CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-12881 DoS 2019-06-18 2019-06-18
0.0
None ??? ??? ??? ??? ??? ???
i915_gem_userptr_get_pages in drivers/gpu/drm/i915/i915_gem_userptr.c in the Linux kernel 4.15.0 on Ubuntu 18.04.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) or possibly have unspecified other impact via crafted ioctl calls to /dev/dri/card0.
2 CVE-2019-12875 2019-06-18 2019-06-18
0.0
None ??? ??? ??? ??? ??? ???
Alpine Linux abuild through 3.4.0 allows an unprivileged member of the abuild group to add an untrusted package via a --keys-dir option that causes acceptance of an untrusted signing key.
3 CVE-2019-12874 2019-06-18 2019-06-18
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free.
4 CVE-2019-12872 89 Sql 2019-06-18 2019-06-18
6.5
None Remote Low Single system Partial Partial Partial
dotCMS before 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker of the role Publisher via view_unpushed_bundles.jsp.
5 CVE-2019-12868 502 Exec Code 2019-06-17 2019-06-18
6.5
None Remote Low Single system Partial Partial Partial
app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator because the PHP file_exists function is used with user-controlled entries, and phar:// URLs trigger deserialization.
6 CVE-2019-12865 415 2019-06-17 2019-06-18
4.3
None Remote Medium Not required None None Partial
In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a double free for the ms command.
7 CVE-2019-12855 295 2019-06-16 2019-06-17
5.8
None Remote Medium Not required Partial Partial None
In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.
8 CVE-2019-12840 77 Exec Code 2019-06-15 2019-06-18
9.0
None Remote Low Single system Complete Complete Complete
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
9 CVE-2019-12839 77 Exec Code 2019-06-15 2019-06-17
6.5
None Remote Low Single system Partial Partial Partial
In OrangeHRM 4.3.1 and before, there is an input validation error within admin/listMailConfiguration (txtSendmailPath parameter) that allows authenticated attackers to achieve arbitrary command execution.
10 CVE-2019-12835 787 2019-06-15 2019-06-17
7.5
None Remote Low Not required Partial Partial Partial
formats/xml.cpp in Leanify 0.4.3 allows for a controlled out-of-bounds write in xml_memory_writer::write via characters that require escaping.
11 CVE-2019-12831 20 2019-06-15 2019-06-17
6.5
None Remote Low Single system Partial Partial Partial
In MyBB before 1.8.21, an attacker can abuse a default behavior of MySQL on many systems (that leads to truncation of strings that are too long for a database column) to create a PHP shell in the cache directory of a targeted forum via a crafted XML import, as demonstrated by truncation of aaaaaaaaaaaaaaaaaaaaaaaaaa.php.css to aaaaaaaaaaaaaaaaaaaaaaaaaa.php with a 30-character limit, aka theme import stylesheet name RCE.
12 CVE-2019-12830 XSS 2019-06-15 2019-06-17
0.0
None ??? ??? ??? ??? ??? ???
In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to [video] BBCode persistent XSS to take over any forum account, aka a nested video MyCode issue.
13 CVE-2019-12829 119 DoS Overflow 2019-06-15 2019-06-17
5.0
None Remote Low Not required None None Partial
radare2 through 3.5.1 mishandles the RParse API, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, as demonstrated by newstr buffer overflows during replace operations. This affects libr/asm/asm.c and libr/parse/parse.c.
14 CVE-2019-12828 Exec Code 2019-06-14 2019-06-17
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in Electronic Arts Origin before 10.5.39. Due to improper sanitization of the origin:// and origin2:// URI schemes, it is possible to inject additional arguments into the Origin process and ultimately leverage code execution by loading a backdoored Qt plugin remotely via the platformpluginpath argument supplied with a Windows network share.
15 CVE-2019-12823 79 XSS 2019-06-18 2019-06-18
4.3
None Remote Medium Not required None Partial None
Craft CMS 3.1.30 has XSS.
16 CVE-2019-12822 119 Overflow 2019-06-14 2019-06-17
5.0
None Remote Low Not required None None Partial
In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds memory reference, and potential DoS, as demonstrated by a colon on a line by itself.
17 CVE-2019-12819 416 DoS 2019-06-13 2019-06-18
2.1
None Local Low Not required None None Partial
An issue was discovered in the Linux kernel before 5.0. The function __mdiobus_register() in drivers/net/phy/mdio_bus.c calls put_device(), which will trigger a fixed_mdio_bus_init use-after-free. This will cause a denial of service.
18 CVE-2019-12818 476 DoS 2019-06-13 2019-06-18
5.0
None Remote Low Not required None None Partial
An issue was discovered in the Linux kernel before 4.20.15. The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller does not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This affects nfc_llcp_build_gb in net/nfc/llcp_core.c.
