CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3901 CVE-2019-19590 190 DoS Exec Code Overflow 2019-12-05 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
In radare2 through 4.0, there is an integer overflow for the variable new_token_size in the function r_asm_massemble at libr/asm/asm.c. This integer overflow will result in a Use-After-Free for the buffer tokens, which can be filled with arbitrary malicious data after the free. This allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted input.
3902 CVE-2019-19580 362 +Priv 2019-12-11 2020-01-03
6.0
None Remote Medium ??? Partial Partial Partial
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice.
3903 CVE-2019-19545 346 2019-12-05 2019-12-13
6.5
None Remote Low ??? Partial Partial Partial
Norton Password Manager, prior to 6.6.2.5, may be susceptible to a cross origin resource sharing (CORS) vulnerability, which is a type of issue that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served.
3904 CVE-2019-19538 Exec Code 2020-03-16 2020-08-24
6.5
None Remote Low ??? Partial Partial Partial
In Sangoma FreePBX 13 through 15 and sysadmin (aka System Admin) 13.0.92 through 15.0.13.6 modules have a Remote Command Execution vulnerability that results in Privilege Escalation.
3905 CVE-2019-19529 416 2019-12-03 2020-08-12
6.9
None Local Medium Not required Complete Complete Complete
In the Linux kernel before 5.3.11, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka CID-4d6636498c41.
3906 CVE-2019-19517 352 Bypass CSRF 2020-05-05 2020-05-07
6.8
None Remote Medium Not required Partial Partial Partial
Intelbras RF1200 1.1.3 devices allow CSRF to bypass the login.html form, as demonstrated by launching a scrapy process.
3907 CVE-2019-19487 78 2020-03-20 2020-03-24
6.5
None Remote Low ??? Partial Partial Partial
Command Injection in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to achieve command injection via a plugin test.
3908 CVE-2019-19469 352 CSRF 2019-12-01 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
In Zmanda Management Console 3.3.9, ZMC_Admin_Advanced?form=adminTasks&action=Apply&command= allows CSRF, as demonstrated by command injection with shell metacharacters. This may depend on weak default credentials.
3909 CVE-2019-19468 434 Exec Code 2019-11-30 2019-12-13
6.8
None Remote Medium Not required Partial Partial Partial
Free Photo Viewer 1.3 allows remote attackers to execute arbitrary code via a crafted BMP and/or TIFF file that triggers a malformed SEH, as demonstrated by a 0012ECB4 FreePhot.00425642 42200008 corrupt entry.
3910 CVE-2019-19460 276 +Priv 2019-12-03 2019-12-13
6.6
None Local Low Not required None Complete Complete
An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. The product's webserver runs as a Windows service with local SYSTEM permissions by default. This is against the principle of least privilege. An attacker who is able to exploit CVE-2019-19458 or CVE-2019-19459 is basically able to write to every single path on the file system, because the webserver is running with the highest privileges available.
3911 CVE-2019-19449 125 2019-12-08 2020-01-03
6.8
None Remote Medium Not required Partial Partial Partial
In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can lead to slab-out-of-bounds read access in f2fs_build_segment_manager in fs/f2fs/segment.c, related to init_min_max_mtime in fs/f2fs/segment.c (because the second argument to get_seg_entry is not validated).
3912 CVE-2019-19448 416 2019-12-08 2020-11-02
6.8
None Remote Medium Not required Partial Partial Partial
In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure.
3913 CVE-2019-19447 416 2019-12-08 2020-06-10
6.8
None Remote Medium Not required Partial Partial Partial
In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.
3914 CVE-2019-19391 843 2019-11-29 2019-12-19
6.4
None Remote Low Not required Partial Partial None
** DISPUTED ** In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other products, debug.getinfo has a type confusion issue that leads to arbitrary memory write or read operations, because certain cases involving valid stack levels and > options are mishandled. NOTE: The LuaJIT project owner states that the debug libary is unsafe by definition and that this is not a vulnerability. When LuaJIT was originally developed, the expectation was that the entire debug library had no security guarantees and thus it made no sense to assign CVEs. However, not all users of later LuaJIT derivatives share this perspective.
3915 CVE-2019-19383 120 Overflow 2019-12-03 2019-12-12
6.5
None Remote Low ??? Partial Partial Partial
freeFTPd 1.0.8 has a Post-Authentication Buffer Overflow via a crafted SIZE command (this is exploitable even if logging is disabled).
3916 CVE-2019-19378 787 2019-11-29 2020-01-03
6.8
None Remote Medium Not required Partial Partial Partial
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c.
3917 CVE-2019-19377 416 2019-11-29 2020-12-11
6.8
None Remote Medium Not required Partial Partial Partial
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c.
3918 CVE-2019-19353 266 2021-03-24 2021-03-26
6.9
None Local Medium Not required Complete Complete Complete
An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hive as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
3919 CVE-2019-19340 1188 2019-12-19 2020-12-04
6.4
None Remote Low Not required Partial None Partial
A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ management interface publicly, as expected. If the default admin user is still active, an attacker could guess the password and gain access to the system.
