CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4451 CVE-2019-13726 119 Exec Code Overflow 2019-12-10 2019-12-16
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in password manager in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
4452 CVE-2019-13725 416 Exec Code 2019-12-10 2019-12-16
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
4453 CVE-2019-13724 787 Mem. Corr. 2019-11-25 2019-11-30
6.8
None Remote Medium Not required Partial Partial Partial
Out of bounds memory access in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
4454 CVE-2019-13723 787 2019-11-25 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
4455 CVE-2019-13721 787 2019-11-25 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in PDFium in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
4456 CVE-2019-13720 787 2019-11-25 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
4457 CVE-2019-13706 787 Mem. Corr. 2019-11-25 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Out of bounds memory access in PDFium in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
4458 CVE-2019-13702 269 2019-11-25 2020-01-13
6.8
None Remote Medium Not required Partial Partial Partial
Inappropriate implementation in installer in Google Chrome on Windows prior to 78.0.3904.70 allowed a local attacker to perform privilege escalation via a crafted executable.
4459 CVE-2019-13700 787 Mem. Corr. 2019-11-25 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Out of bounds memory access in the gamepad API in Google Chrome prior to 78.0.3904.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
4460 CVE-2019-13699 416 2019-11-25 2020-01-13
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in media in Google Chrome prior to 78.0.3904.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
4461 CVE-2019-13698 787 Mem. Corr. 2019-11-25 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Out of bounds memory access in JavaScript in Google Chrome prior to 73.0.3683.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
4462 CVE-2019-13696 416 2019-11-25 2019-11-27
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in JavaScript in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
4463 CVE-2019-13695 416 2019-11-25 2019-11-26
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in audio in Google Chrome on Android prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
4464 CVE-2019-13694 416 2019-11-25 2019-11-27
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in WebRTC in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
4465 CVE-2019-13693 416 Exec Code 2019-11-25 2019-11-26
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in IndexedDB in Google Chrome prior to 77.0.3865.120 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
4466 CVE-2019-13692 20 Bypass 2019-11-25 2019-11-27
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient policy enforcement in reader mode in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.
4467 CVE-2019-13688 416 2019-11-25 2019-11-27
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
4468 CVE-2019-13687 416 2019-11-25 2019-11-27
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
4469 CVE-2019-13686 416 2019-11-25 2019-11-27
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in offline mode in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
4470 CVE-2019-13685 416 2019-11-25 2019-11-27
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in sharing view in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
4471 CVE-2019-13682 281 Bypass 2019-11-25 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
4472 CVE-2019-13657 798 Exec Code 2019-10-17 2019-10-24
6.5
None Remote Low ??? Partial Partial Partial
CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before 3.7.4 have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security.
4473 CVE-2019-13635 22 Dir. Trav. 2019-07-30 2019-08-13
6.4
None Remote Low Not required Partial Partial None
The WP Fastest Cache plugin through 0.8.9.5 for WordPress allows wpFastestCache.php and inc/cache.php Directory Traversal.
4474 CVE-2019-13623 22 Exec Code Dir. Trav. 2019-07-17 2019-11-12
6.8
None Remote Medium Not required Partial Partial Partial
In NSA Ghidra before 9.1, path traversal can occur in RestoreTask.java (from the package ghidra.app.plugin.core.archive) via an archive with an executable file that has an initial ../ in its filename. This allows attackers to overwrite arbitrary files in scenarios where an intermediate analysis result is archived for sharing with other persons. To achieve arbitrary code execution, one approach is to overwrite some critical Ghidra modules, e.g., the decompile module.
4475 CVE-2019-13611 352 2019-07-16 2019-07-22
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted.
4476 CVE-2019-13605 639 Bypass 2019-07-16 2020-08-24
6.5
None Remote Low ??? Partial Partial Partial
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can bypass authentication in the login process by leveraging the knowledge of a valid username. The attacker must defeat an encoding that is not equivalent to base64, and thus this is different from CVE-2019-13360.
4477 CVE-2019-13602 191 DoS Overflow 2019-07-14 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file.
4478 CVE-2019-13594 352 CSRF 2019-07-14 2019-07-17
6.8
None Remote Medium Not required Partial Partial Partial
In Mirumee Saleor 2.7.0 (fixed in 2.8.0), CSRF protection middleware was accidentally disabled, which allowed attackers to send a POST request without a valid CSRF token and be accepted by the server.
4479 CVE-2019-13574 78 Exec Code 2019-07-12 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
In lib/mini_magick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernel#open, which accepts a '|' character followed by a command.
4480 CVE-2019-13570 89 Sql 2019-07-23 2019-07-31
6.5
None Remote Low ??? Partial Partial Partial
The AJdG AdRotate plugin before 5.3 for WordPress allows SQL Injection.
4481 CVE-2019-13568 787 Overflow 2019-07-31 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
CImg through 2.6.7 has a heap-based buffer overflow in _load_bmp in CImg.h because of erroneous memory allocation for a malformed BMP image.