19 CVE-2019-12816 264 Exec Code 2019-06-15 2019-06-17
6.5
None Remote Low Single system Partial Partial Partial
Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin users to escalate privileges and execute arbitrary code by loading a module with a crafted name.
20 CVE-2019-12813 2019-06-13 2019-06-13
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in Digital Persona U.are.U 4500 Fingerprint Reader v24. The key and salt used for obfuscating the fingerprint image exhibit cleartext when the fingerprint scanner device transfers a fingerprint image to the driver. An attacker who sniffs an encrypted fingerprint image can easily decrypt that image using the key and salt.
21 CVE-2019-12802 119 DoS Overflow 2019-06-13 2019-06-17
6.8
None Remote Medium Not required Partial Partial Partial
In radare2 through 3.5.1, the rcc_context function of libr/egg/egg_lang.c mishandles changing context. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (invalid memory access in r_egg_lang_parsechar; invalid free in rcc_pusharg).
22 CVE-2019-12801 79 XSS 2019-06-17 2019-06-18
4.3
None Remote Medium Not required None Partial None
out/out.GroupMgr.php in SeedDMS 5.1.11 has Stored XSS by making a new group with a JavaScript payload as the "GROUP" Name.
23 CVE-2019-12799 502 Exec Code Bypass 2019-06-13 2019-06-17
6.5
None Remote Low Single system Partial Partial Partial
In createInstanceFromNamedArguments in Shopware through 5.6.x, a crafted web request can trigger a PHP object instantiation vulnerability, which can result in an arbitrary deserialization if the right class is instantiated. An attacker can leverage this deserialization to achieve remote code execution. NOTE: this issue is a bypass for a CVE-2017-18357 whitelist patch.
24 CVE-2019-12798 185 Overflow 2019-06-13 2019-06-17
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Artifex MuJS 1.0.5. regcompx in regexp.c does not restrict regular expression program size, leading to an overflow of the parsed syntax list size.
25 CVE-2019-12795 285 2019-06-11 2019-06-13
4.6
None Local Low Not required Partial Partial Partial
daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.)
26 CVE-2019-12794 255 2019-06-11 2019-06-11
6.0
None Remote Medium Single system Partial Partial Partial
An issue was discovered in MISP 2.4.108. Organization admins could reset credentials for site admins (organization admins have the inherent ability to reset passwords for all of their organization's users). This, however, could be abused in a situation where the host organization of an instance creates organization admins. An organization admin could set a password manually for the site admin or simply use the API key of the site admin to impersonate them. The potential for abuse only occurs when the host organization creates lower-privilege organization admins instead of the usual site admins. Also, only organization admins of the same organization as the site admin could abuse this.
27 CVE-2019-12790 125 DoS 2019-06-10 2019-06-11
6.8
None Remote Medium Not required Partial Partial Partial
In radare2 through 3.5.1, there is a heap-based buffer over-read in the r_egg_lang_parsechar function of egg_lang.c. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because of missing length validation in libr/egg/egg.c.
28 CVE-2019-12789 +Priv 2019-06-17 2019-06-17
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered on Actiontec T2200H T2200H-31.128L.08 devices, as distributed by Telus. By attaching a UART adapter to the UART pins on the system board, an attacker can use a special key sequence (Ctrl-\) to obtain a shell with root privileges. After gaining root access, the attacker can mount the filesystem read-write and make permanent modifications to the device including bricking of the device, disabling vendor management of the device, preventing automatic upgrades, and permanently installing malicious code on the device.
29 CVE-2019-12788 119 Overflow 2019-06-10 2019-06-12
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Photodex ProShow Producer v9.0.3797 (an application that runs with Administrator privileges). It is possible to perform a buffer overflow via a crafted file.
30 CVE-2019-12787 91 2019-06-10 2019-06-11
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. There is a command injection in HNAP1 SetWanSettings via an XML injection of the value of the Gateway key.
31 CVE-2019-12786 77 2019-06-10 2019-06-11
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. There is a command injection in HNAP1 SetWanSettings via an XML injection of the value of the IPAddress key.
32 CVE-2019-12780 77 Exec Code 2019-06-10 2019-06-17
7.5
None Remote Low Not required Partial Partial Partial
The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo UPnP API via the SmartDevURL argument to the SetSmartDevInfo action. A simple POST request to /upnp/control/basicevent1 can allow an attacker to execute commands without authentication.
33 CVE-2019-12779 59 2019-06-07 2019-06-10
6.6
None Local Low Not required None Complete Complete
libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames (under /dev/shm and /tmp) without O_EXCL.
