CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4501 CVE-2019-13520 787 Exec Code Overflow 2019-08-20 2020-10-16
6.8
None Remote Medium Not required Partial Partial Partial
Multiple buffer overflow issues have been identified in Alpha5 Smart Loader: All versions prior to 4.2. An attacker could use specially crafted project files to overflow the buffer and execute code under the privileges of the application.
4502 CVE-2019-13519 843 2020-01-27 2020-02-03
6.8
None Remote Medium Not required Partial Partial Partial
A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. Rockwell Automation has released version 16.00.01 of Arena Simulation Software to address the reported vulnerabilities.
4503 CVE-2019-13518 119 Exec Code Overflow 2019-09-04 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
An attacker could use a specially crafted project file to overflow the buffer and execute code under the privileges of the EZ Touch Editor Versions 2.1.0 and prior.
4504 CVE-2019-13517 384 2019-09-06 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
In Pyxis ES Versions 1.3.4 through to 1.6.1 and Pyxis Enterprise Server, with Windows Server Versions 4.4 through 4.12, a vulnerability has been identified where existing access privileges are not restricted in coordination with the expiration of access based on active directory user account changes when the device is joined to an AD domain.
4505 CVE-2019-13516 352 CSRF 2019-08-15 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
In OSIsoft PI Web API and prior, the affected product is vulnerable to a direct attack due to a cross-site request forgery protection setting that has not taken effect.
4506 CVE-2019-13514 416 Exec Code 2019-08-15 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior, processing a specially crafted project file may trigger a use-after-free vulnerability, which may allow information disclosure, remote code execution, or crash of the application.
4507 CVE-2019-13513 125 Exec Code 2019-08-15 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior, processing a specially crafted project file may trigger multiple out-of-bounds read vulnerabilities, which may allow information disclosure, remote code execution, or crash of the application.
4508 CVE-2019-13510 416 Exec Code 2019-08-15 2020-08-04
6.8
None Remote Medium Not required Partial Partial Partial
Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain a USE AFTER FREE CWE-416. A maliciously crafted Arena file opened by an unsuspecting user may result in the application crashing or the execution of arbitrary code.
4509 CVE-2019-13494 787 Overflow 2019-07-12 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
nodeimp.exe in Castle Rock SNMPc before 9.0.12.1 and 10.x before 10.0.9 has a stack-based buffer overflow via a long variable string in a Map Objects text file.
4510 CVE-2019-13475 88 Exec Code 2019-07-09 2019-07-16
6.8
None Remote Medium Not required Partial Partial Partial
In MobaXterm 11.1, the mobaxterm: URI handler has an argument injection vulnerability that allows remote attackers to execute arbitrary commands when the user visits a specially crafted URL. Based on the available command-line arguments of the software, one can simply inject -exec to execute arbitrary commands. The additional arguments -hideterm and -exitwhendone in the payload make the attack less visible.
4511 CVE-2019-13462 89 Sql 2019-08-12 2019-08-15
6.4
None Remote Low Not required Partial Partial None
Lansweeper before 7.1.117.4 allows unauthenticated SQL injection.
4512 CVE-2019-13423 2019-08-23 2020-10-08
6.5
None Remote Low ??? Partial Partial Partial
Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an authenticated Kibana user could impersonate as kibanaserver user when providing wrong credentials when all of the following conditions a-c are true: a) Kibana is configured to use Single-Sign-On as authentication method, one of Kerberos, JWT, Proxy, Client certificate. b) The kibanaserver user is configured to use HTTP Basic as the authentication method. c) Search Guard is configured to use an SSO authentication domain and HTTP Basic at the same time
4513 CVE-2019-13402 212 2019-07-08 2020-08-24
6.5
None Remote Low ??? Partial Partial Partial
/usr/sbin/default.sh and /usr/apache/htdocs/cgi-bin/admin/hardfactorydefault.cgi on Dynacolor FCM-MB40 v1.2.0.0 devices implement an incomplete factory-reset process. A backdoor can persist because neither system accounts nor the set of services is reset.
4514 CVE-2019-13401 352 CSRF 2019-07-08 2019-07-09
6.8
None Remote Medium Not required Partial Partial Partial
Dynacolor FCM-MB40 v1.2.0.0 devices have CSRF in all scripts under cgi-bin/.
4515 CVE-2019-13395 352 CSRF 2020-03-13 2020-03-18
6.8
None Remote Medium Not required Partial Partial Partial
The Voo branded NETGEAR CG3700b custom firmware V2.02.03 allows CSRF against all /goform/ URIs. An attacker can modify all settings including WEP/WPA/WPA2 keys, restore the router to factory settings, or even upload an entire malicious configuration file.
4516 CVE-2019-13391 125 2019-07-07 2020-09-08
6.8
None Remote Medium Not required Partial Partial Partial
In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier.c has a heap-based buffer over-read because of incorrect calls to GetCacheViewVirtualPixels.
4517 CVE-2019-13386 863 Exec Code 2019-07-26 2020-08-24
6.5
None Remote Low ??? Partial Partial Partial
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, a hidden action=9 feature in filemanager2.php allows attackers to execute a shell command, i.e., obtain a reverse shell with user privilege.
