CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4651 CVE-2019-17507 20 2019-10-11 2019-10-15
5.0
None Remote Low Not required Partial None None
An issue was discovered on D-Link DIR-816 A1 1.06 devices. An attacker could access management pages of the router via a client that ignores the 'top.location.href = "/dir_login.asp"' line in a .asp file. This provides access to d_status.asp, version.asp, d_dhcptbl.asp, and d_acl.asp.
4652 CVE-2019-17505 306 2019-10-11 2020-08-24
5.0
None Remote Low Not required Partial None None
D-Link DAP-1320 A2-V1.21 routers have some web interfaces without authentication requirements, as demonstrated by uplink_info.xml. An attacker can remotely obtain a user's Wi-Fi SSID and password, which could be used to connect to Wi-Fi or perform a dictionary attack.
4653 CVE-2019-17503 200 +Info 2019-10-11 2019-10-16
5.0
None Remote Low Not required Partial None None
An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. An unauthenticated user can access /osm/REGISTER.cmd (aka /osm_tiles/REGISTER.cmd) directly: it contains sensitive information about the database through the SQL queries within this batch file. This file exposes SQL database information such as database version, table name, column name, etc.
4654 CVE-2019-17502 476 2019-10-12 2019-10-17
5.0
None Remote Low Not required None None Partial
Hydra through 0.1.8 has a NULL pointer dereference and daemon crash when processing POST requests that lack a Content-Length header. read.c, request.c, and util.c contribute to this. The process_header_end() function calls boa_atoi(), which ultimately calls atoi() on a NULL pointer.
4655 CVE-2019-17498 190 DoS Overflow 2019-10-21 2020-10-14
5.8
None Remote Medium Not required Partial None Partial
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.
4656 CVE-2019-17420 20 2019-10-10 2019-10-16
5.0
None Remote Low Not required None Partial None
In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature to not alert on a response with a single \r\n ending.
4657 CVE-2019-17414 20 DoS 2019-10-09 2019-10-17
5.0
None Remote Low Not required None None Partial
tinylcy Vino through 2017-12-15 allows remote attackers to cause a denial of service ("vn_get_string error: Resource temporarily unavailable" error and daemon crash) via a long URL.
4658 CVE-2019-17406 22 Dir. Trav. 2019-11-25 2019-12-04
5.0
None Remote Low Not required Partial None None
Nokia IMPACT < 18A has path traversal that may lead to RCE if chained with CVE-2019-1743
4659 CVE-2019-17400 918 File Inclusion 2019-10-21 2019-10-23
5.0
None Remote Low Not required Partial None None
The unoconv package before 0.9 mishandles untrusted pathnames, leading to SSRF and local file inclusion.
4660 CVE-2019-17398 532 2019-10-15 2019-10-17
5.0
None Remote Low Not required Partial None None
In the Dark Horse Comics application 1.3.21 for Android, token information (equivalent to the username and password) is stored in the log during authentication, and may be available to attackers via logcat.
4661 CVE-2019-17397 532 2019-10-15 2019-10-15
5.0
None Remote Low Not required Partial None None
In the DoorDash application through 11.5.2 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.
4662 CVE-2019-17396 532 2019-10-15 2019-10-18
5.0
None Remote Low Not required Partial None None
In the PowerSchool Mobile application 1.1.8 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.
4663 CVE-2019-17395 532 2019-10-15 2019-10-17
5.0
None Remote Low Not required Partial None None
In the Rapid Gator application 0.7.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.
4664 CVE-2019-17394 532 2019-10-15 2019-10-18
5.0
None Remote Low Not required Partial None None
In the Seesaw Parent and Family application 6.2.5 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.
4665 CVE-2019-17393 522 2019-10-18 2019-10-22
5.0
None Remote Low Not required Partial None None
The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP (in cleartext) that can be sniffed by unauthorized actors. Basic authentication is used for the authentication, making it possible to base64 decode the sniffed credentials and discover the username and password.
4666 CVE-2019-17360 400 DoS 2019-11-12 2019-11-18
5.0
None Remote Low Not required None None Partial
A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.7.0-00 allows an unauthenticated remote user to trigger a denial of service (DoS) condition because of Uncontrolled Resource Consumption.
4667 CVE-2019-17359 770 2019-10-08 2021-01-20
5.0
None Remote Low Not required None None Partial
The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.
4668 CVE-2019-17358 787 Mem. Corr. 2019-12-12 2020-08-24
5.5
None Remote Low ??? None Partial Partial
Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP module.
4669 CVE-2019-17355 532 2019-10-15 2019-10-18
5.0
None Remote Low Not required Partial None None
In the Orbitz application 19.31.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.
