CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4901 CVE-2019-10666 94 Exec Code 2019-09-09 2019-09-10
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in LibreNMS through 1.47. Several of the scripts perform dynamic script inclusion via the include() function on user supplied input without sanitizing the values by calling basename() or a similar function. An attacker can leverage this to execute PHP code from the included file. Exploitation of these scripts is made difficult by additional text being appended (typically .inc.php), which means an attacker would need to be able to control both a filename and its content on the server. However, exploitation can be achieved as demonstrated by the csv.php?report=../ substring.
4902 CVE-2019-10663 89 Sql 2019-03-30 2019-04-01
6.5
None Remote Low ??? Partial Partial Partial
Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to conduct SQL injection attacks via the sord parameter in a listCodeblueGroup API call to the /cgi? URI.
4903 CVE-2019-10660 78 Exec Code 2019-03-30 2020-08-24
6.5
None Remote Low ??? Partial Partial Partial
Grandstream GXV3611IR_HD before 1.0.3.23 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the /goform/systemlog?cmd=set logserver field.
4904 CVE-2019-10659 78 Exec Code 2019-03-30 2020-08-24
6.5
None Remote Low ??? Partial Partial Partial
Grandstream GXV3370 before 1.0.1.41 and WP820 before 1.0.3.6 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in a /manager?action=getlogcat priority field.
4905 CVE-2019-10658 78 Exec Code 2019-03-30 2020-08-24
6.5
None Remote Low ??? Partial Partial Partial
Grandstream GWN7610 before 1.0.8.18 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/controller.icc.update_nds_webroot_from_tmp update_nds_webroot_from_tmp API call.
4906 CVE-2019-10652 434 2019-03-30 2019-04-01
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in flatCore 1.4.7. acp/acp.php allows remote authenticated administrators to upload arbitrary .php files, related to the addons feature.
4907 CVE-2019-10644 352 CSRF 2019-03-30 2019-04-01
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in HYBBS 2.2. /?admin/user.html has a CSRF vulnerability that can add an administrator account.
4908 CVE-2019-10642 352 CSRF 2019-04-17 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
Contao 4.7 allows CSRF.
4909 CVE-2019-10633 94 Exec Code 2019-04-09 2019-04-10
6.5
None Remote Low ??? Partial Partial Partial
An eval injection vulnerability in the Python web server routing on the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to execute arbitrary code via the tjp6jp6y4, simZysh, and ck6fup6 APIs.
4910 CVE-2019-10631 78 Exec Code 2019-04-09 2020-08-24
6.5
None Remote Low ??? Partial Partial Partial
Shell Metacharacter Injection in the package installer on Zyxel NAS 326 version 5.21 and below allows an authenticated attacker to execute arbitrary code via multiple different requests.
4911 CVE-2019-10471 352 CSRF 2019-10-23 2019-10-24
6.8
None Remote Medium Not required Partial Partial Partial
A cross-site request forgery vulnerability in Jenkins Libvirt Slaves Plugin allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
4912 CVE-2019-10468 352 CSRF 2019-10-23 2019-10-24
6.8
None Remote Medium Not required Partial Partial Partial
A cross-site request forgery vulnerability in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
4913 CVE-2019-10464 352 CSRF 2019-10-23 2019-10-24
6.8
None Remote Medium Not required Partial Partial Partial
A cross-site request forgery vulnerability in Jenkins Deploy WebLogic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file system.
4914 CVE-2019-10462 352 CSRF 2019-10-23 2019-10-25
6.8
None Remote Medium Not required Partial Partial Partial
A cross-site request forgery vulnerability in Jenkins Dynatrace Application Monitoring Plugin 2.1.3 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials.
4915 CVE-2019-10458 20 Exec Code 2019-10-16 2019-10-18
6.5
None Remote Low ??? Partial Partial Partial
Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.
4916 CVE-2019-10446 295 2019-10-16 2019-10-18
6.4
None Remote Low Not required Partial Partial None
Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM.
4917 CVE-2019-10444 295 2019-10-16 2019-10-18
6.4
None Remote Low Not required Partial Partial None
Jenkins Bumblebee HP ALM Plugin 4.1.3 and earlier unconditionally disabled SSL/TLS and hostname verification for connections to HP ALM.
4918 CVE-2019-10437 352 CSRF 2019-10-16 2019-10-23
6.8
None Remote Medium Not required Partial Partial Partial
A cross-site request forgery vulnerability in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
4919 CVE-2019-10431 94 Exec Code Bypass 2019-10-01 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed scripts.
4920 CVE-2019-10418 Bypass 2019-09-25 2020-10-01
6.5
None Remote Low ??? Partial Partial Partial
Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection.
4921 CVE-2019-10417 Bypass 2019-09-25 2020-10-02
6.5
None Remote Low ??? Partial Partial Partial
Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection.
4922 CVE-2019-10392 78 2019-09-12 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection.
4923 CVE-2019-10390 20 Exec Code Bypass 2019-08-28 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
A sandbox bypass vulnerability in Jenkins Splunk Plugin 1.7.4 and earlier allowed attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
4924 CVE-2019-10386 352 CSRF 2019-08-07 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
A cross-site request forgery vulnerability in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptor#doTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
4925 CVE-2019-10384 352 Bypass CSRF 2019-08-28 2019-09-20
6.8
None Remote Medium Not required Partial Partial Partial
Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user.