4518 CVE-2019-13370 352 CSRF 2019-07-06 2019-07-09
6.8
None Remote Medium Not required Partial Partial Partial
index.php/admin/permissions in Ignited CMS through 2017-02-19 allows CSRF to add an administrator.
4519 CVE-2019-13364 352 XSS CSRF 2019-09-13 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
admin.php?page=account_billing in Piwigo 2.9.5 has XSS via the vat_number, billing_name, company, or billing_address parameter. This is exploitable via CSRF.
4520 CVE-2019-13363 352 XSS CSRF 2019-09-13 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
admin.php?page=notification_by_mail in Piwigo 2.9.5 has XSS via the nbm_send_html_mail, nbm_send_mail_as, nbm_send_detailed_content, nbm_complementary_mail_content, nbm_send_recent_post_dates, or param_submit parameter. This is exploitable via CSRF.
4521 CVE-2019-13362 787 Overflow 2019-07-06 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Codedoc v3.2 has a stack-based buffer overflow in add_variable in codedoc.c, related to codedoc_strlcpy.
4522 CVE-2019-13351 2019-07-05 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
posix/JackSocket.cpp in libjack in JACK2 1.9.1 through 1.9.12 (as distributed with alsa-plugins 1.1.7 and later) has a "double file descriptor close" issue during a failed connection attempt when jackd2 is not running. Exploitation success depends on multithreaded timing of that double close, which can result in unintended information disclosure, crashes, or file corruption due to having the wrong file associated with the file descriptor.
4523 CVE-2019-13347 2019-12-13 2020-08-24
6.0
None Remote Medium ??? Partial Partial Partial
An issue was discovered in the SAML Single Sign On (SSO) plugin for several Atlassian products affecting versions 3.1.0 through 3.2.2 for Jira and Confluence, versions 2.4.0 through 3.0.3 for Bitbucket, and versions 2.4.0 through 2.5.2 for Bamboo. It allows locally disabled users to reactivate their accounts just by browsing the affected Jira/Confluence/Bitbucket/Bamboo instance, even when the applicable configuration option of the plugin has been disabled ("Reactivate inactive users"). Exploiting this vulnerability requires an attacker to be authorized by the identity provider and requires that the plugin's configuration option "User Update Method" have the "Update from SAML Attributes" value.
4524 CVE-2019-13334 787 Exec Code 2020-02-08 2020-03-11
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DXF files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8774.
4525 CVE-2019-13333 787 Exec Code 2020-02-08 2020-03-11
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DXF files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8773.
4526 CVE-2019-13332 416 Exec Code 2019-10-03 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of templates in XFA forms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9149.
4527 CVE-2019-13331 125 Exec Code 2019-10-03 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8838.
4528 CVE-2019-13330 843 Exec Code 2019-10-03 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPG files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8742.
4529 CVE-2019-13329 843 Exec Code 2019-10-03 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8695.
4530 CVE-2019-13328 416 Exec Code 2019-10-03 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of fields within Acroform objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8913.
4531 CVE-2019-13327 416 Exec Code 2019-10-03 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of fields within Acroform objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8888.
4532 CVE-2019-13326 125 Exec Code 2019-10-03 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of fields within Acroform objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8864.
4533 CVE-2019-13325 125 Exec Code 2019-10-03 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of EPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8922.
4534 CVE-2019-13324 125 Exec Code 2019-10-03 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TIFF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8782.
4535 CVE-2019-13323 787 Exec Code 2019-10-03 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8783.
4536 CVE-2019-13322 20 Exec Code 2020-02-10 2020-02-11
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Browser Prior to 10.4.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the miui.share application. The issue results from the lack of proper validation of user-supplied data, which can result in an arbitrary application download. An attacker can leverage this vulnerability to execute code in the context of the user. Was ZDI-CAN-7483.
4537 CVE-2019-13320 416 Exec Code 2019-10-04 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8814.
4538 CVE-2019-13319 416 Exec Code 2019-10-04 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XFA forms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8669.
4539 CVE-2019-13317 416 Exec Code 2019-10-04 2019-10-11
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate actions. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8759.
4540 CVE-2019-13316 416 Exec Code 2019-10-04 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate actions. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8757.
4541 CVE-2019-13315 416 Exec Code 2019-10-04 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8656.
4542 CVE-2019-13312 125 2019-07-05 2020-07-28
6.8
None Remote Medium Not required Partial Partial Partial
block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based buffer over-read.
4543 CVE-2019-13308 787 Overflow 2019-07-05 2020-09-08
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCore/fourier.c in ComplexImage.
4544 CVE-2019-13307 787 Overflow 2019-07-05 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows.
4545 CVE-2019-13306 787 Overflow 2019-07-05 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors.
4546 CVE-2019-13305 787 Overflow 2019-07-05 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy and an off-by-one error.
4547 CVE-2019-13304 787 Overflow 2019-07-05 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment.
4548 CVE-2019-13303 125 2019-07-05 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/composite.c in CompositeImage.
4549 CVE-2019-13302 125 2019-07-05 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/fourier.c in ComplexImages.
4550 CVE-2019-13300 787 Overflow 2019-07-05 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.