4670 CVE-2019-17352 434 Bypass 2019-10-08 2019-10-15
5.0
None Remote Low Not required None Partial None
In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile() function: one can upload any type of file. For example, a .jsp file may be stored and almost immediately deleted, but this deletion step does not occur for certain exceptions.
4671 CVE-2019-17339 2020-08-11 2020-08-14
5.8
None Remote Medium Not required Partial Partial None
The VirtualRouter component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that theoretically allows an attacker to inject scripts via URLs. The attacker could theoretically social engineer an authenticated user into submitting the URL, thus executing the script on the affected system with the privileges of the user. Affected releases are TIBCO Software Inc.'s TIBCO Silver Fabric: versions 6.0.0 and below.
4672 CVE-2019-17326 20 2019-10-30 2019-11-01
5.8
None Remote Medium Not required None Partial Partial
ClipSoft REXPERT 1.0.0.527 and earlier version allows remote attacker to arbitrary file deletion by issuing a HTTP GET request with a specially crafted parameter. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page.
4673 CVE-2019-17321 200 +Info 2019-10-30 2019-11-01
5.0
None Remote Low Not required Partial None None
ClipSoft REXPERT 1.0.0.527 and earlier version have an information disclosure issue. When requesting web page associated with session, could leak username via session file path of HTTP response data. No authentication is required.
4674 CVE-2019-17235 200 +Info 2019-11-12 2019-11-12
5.0
None Remote Low Not required Partial None None
includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows information disclosure.
4675 CVE-2019-17232 20 2019-10-07 2019-10-09
5.0
None Remote Low Not required None Partial None
Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import.
4676 CVE-2019-17230 2020-04-03 2020-08-24
5.0
None Remote Low Not required None Partial None
includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress allows unauthenticated options changes.
4677 CVE-2019-17224 22 Dir. Trav. 2019-10-28 2019-11-05
5.0
None Remote Low Not required Partial None None
The web interface of the Compal Broadband CH7465LG modem (version CH7465LG-NCIP-6.12.18.25-2p6-NOSH) is vulnerable to a /%2f/ path traversal attack, which can be exploited in order to test for the existence of a file pathname outside of the web root directory. If a file exists but is not part of the product, there is a 404 error. If a file does not exist, there is a 302 redirect to index.html.
4678 CVE-2019-17221 552 2019-11-05 2019-11-08
5.0
None Remote Low Not required Partial None None
PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open() function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a specially crafted HTML file, as user input, that allows reading arbitrary files on the filesystem. For example, if page.render() is the function callback, this generates a PDF or an image of the targeted file. NOTE: this product is no longer developed.
4679 CVE-2019-17219 306 2019-10-06 2020-08-24
5.8
None Local Network Low Not required Partial Partial Partial
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. By default, the device does not enforce any authentication. An adjacent attacker is able to use the network interface without proper access control.
4680 CVE-2019-17218 311 2019-10-06 2019-10-10
5.0
None Remote Low Not required Partial None None
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. By default, the communication to the web service is unencrypted via http. An attacker is able to intercept and sniff communication to the web service.
4681 CVE-2019-17215 307 2019-10-06 2020-08-24
5.0
None Remote Low Not required None Partial None
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. There is no bruteforce protection (e.g., lockout) established. An attacker might be able to bruteforce the password to authenticate on the device.
4682 CVE-2019-17214 79 XSS Bypass 2019-10-06 2020-08-24
5.0
None Remote Low Not required None Partial None
The WebARX plugin 1.3.0 for WordPress allows firewall bypass by appending &cc=1 to a URI.
4683 CVE-2019-17210 20 2019-11-04 2019-11-13
5.0
None Remote Low Not required None None Partial
A denial-of-service issue was discovered in the MQTT library in Arm Mbed OS 2017-11-02. The function readMQTTLenString() is called by the function MQTTDeserialize_publish() to get the length and content of the MQTT topic name. In the function readMQTTLenString(), mqttstring->lenstring.len is a part of user input, which can be manipulated. An attacker can simply change it to a larger value to invalidate the if statement so that the statements inside the if statement are skipped, letting the value of mqttstring->lenstring.data default to zero. Later, curn is accessed, which points to mqttstring->lenstring.data. On an Arm Cortex-M chip, the value at address 0x0 is actually the initialization value for the MSP register. It is highly dependent on the actual firmware. Therefore, the behavior of the program is unpredictable from this time on.