3920 CVE-2019-19315 732 2019-12-17 2019-12-31
6.9
None Local Medium Not required Complete Complete Complete
NLSSRV32.EXE in Nalpeiron Licensing Service 7.3.4.0, as used with Nitro PDF and other products, allows Elevation of Privilege via the \\.\mailslot\nlsX86ccMailslot mailslot.
3921 CVE-2019-19292 89 Exec Code Sql 2020-03-10 2021-04-22
6.5
None Remote Low ??? Partial Partial Partial
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an SQL injection vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker could exploit this vulnerability to read or modify the CCS database and potentially execute administrative database operations or operating system commands.
3922 CVE-2019-19289 352 CSRF 2020-12-14 2020-12-15
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link.
3923 CVE-2019-19286 89 Sql 2020-12-14 2020-12-15
6.5
None Remote Low ??? Partial Partial Partial
A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow SQL injection attacks if an attacker is able to modify content of particular web pages.
3924 CVE-2019-19261 918 2020-01-03 2020-01-09
6.8
None Remote Medium Not required Partial Partial Partial
GitLab Enterprise Edition (EE) 6.7 and later through 12.5 allows SSRF.
3925 CVE-2019-19235 20 Exec Code 2019-12-18 2019-12-27
6.9
None Local Medium Not required Complete Complete Complete
AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 (for Windows 10 notebook PCs) could lead to unsigned code execution with no additional execution. The user must put an application at a particular path, with a particular file name.
3926 CVE-2019-19215 120 Overflow 2020-04-30 2020-05-26
6.0
None Remote Medium ??? Partial Partial Partial
A buffer overflow vulnerability in BMC Control-M/Agent 7.0.00.000 when the On-Do action destination is Mail and the Control-M/Agent is configured to send the email, allows remote attackers to have unspecified impact via vectors related to the configured IP address or SMTP server.
3927 CVE-2019-19207 89 Sql 2019-11-21 2019-11-26
6.5
None Remote Low ??? Partial Partial Partial
rConfig 3.9.2 allows devices.php?searchColumn= SQL injection.
3928 CVE-2019-19202 276 2019-11-21 2019-12-04
6.5
None Remote Low ??? Partial Partial Partial
In Vtiger 7.x before 7.2.0, the My Preferences saving functionality allows a user without administrative privileges to change his own role by adding roleid=H2 to a POST request.
3929 CVE-2019-19200 863 2020-10-06 2020-10-07
6.5
None Remote Low ??? Partial Partial Partial
REDDOXX MailDepot 2032 2.2.1242 allows authenticated users to access the mailboxes of other users.
3930 CVE-2019-19195 DoS 2020-02-10 2020-02-13
6.1
None Local Network Low Not required None None Complete
The Bluetooth Low Energy implementation on Microchip Technology BluSDK Smart through 6.2 for ATSAMB11 devices does not properly restrict link-layer data length on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet.
3931 CVE-2019-19193 DoS 2020-02-10 2020-02-14
6.1
None Local Network Low Not required None None Complete
The Bluetooth Low Energy peripheral implementation on Texas Instruments SIMPLELINK-CC2640R2-SDK through 3.30.00.20 and BLE-STACK through 1.5.0 before Q4 2019 for CC2640R2 and CC2540/1 devices does not properly restrict the advertisement connection request packet on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet.
3932 CVE-2019-19165 494 Exec Code 2020-04-29 2020-05-11
6.5
None Remote Low ??? Partial Partial Partial
AxECM.cab(ActiveX Control) in Inogard Ebiz4u contains a vulnerability that could allow remote files to be downloaded and executed by setting arguments to the activeX method. Download of Code Without Integrity Check vulnerability in ActiveX control of Inogard Co,,LTD Ebiz4u ActiveX of Inogard Co,,LTD(AxECM.cab) allows ATTACKER to cause a file download to Windows user's folder and execute. This issue affects: Inogard Co,,LTD Ebiz4u ActiveX of Inogard Co,,LTD(AxECM.cab) version 1.0.5.0 and later versions on windows 7/8/10.
3933 CVE-2019-19164 20 Exec Code 2020-05-07 2020-05-21
6.8
None Remote Medium Not required Partial Partial Partial
dext5.ocx ActiveX Control in Dext5 Upload 5.0.0.112 and earlier versions contains a vulnerability that could allow remote files to be executed by setting the arguments to the activex method. A remote attacker could induce a user to access a crafted web page, causing damage such as malicious code infection.
3934 CVE-2019-19162 416 Exec Code 2020-05-11 2020-05-14
6.8
None Remote Medium Not required Partial Partial Partial
A use-after-free vulnerability in the TOBESOFT XPLATFORM versions 9.1 to 9.2.2 may lead to code execution on a system running it.
