 ZigBee Gateway before 2.4.0, a malicious website visited by an authenticated admin user or a malicious mail is allowed to make arbitrary changes in the "admin panel" because there is no CSRF protection.
3809 CVE-2019-20453 502 Exec Code 2020-03-17 2020-08-24
6.5
None Remote Low ??? Partial Partial Partial
A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise before 8.2.4. A PHP object injection is present in the page plugins/uploader.http/HttpDownload.php. An authenticated user with basic privileges can inject objects and achieve remote code execution.
3810 CVE-2019-20452 502 Exec Code 2020-03-17 2020-08-24
6.5
None Remote Low ??? Partial Partial Partial
A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise before 8.2.4. A PHP object injection is present in the page plugins/core.access/src/RecycleBinManager.php. An authenticated user with basic privileges can inject objects and achieve remote code execution.
3811 CVE-2019-20445 444 2020-01-29 2021-04-26
6.4
None Remote Low Not required Partial Partial None
HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.
3812 CVE-2019-20444 444 2020-01-29 2021-04-26
6.4
None Remote Low Not required Partial Partial None
HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."
3813 CVE-2019-20433 125 2020-01-27 2020-01-31
6.4
None Remote Low Not required Partial None Partial
libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELL_CONF environment variable.
3814 CVE-2019-20397 415 Exec Code 2020-01-22 2020-01-23
6.8
None Remote Medium Not required Partial Partial Partial
A double-free is present in libyang before v1.0-r1 in the function yyparse() when an organization field is not terminated. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.
3815 CVE-2019-20394 415 Exec Code 2020-01-22 2020-01-23
6.8
None Remote Medium Not required Partial Partial Partial
A double-free is present in libyang before v1.0-r3 in the function yyparse() when a type statement in used in a notification statement. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.
3816 CVE-2019-20393 415 Exec Code 2020-01-22 2020-01-23
6.8
None Remote Medium Not required Partial Partial Partial
A double-free is present in libyang before v1.0-r1 in the function yyparse() when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.
3817 CVE-2019-20385 434 Exec Code 2020-01-21 2020-01-29
6.5
None Remote Low ??? Partial Partial Partial
The CSV upload feature in /supervisor/procesa_carga.php on Logaritmo Aware CallManager 2012 devices allows upload of .php files with a text/* content type. The PHP code can then be executed by visiting a /supervisor/csv/ URI.
3818 CVE-2019-20374 79 Exec Code XSS 2020-01-09 2020-01-17
6.8
None Remote Medium Not required Partial Partial Partial
A mutation cross-site scripting (XSS) issue in Typora through 0.9.9.31.2 on macOS and through 0.9.81 on Linux leads to Remote Code Execution through Mermaid code blocks. To exploit this vulnerability, one must open a file in Typora. The XSS vulnerability is then triggered due to improper HTML sanitization. Given that the application is based on the Electron framework, the XSS leads to remote code execution in an unsandboxed environment.
3819 CVE-2019-20367 125 2020-01-08 2021-04-01
6.4
None Remote Low Not required Partial None Partial
nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab).
3820 CVE-2019-20337 89 Sql 2020-01-05 2020-01-09
6.5
None Remote Low ??? Partial Partial Partial
In PHP Scripts Mall advanced-real-estate-script 4.0.9, the news_edit.php news_id parameter is vulnerable to SQL Injection.
3821 CVE-2019-20326 787 Exec Code Overflow 2020-03-16 2020-11-09
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c in GNOME gThumb before 3.8.3 and Linux Mint Pix before 2.4.5 allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file.
3822 CVE-2019-20219 125 2020-01-02 2020-01-08
6.8
None Remote Medium Not required Partial Partial Partial
ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor in ngiflib.c.
3823 CVE-2019-20209 79 XSS 2020-01-13 2020-01-14
6.4
None Remote Low Not required None Partial Partial
The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference (IDOR) via wp-admin/admin-ajax.php to delete any page/post/listing.
3824 CVE-2019-20205 190 Overflow 2020-01-02 2020-01-06
6.8
None Remote Medium Not required Partial Partial Partial
libsixel 1.8.4 has an integer overflow in sixel_frame_resize in frame.c.
3825 CVE-2019-20184 1236 2020-01-09 2020-11-17
6.8
None Remote Medium Not required Partial Partial Partial
KeePass 2.4.1 allows CSV injection in the title field of a CSV export.
3826 CVE-2019-20183 434 Exec Code 2020-01-09 2020-01-24
6.5
None Remote Low ??? Partial Partial Partial
uploadimage.php in Employee Records System 1.0 allows upload and execution of arbitrary PHP code because file-extension validation is only on the client side. The attacker can modify global.js to allow the .php extension.
3827 CVE-2019-20180 1236 2020-01-09 2020-08-24
6.0
None Remote Medium ??? Partial Partial Partial
The TablePress plugin 1.9.2 for WordPress allows tablepress[data] CSV injection by Editor users.
3828 CVE-2019-20179 89 Sql 2020-01-09 2020-01-15
6.5
None Remote Low ??? Partial Partial Partial
SOPlanning 1.45 has SQL injection via the user_list.php "by" parameter.
3829 CVE-2019-20140 787 Overflow 2019-12-30 2020-01-07
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in libsixel 1.8.4. There is a heap-based buffer overflow in the function gif_out_code at fromgif.c.