4684 CVE-2019-17199 22 Dir. Trav. 2019-10-05 2019-10-10
5.0
None Remote Low Not required Partial None None
www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory Traversal (for reading arbitrary files) because of an unanchored regular expression, as demonstrated by the a.jpg\.. substring.
4685 CVE-2019-17191 20 2019-10-05 2019-10-11
5.0
None Remote Low Not required Partial None None
The Signal Private Messenger application before 4.47.7 for Android allows a caller to force a call to be answered, without callee user interaction, via a connect message. The existence of the call is noticeable to the callee; however, the audio channel may be open before the callee can block eavesdropping.
4686 CVE-2019-17187 22 Dir. Trav. 2019-10-08 2019-10-11
5.0
None Remote Low Not required Partial None None
/var/WEB-GUI/cgi-bin/downloadfile.cgi on FiberHome HG2201T 1.00.M5007_JS_201804 devices allows pre-authentication Directory Traversal for reading arbitrary files.
4687 CVE-2019-17185 20 2020-03-21 2020-04-26
5.0
None Remote Low Not required None None Partial
In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack.
4688 CVE-2019-17183 772 2019-10-04 2019-10-09
5.0
None Remote Low Not required None None Partial
Foxit Reader before 9.7 allows an Access Violation and crash if insufficient memory exists.
4689 CVE-2019-17178 772 2019-10-04 2020-10-14
5.0
None Remote Low Not required None None Partial
HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value.
4690 CVE-2019-17177 772 2019-10-04 2020-10-14
5.0
None Remote Low Not required None None Partial
libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value.
4691 CVE-2019-17175 22 Dir. Trav. 2019-10-04 2019-10-08
5.0
None Remote Low Not required Partial None None
joyplus-cms 1.6.0 allows manager/admin_pic.php?rootpath= absolute path traversal.
4692 CVE-2019-17151 601 Exec Code 2020-01-07 2020-01-14
5.8
None Remote Medium Not required Partial Partial None
This vulnerability allows remote attackers redirect users to an external resource on affected installations of Tencent WeChat Prior to 7.0.9. User interaction is required to exploit this vulnerability in that the target must be within a chat session together with the attacker. The specific flaw exists within the parsing of a users profile. The issue lies in the failure to properly validate a users name. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9302.
4693 CVE-2019-17128 89 Sql 2019-10-09 2019-10-11
5.0
None Remote Low Not required Partial None None
Netreo OmniCenter through 12.1.1 allows unauthenticated SQL Injection (Boolean Based Blind) in the redirect parameters and parameter name of the login page through a GET request. The injection allows an attacker to read sensitive information from the database used by the application.
4694 CVE-2019-17123 20 2019-12-13 2019-12-30
5.0
None Remote Low Not required None Partial None
The eGain Web Email API 11+ allows spoofed messages because the fromName and message fields (to /system/ws/v11/ss/email) are mishandled, as demonstrated by fromName header injection with a %0a or %0d character. (Also, the message parameter can have initial HTML comment characters.)
4695 CVE-2019-17110 200 +Info 2019-10-03 2019-10-10
5.0
None Remote Low Not required Partial None None
A security issue was discovered in kube-state-metrics 1.7.x before 1.7.2. An experimental feature was added to v1.7.0 and v1.7.1 that enabled annotations to be exposed as metrics. By default, kube-state-metrics metrics only expose metadata about Secrets. However, a combination of the default kubectl behavior and this new feature can cause the entire secret content to end up in metric labels, thus inadvertently exposing the secret content in metrics.
4696 CVE-2019-17105 330 2019-10-08 2019-10-15
5.0
None Remote Low Not required Partial None None
The token generator in index.php in Centreon Web before 2.8.27 is predictable.
4697 CVE-2019-17104 565 2019-10-08 2019-10-11
5.0
None Remote Low Not required Partial None None
In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set.
4698 CVE-2019-17087 200 +Info 2019-12-11 2019-12-19
5.0
None Remote Low Not required Partial None None
Unauthorized file download vulnerability in all supported versions of Micro Focus AcuToWeb. The vulnerability could be exploited to enumerate and download files from the filesystem of the system running AcuToWeb, with the privileges of the account AcuToWeb is running under.
4699 CVE-2019-17073 22 Dir. Trav. 2019-10-01 2019-10-04
5.5
None Remote Low ??? None Partial Partial
emlog through 6.0.0beta allows remote authenticated users to delete arbitrary files via admin/template.php?action=del&tpl=../ directory traversal.
4700 CVE-2019-17069 20 DoS 2019-10-01 2019-11-27
5.0
None Remote Low Not required None None Partial
PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message.
Total number of vulnerabilities : 22711   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 (This Page)95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.