34 CVE-2019-12777 275 2019-06-07 2019-06-10
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They replace secure and protected directory permissions (set as default by the underlying operating system) with highly insecure read, write, and execute directory permissions for all users. By default, /usr/local and all of its subdirectories should have permissions set to only allow non-privileged users to read and execute from the tree structure, and to deny users from creating or editing files in this location. The ENTTEC firmware startup script permits all users to read, write, and execute (rwxrwxrwx) from the /usr, /usr/local, /usr/local/dmxis, and /usr/local/bin/ directories.
35 CVE-2019-12776 798 2019-06-07 2019-06-10
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They include a hard-coded SSH backdoor for remote SSH and SCP access as the root user. A command in the relocate and relocate_revB scripts copies the hardcoded key to the root user's authorized_keys file, enabling anyone with the associated private key to gain remote root access to all affected products.
36 CVE-2019-12775 284 2019-06-07 2019-06-10
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They allow high-privileged root access by www-data via sudo without requiring appropriate access control. (Furthermore, the user account that controls the web application service is granted full access to run any system commands with elevated privilege, without the need for password authentication. Should vulnerabilities be identified and exploited within the web application, it may be possible for a threat actor to create or run high-privileged binaries or executables that are available within the operating system of the device.)
37 CVE-2019-12774 79 XSS 2019-06-07 2019-06-10
4.3
None Remote Medium Not required None Partial None
A number of stored XSS vulnerabilities have been identified in the web configuration feature in ENTTEC Datagate Mk2 70044_update_05032019-482 that could allow an unauthenticated threat actor to inject malicious code directly into the application. This affects, for example, the Profile Description field in JSON data to the Profile Editor.
38 CVE-2019-12771 77 2019-06-07 2019-06-10
7.5
None Remote Low Not required Partial Partial Partial
Command injection is possible in ThinStation through 6.1.1 via shell metacharacters after the cgi-bin/CdControl.cgi action= substring, or after the cgi-bin/VolControl.cgi OK= substring.
39 CVE-2019-12766 79 XSS 2019-06-11 2019-06-12
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Joomla! before 3.9.7. The subform fieldtype does not sufficiently filter or validate input of subfields. This leads to XSS attack vectors.
40 CVE-2019-12765 74 2019-06-11 2019-06-12
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Joomla! before 3.9.7. The CSV export of com_actionslogs is vulnerable to CSV injection.
41 CVE-2019-12764 284 2019-06-11 2019-06-12
4.0
None Remote Low Single system None Partial None
An issue was discovered in Joomla! before 3.9.7. The update server URL of com_joomlaupdate can be manipulated by non Super-Admin users.
42 CVE-2019-12763 200 +Info 2019-06-07 2019-06-10
5.0
None Remote Low Not required Partial None None
The Security Camera CZ application through 1.6.8 for Android stores potentially sensitive recorded video in external data storage, which is readable by any application.
43 CVE-2019-12762 264 2019-06-06 2019-06-10
1.9
None Local Medium Not required None Partial None
Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch.
44 CVE-2019-12761 91 2019-06-06 2019-06-16
5.1
None Remote High Not required Partial Partial Partial
A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDG_CONFIG_DIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of sanitization in xdg/Menu.py before an eval call.
45 CVE-2019-12760 502 Exec Code 2019-06-06 2019-06-07
6.0
None Remote Medium Single system Partial Partial Partial
A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code Execution.
46 CVE-2019-12749 287 Bypass 2019-06-11 2019-06-14
3.6
None Local Low Not required Partial Partial None
dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.
47 CVE-2019-12742 287 2019-06-05 2019-06-06
6.5
None Remote Low Single system Partial Partial Partial
Bludit prior to 3.9.1 allows a non-privileged user to change the password of any account, including admin. This occurs because of bl-kernel/admin/controllers/user-password.php Insecure Direct Object Reference (a modified username POST parameter).
48 CVE-2019-12741 79 XSS +Info 2019-06-05 2019-06-06
4.3
None Remote Medium Not required None Partial None
XSS exists in the HAPI FHIR testpage overlay module of the HAPI FHIR library before 3.8.0. The attack involves unsanitized HTTP parameters being output in a form page, allowing attackers to leak cookies and other sensitive information from ca/uhn/fhir/to/BaseController.java via a specially crafted URL. (This module is not generally used in production systems so the attack surface is expected to be low, but affected systems are recommended to upgrade immediately.)
49 CVE-2019-12739 78 Exec Code 2019-06-05 2019-06-06
6.5
None Remote Low Single system Partial Partial Partial
lib/Controller/ExtractionController.php in the Extract add-on before 1.2.0 for Nextcloud allows Remote Code Execution via shell metacharacters in a RAR filename via ajax/extractRar.php (nameOfFile and directory parameters).
50 CVE-2019-12735 78 Exec Code 2019-06-05 2019-06-13
9.3
None Remote Medium Not required Complete Complete Complete
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.
Total number of vulnerabilities : 795   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.