3830 CVE-2019-20107 89 Exec Code Sql 2020-03-05 2020-03-07
6.5
None Remote Low ??? Partial Partial Partial
Multiple SQL injection vulnerabilities in TestLink through 1.9.19 allows remote authenticated users to execute arbitrary SQL commands via the (1) tproject_id parameter to keywordsView.php; the (2) req_spec_id parameter to reqSpecCompareRevisions.php; the (3) requirement_id parameter to reqCompareVersions.php; the (4) build_id parameter to planUpdateTC.php; the (5) tplan_id parameter to newest_tcversions.php; the (6) tplan_id parameter to tcCreatedPerUserGUI.php; the (7) tcase_id parameter to tcAssign2Tplan.php; or the (8) testcase_id parameter to tcCompareVersions.php. Authentication is often easy to achieve: a guest account, that can execute this attack, can be created by anyone in the default configuration.
3831 CVE-2019-20097 Exec Code 2020-01-15 2020-08-24
6.5
None Remote Low ??? Partial Partial Partial
Bitbucket Server and Bitbucket Data Center versions starting from 1.0.0 before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the post-receive hook. A remote attacker with permission to clone and push files to a repository on the victim's Bitbucket Server or Bitbucket Data Center instance, can exploit this vulnerability to execute arbitrary commands on the Bitbucket Server or Bitbucket Data Center systems, using a file with specially crafted content.
3832 CVE-2019-20094 787 Overflow 2019-12-30 2020-01-03
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in libsixel 1.8.4. There is a heap-based buffer overflow in the function gif_init_frame at fromgif.c.
3833 CVE-2019-20090 416 2019-12-30 2020-01-07
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Bento4 1.5.1.0. There is a use-after-free in AP4_Sample::GetOffset in Core/Ap4Sample.h when called from Ap4LinearReader.cpp.
3834 CVE-2019-20089 125 2019-12-30 2020-01-07
6.8
None Remote Medium Not required Partial Partial Partial
GoPro GPMF-parser 1.2.3 has an heap-based buffer over-read in GPMF_SeekToSamples in GPMF_parse.c for the size calculation.
3835 CVE-2019-20088 125 2019-12-30 2020-01-07
6.8
None Remote Medium Not required Partial Partial Partial
GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GetPayload in GPMF_mp4reader.c.
3836 CVE-2019-20087 125 2019-12-30 2020-01-08
6.8
None Remote Medium Not required Partial Partial Partial
GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_seekToSamples in GPMF-parse.c for the "matching tags" feature.
3837 CVE-2019-20086 125 2019-12-30 2020-01-08
6.8
None Remote Medium Not required Partial Partial Partial
GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_Next in GPMF_parser.c.
3838 CVE-2019-20079 416 2019-12-30 2020-10-20
6.8
None Remote Medium Not required Partial Partial Partial
The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory.
3839 CVE-2019-20063 665 2019-12-29 2020-01-08
6.8
None Remote Medium Not required Partial Partial Partial
hdf/dataobject.c in libmysofa before 0.8 has an uninitialized use of memory, as demonstrated by mysofa2json.
3840 CVE-2019-20059 352 Sql 2020-02-10 2020-02-11
6.8
None Remote Medium Not required Partial Partial Partial
payment_manage.ajax.php and various *_manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.4 directly insert values from the sSortDir_0 parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection. NOTE: this issue exists because of an incomplete fix for CVE-2019-19732.
3841 CVE-2019-20055 918 2019-12-29 2020-01-02
6.4
None Remote Low Not required Partial Partial None
LuquidPixels LiquiFire OS 4.8.0 allows SSRF via the call%3Durl substring followed by a URL in square brackets.
3842 CVE-2019-20031 307 2020-07-29 2020-08-03
6.4
None Remote Low Not required Partial Partial None
NEC UM8000, UM4730 and prior non-InMail voicemail systems with all known software versions may permit an infinite number of login attempts in the telephone user interface (TUI), effectively allowing brute force attacks.
3843 CVE-2019-20029 269 2020-07-29 2020-08-03
6.5
None Remote Low ??? Partial Partial Partial
An exploitable privilege escalation vulnerability exists in the WebPro functionality of Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100 and SL2100 devices. A specially crafted HTTP POST can cause privilege escalation resulting in a higher privileged account, including an undocumented developer level of access.
3844 CVE-2019-20014 415 2019-12-27 2020-05-22
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in GNU LibreDWG before 0.93. There is a double-free in dwg_free in free.c.
3845 CVE-2019-20011 125 2019-12-27 2020-05-22
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in GNU LibreDWG 0.92. There is a heap-based buffer over-read in decode_R13_R2000 in decode.c.
3846 CVE-2019-20010 416 2019-12-27 2020-05-22
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in GNU LibreDWG 0.92. There is a use-after-free in resolve_objectref_vector in decode.c.
3847 CVE-2019-20002 94 2020-04-27 2020-05-06
6.0
None Remote Medium ??? Partial Partial Partial
Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form) that is mishandled in a TicketActions/view?tab=group TSV export by an admin user.
3848 CVE-2019-19999 918 2019-12-26 2020-01-08
6.5
None Remote Low ??? Partial Partial Partial
Halo before 1.2.0-beta.1 allows Server Side Template Injection (SSTI) because TemplateClassResolver.SAFER_RESOLVER is not used in the FreeMarker configuration.
3849 CVE-2019-19988 787 2020-02-26 2020-02-27
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. A user with valid credentials is able to create and write XML files on the filesystem via /common/vam_editXml.php in the web interface. The vulnerable PHP page checks none of these: the parameter that identifies the file name to be created, the destination path, or the extension. Thus, an attacker can manipulate the file name to create any type of file within the filesystem with arbitrary content.
3850 CVE-2019-19984 863 2019-12-26 2020-08-24
6.5
None Remote Low ??? Partial Partial Partial
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed users with edit_post capabilities to manage plugin settings and email campaigns.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.