3935 CVE-2019-19161 426 2020-06-30 2020-07-07
6.5
None Remote Low ??? Partial Partial Partial
CyMiInstaller322 ActiveX which runs MIPLATFORM downloads files required to run applications. A vulnerability in downloading files by CyMiInstaller322 ActiveX caused by an attacker to download randomly generated DLL files and MIPLATFORM to load those DLLs due to insufficient verification.
3936 CVE-2019-19160 345 Exec Code 2020-06-29 2020-07-07
6.5
None Remote Low ??? Partial Partial Partial
Reportexpress ProPlus contains a vulnerability that could allow an arbitrary code execution by inserted VBscript into the configure file(rxp).
3937 CVE-2019-19141 434 Exec Code Dir. Trav. 2019-12-19 2020-01-08
6.5
None Remote Low ??? Partial Partial Partial
The Camera Upload functionality in Plex Media Server through 1.18.2.2029 allows remote authenticated users to write files anywhere the user account running the Plex Media Server has permissions. This allows remote code execution via a variety of methods, such as (on a default Ubuntu installation) creating a .ssh folder in the plex user's home directory via directory traversal, uploading an SSH authorized_keys file there, and logging into the host as the Plex user via SSH.
3938 CVE-2019-19127 319 Bypass 2020-03-25 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
An authentication bypass vulnerability is present in the standalone SITS:Vision 9.7.0 component of Tribal SITS in its default configuration, related to unencrypted communications sent by the client each time it is launched. This occurs because the Uniface TLS Driver is not enabled by default. This vulnerability allows attackers to gain access to credentials or execute arbitrary SQL queries on the SITS backend as long as they have access to the client executable or can intercept traffic from a user who does.
3939 CVE-2019-19115 427 Exec Code 2020-10-08 2020-10-29
6.9
None Local Medium Not required Complete Complete Complete
An escalation of privilege vulnerability in Nahimic APO Software Component Driver 1.4.2, 1.5.0, 1.5.1, 1.6.1 and 1.6.2 allows an attacker to execute code with SYSTEM privileges.
3940 CVE-2019-19109 352 CSRF 2020-06-15 2020-06-16
6.8
None Remote Medium Not required Partial Partial Partial
The wpForo plugin 1.6.5 for WordPress allows wp-admin/admin.php?page=wpforo-usergroups CSRF.
3941 CVE-2019-19106 269 2020-04-22 2020-04-30
6.4
None Remote Low Not required Partial Partial None
Improper implementation of Access Control in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows an unauthorized user to access data marked as restricted, such as viewing or editing user profiles and application settings.
3942 CVE-2019-19094 89 Sql 2020-04-02 2020-04-03
6.5
None Remote Low ??? Partial Partial Partial
Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database.
3943 CVE-2019-19093 521 2020-04-02 2020-04-03
6.4
None Remote Low Not required Partial Partial None
eSOMS versions 4.0 to 6.0.3 do not enforce password complexity settings, potentially resulting in lower access security due to insecure user passwords.
3944 CVE-2019-19046 401 DoS 2019-11-18 2020-08-24
6.8
None Remote Low ??? None None Complete
** DISPUTED ** A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering ida_simple_get() failure, aka CID-4aa7afb0ee20. NOTE: third parties dispute the relevance of this because an attacker cannot realistically control this failure at probe time.
3945 CVE-2019-19034 78 Exec Code 2020-03-23 2020-05-15
6.5
None Remote Low ??? Partial Partial Partial
Zoho ManageEngine Asset Explorer 6.5 does not validate the System Center Configuration Manager (SCCM) database username when dynamically generating a command to schedule scans for SCCM. This allows an attacker to execute arbitrary commands on the AssetExplorer Server with NT AUTHORITY/SYSTEM privileges.
3946 CVE-2019-19029 89 Sql 2020-03-20 2021-05-21
6.5
None Remote Low ??? Partial Partial Partial
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via user-groups in the VMware Harbor Container Registry for the Pivotal Platform.
3947 CVE-2019-19025 352 CSRF 2020-03-20 2021-05-19
6.8
None Remote Medium Not required Partial Partial Partial
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows CSRF in the VMware Harbor Container Registry for the Pivotal Platform.
3948 CVE-2019-19023 2020-03-20 2021-05-19
6.5
None Remote Low ??? Partial Partial Partial
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 has a Privilege Escalation Vulnerability in the VMware Harbor Container Registry for the Pivotal Platform.
3949 CVE-2019-19013 352 CSRF 2019-11-22 2019-11-27
6.8
None Remote Medium Not required Partial Partial Partial
A CSRF vulnerability in Pagekit 1.0.17 allows an attacker to upload an arbitrary file by removing the CSRF token from a request.
3950 CVE-2019-19005 415 2021-02-11 2021-02-17
6.8
None Remote Medium Not required Partial Partial Partial
A bitmap double free in main.c in autotrace 0.31.1 allows attackers to cause an unspecified impact via a malformed bitmap image. This may occur after the use-after-free in CVE-2017-9182.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.