4482 CVE-2019-13567 78 Exec Code 2019-07-12 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
The Zoom Client before 4.4.53932.0709 on macOS allows remote code execution, a different vulnerability than CVE-2019-13450. If the ZoomOpener daemon (aka the hidden web server) is running, but the Zoom Client is not installed or can't be opened, an attacker can remotely execute code with a maliciously crafted launch URL. NOTE: ZoomOpener is removed by the Apple Malware Removal Tool (MRT) if this tool is enabled and has the 2019-07-10 MRTConfigData.
4483 CVE-2019-13563 352 CSRF 2019-07-11 2021-04-23
6.8
None Remote Medium Not required Partial Partial Partial
D-Link DIR-655 C devices before 3.02B05 BETA03 allow CSRF for the entire management console.
4484 CVE-2019-13556 787 Exec Code Overflow 2019-09-18 2020-10-16
6.5
None Remote Low ??? Partial Partial Partial
In WebAccess versions 8.4.1 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.
4485 CVE-2019-13554 2020-04-07 2020-10-09
6.5
None Remote Low ??? Partial Partial Partial
GE Mark VIe Controller has an unsecured Telnet protocol that may allow a user to create an authenticated session using generic default credentials. GE recommends that users disable the Telnet service.
4486 CVE-2019-13552 78 Exec Code 2019-09-18 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a lack of proper validation of user-supplied data and may allow arbitrary file deletion and remote code execution.
4487 CVE-2019-13545 787 Exec Code 2019-10-18 2019-10-21
6.8
None Remote Medium Not required Partial Partial Partial
In Horner Automation Cscape 9.90 and prior, improper validation of data may cause the system to write outside the intended buffer area, which may allow arbitrary code execution.
4488 CVE-2019-13544 787 Exec Code 2019-09-11 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Delta Electronics TPEditor, Versions 1.94 and prior. Multiple out-of-bounds write vulnerabilities may be exploited by processing specially crafted project files, which may allow remote code execution.
4489 CVE-2019-13541 787 Exec Code 2019-10-18 2020-10-09
6.8
None Remote Medium Not required Partial Partial Partial
In Horner Automation Cscape 9.90 and prior, an improper input validation vulnerability has been identified that may be exploited by processing files lacking user input validation. This may allow an attacker to access information and remotely execute arbitrary code.
4490 CVE-2019-13540 787 Exec Code Overflow 2019-09-11 2020-10-16
6.8
None Remote Medium Not required Partial Partial Partial
Delta Electronics TPEditor, Versions 1.94 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to remotely execute arbitrary code.
4491 CVE-2019-13538 79 Exec Code XSS 2019-09-17 2021-06-09
6.8
None Remote Medium Not required Partial Partial Partial
3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versions prior to 3.5.16.0, allows the system to display active library content without checking its validity, which may allow the contents of manipulated libraries to be displayed or executed. The issue also exists for source libraries, but 3S-Smart Software Solutions GmbH strongly recommends distributing compiled libraries only.
4492 CVE-2019-13536 120 Exec Code Overflow 2019-09-11 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Delta Electronics TPEditor, Versions 1.94 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to remotely execute arbitrary code.
4493 CVE-2019-13534 494 Exec Code 2019-09-12 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C) and WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C). The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.
4494 CVE-2019-13533 294 2019-12-16 2020-01-02
6.8
None Remote Medium Not required Partial Partial Partial
In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, an attacker could monitor traffic between the PLC and the controller and replay requests that could result in the opening and closing of industrial valves.
4495 CVE-2019-13530 798 2019-09-12 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C) and WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C). An attacker can use these credentials to login via ftp and upload a malicious firmware.
4496 CVE-2019-13529 352 2019-10-09 2019-10-15
6.8
None Remote Medium Not required Partial Partial Partial
An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform actions with the permissions of the user on the Sunny WebBox Firmware Version 1.6 and prior. This device uses IP addresses to maintain communication after a successful login, which would increase the ease of exploitation.
4497 CVE-2019-13527 824 2019-09-24 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
In Rockwell Automation Arena Simulation Software Cat. 9502-Ax, Versions 16.00.00 and earlier, a maliciously crafted Arena file opened by an unsuspecting user may result in the use of a pointer that has not been initialized.
4498 CVE-2019-13526 287 Exec Code Bypass 2019-08-30 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
Datalogic AV7000 Linear barcode scanner all versions prior to 4.6.0.0 is vulnerable to authentication bypass, which may allow an attacker to remotely execute arbitrary code.
4499 CVE-2019-13522 787 Exec Code 2019-09-04 2020-10-16
6.8
None Remote Medium Not required Partial Partial Partial
An attacker could use a specially crafted project file to corrupt the memory and execute code under the privileges of the EZ PLC Editor Versions 1.8.41 and prior.
4500 CVE-2019-13521 2020-01-27 2020-02-03
6.8
None Remote Medium Not required Partial Partial Partial
A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. Rockwell Automation has released version 16.00.01 of Arena Simulation Software to address the reported vulnerabilities.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.