4926 CVE-2019-10380 Exec Code 2019-08-07 2020-10-01
6.5
None Remote Low ??? Partial Partial Partial
Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.
4927 CVE-2019-10368 352 CSRF 2019-08-07 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
A cross-site request forgery vulnerability in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpl#doTestConnection and JCloudsCloud.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
4928 CVE-2019-10359 352 CSRF 2019-07-31 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
A cross-site request forgery vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier in the M2ReleaseAction#doSubmit method allowed attackers to perform releases with attacker-specified options.
4929 CVE-2019-10356 Exec Code Bypass 2019-07-31 2020-10-02
6.5
None Remote Low ??? Partial Partial Partial
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts.
4930 CVE-2019-10355 704 Exec Code Bypass 2019-07-31 2020-10-02
6.5
None Remote Low ??? Partial Partial Partial
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts.
4931 CVE-2019-10340 352 CSRF 2019-07-11 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
4932 CVE-2019-10338 352 CSRF 2019-06-11 2019-06-13
6.8
None Remote Medium Not required Partial Partial Partial
A cross-site request forgery vulnerability in Jenkins JX Resources Plugin 1.0.36 and earlier in GlobalPluginConfiguration#doValidateClient allowed attackers to have Jenkins connect to an attacker-specified Kubernetes server, potentially leaking credentials.
4933 CVE-2019-10328 693 Bypass 2019-05-31 2019-06-03
6.5
None Remote Low ??? Partial Partial Partial
Jenkins Pipeline Remote Loader Plugin 1.4 and earlier provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection.
4934 CVE-2019-10315 352 CSRF 2019-04-30 2019-05-06
6.8
None Remote Medium Not required Partial Partial Partial
Jenkins GitHub Authentication Plugin 0.31 and earlier did not use the state parameter of OAuth to prevent CSRF.
4935 CVE-2019-10310 352 CSRF 2019-04-30 2019-05-06
6.8
None Remote Medium Not required Partial Partial Partial
A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins
4936 CVE-2019-10306 Exec Code Bypass 2019-04-18 2020-10-02
6.5
None Remote Low ??? Partial Partial Partial
A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earlier allowed attackers with control over ontrack DSL definitions to execute arbitrary code on the Jenkins master JVM.
4937 CVE-2019-10264 611 2019-07-26 2019-07-31
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. With a valid administrator account, the "Move / Import / Export Users" screen has an Import Users option. This option accepts a ZIP archive containing a users.xml file that can trigger XXE.
4938 CVE-2019-10249 116 2019-05-06 2020-10-02
6.8
None Remote Medium Not required Partial Partial Partial
All Xtext & Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised.
4939 CVE-2019-10248 669 2019-04-22 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected.
4940 CVE-2019-10240 310 2019-04-03 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected.
4941 CVE-2019-10237 352 CSRF 2019-03-27 2019-03-28
6.8
None Remote Medium Not required Partial Partial Partial
S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via the 4.edu.php/admin/ajax.php?type=admin&action=add&lang=0 URI, a related issue to CVE-2019-9040.
4942 CVE-2019-10233 203 2019-03-27 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie.
4943 CVE-2019-10229 613 2019-12-31 2020-08-24
6.0
None Remote Medium ??? Partial Partial Partial
An issue was discovered in MailStore Server (and Service Provider Edition) 9.x through 11.x before 11.2.2. When the directory service (for synchronizing and authenticating users) is set to Generic LDAP, an attacker is able to login as an existing user with an arbitrary password on the second login attempt.
4944 CVE-2019-10225 522 2021-03-19 2021-03-26
6.5
None Remote Low ??? Partial Partial Partial
A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. An attacker with basic-user permissions is able to obtain the value of restuserkey, and use it to authenticate to the GlusterFS REST service, gaining access to read, and modify files.
4945 CVE-2019-10216 Bypass 2019-11-27 2020-09-30
6.8
None Remote Medium Not required Partial Partial Partial
In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.
4946 CVE-2019-10208 89 Sql 2019-10-29 2020-08-17
6.5
None Remote Low ??? Partial Partial Partial
A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.
4947 CVE-2019-10199 20 2019-08-14 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
It was found that Keycloak's account console, up to 6.0.1, did not perform adequate header checks in some requests. An attacker could use this flaw to trick an authenticated user into performing operations via request from an untrusted domain.
4948 CVE-2019-10197 22 Dir. Trav. 2019-09-03 2020-08-18
6.4
None Remote Low Not required Partial Partial None
A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share.
4949 CVE-2019-10193 119 Overflow 2019-07-11 2020-07-15
6.5
None Remote Low ??? Partial Partial Partial
A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer.
4950 CVE-2019-10192 119 Overflow 2019-07-11 2020-07-15
6.5
None Remote Low ??? Partial Partial Partial
A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.