CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2019 (CVSS score >= 6)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-18633 295 2019-10-30 2019-11-05
7.5
None Remote Low Not required Partial Partial Partial
European Commission eIDAS-Node Integration Package before 2.3.1 has Missing Certificate Validation because a certain ExplicitKeyTrustEvaluator return value is not checked. NOTE: only 2.1 is confirmed to be affected.
2 CVE-2019-18632 295 2019-10-30 2019-11-05
7.5
None Remote Low Not required Partial Partial Partial
European Commission eIDAS-Node Integration Package before 2.3.1 allows Certificate Faking because an attacker can sign a manipulated SAML response with a forged certificate.
3 CVE-2019-18624 20 Bypass 2019-10-29 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
Opera Mini for Android allows attackers to bypass intended restrictions on .apk file download/installation via an RTLO (aka Right to Left Override) approach, as demonstrated by misinterpretation of malicious%E2%80%AEtxt.apk as maliciouskpa.txt. This affects 44.1.2254.142553, 44.1.2254.142659, and 44.1.2254.143214.
4 CVE-2019-18604 20 2019-10-29 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
In axohelp.c before 1.3 in axohelp in axodraw2 before 2.1.1b, as distributed in TeXLive and other collections, sprintf is mishandled.
5 CVE-2019-18465 306 2019-10-31 2019-11-04
6.8
None Remote Medium Not required Partial Partial Partial
In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH (SFTP) interface. The vulnerability affects only certain SSH (SFTP) configurations, and is applicable only if the MySQL database is being used.
6 CVE-2019-18464 89 Sql 2019-10-31 2019-11-06
7.5
None Remote Low Not required Partial Partial Partial
In Progress MOVEit Transfer 10.2 before 10.2.6 (2018.3), 11.0 before 11.0.4 (2019.0.4), and 11.1 before 11.1.3 (2019.1.3), multiple SQL Injection vulnerabilities have been found in the REST API that could allow an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database or may be able to alter the database.
7 CVE-2019-18425 269 +Priv 2019-10-31 2019-11-14
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table accesses are performed by the emulating code. Such accesses should respect the guest specified limits, unless otherwise guaranteed to fail in such a case. Without this, emulation of 32-bit guest user mode calls through call gates would allow guest user mode to install and then use descriptors of their choice, as long as the guest kernel did not itself install an LDT. (Most OSes don't install any LDT by default). 32-bit PV guest user mode can elevate its privileges to that of the guest kernel. Xen versions from at least 3.2 onwards are affected. Only 32-bit PV guest user mode can leverage this vulnerability. HVM, PVH, as well as 64-bit PV guests cannot leverage this vulnerability. Arm systems are unaffected.
8 CVE-2019-18424 78 +Priv 2019-10-31 2019-11-14
6.9
None Local Medium Not required Complete Complete Complete
An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. This occurs because passed through PCI devices may corrupt host memory after deassignment. When a PCI device is assigned to an untrusted domain, it is possible for that domain to program the device to DMA to an arbitrary address. The IOMMU is used to protect the host from malicious DMA by making sure that the device addresses can only target memory assigned to the guest. However, when the guest domain is torn down, or the device is deassigned, the device is assigned back to dom0, thus allowing any in-flight DMA to potentially target critical host data. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable.
9 CVE-2019-18423 193 DoS 2019-10-31 2020-08-24
8.5
None Remote Medium ??? Complete Complete Complete
An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service via a XENMEM_add_to_physmap hypercall. p2m->max_mapped_gfn is used by the functions p2m_resolve_translation_fault() and p2m_get_entry() to sanity check guest physical frame. The rest of the code in the two functions will assume that there is a valid root table and check that with BUG_ON(). The function p2m_get_root_pointer() will ignore the unused top bits of a guest physical frame. This means that the function p2m_set_entry() will alias the frame. However, p2m->max_mapped_gfn will be updated using the original frame. It would be possible to set p2m->max_mapped_gfn high enough to cover a frame that would lead p2m_get_root_pointer() to return NULL in p2m_get_entry() and p2m_resolve_translation_fault(). Additionally, the sanity check on p2m->max_mapped_gfn is off-by-one allowing "highest mapped + 1" to be considered valid. However, p2m_get_root_pointer() will return NULL. The problem could be triggered with a specially crafted hypercall XENMEM_add_to_physmap{, _batch} followed by an access to an address (via hypercall or direct access) that passes the sanity check but cause p2m_get_root_pointer() to return NULL. A malicious guest administrator may cause a hypervisor crash, resulting in a Denial of Service (DoS). Xen version 4.8 and newer are vulnerable. Only Arm systems are vulnerable. x86 systems are not affected.
10 CVE-2019-18422 732 DoS +Priv 2019-10-31 2019-11-17
8.5
None Remote Medium ??? Complete Complete Complete
An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service or gain privileges by leveraging the erroneous enabling of interrupts. Interrupts are unconditionally unmasked in exception handlers. When an exception occurs on an ARM system which is handled without changing processor level, some interrupts are unconditionally enabled during exception entry. So exceptions which occur when interrupts are masked will effectively unmask the interrupts. A malicious guest might contrive to arrange for critical Xen code to run with interrupts erroneously enabled. This could lead to data corruption, denial of service, or possibly even privilege escalation. However a precise attack technique has not been identified.
11 CVE-2019-18421 362 +Priv 2019-10-31 2019-11-14
7.1
None Remote High ??? Complete Complete Complete
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations. There are issues with restartable PV type change operations. To avoid using shadow pagetables for PV guests, Xen exposes the actual hardware pagetables to the guest. In order to prevent the guest from modifying these page tables directly, Xen keeps track of how pages are used using a type system; pages must be "promoted" before being used as a pagetable, and "demoted" before being used for any other type. Xen also allows for "recursive" promotions: i.e., an operating system promoting a page to an L4 pagetable may end up causing pages to be promoted to L3s, which may in turn cause pages to be promoted to L2s, and so on. These operations may take an arbitrarily large amount of time, and so must be re-startable. Unfortunately, making recursive pagetable promotion and demotion operations restartable is incredibly complicated, and the code contains several races which, if triggered, can cause Xen to drop or retain extra type counts, potentially allowing guests to get write access to in-use pagetables. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All x86 systems with untrusted PV guests are vulnerable. HVM and PVH guests cannot exercise this vulnerability.
12 CVE-2019-18420 134 DoS 2019-10-31 2020-08-24
6.3
None Remote Medium ??? None None Complete
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. hypercall_create_continuation() is a variadic function which uses a printf-like format string to interpret its parameters. Error handling for a bad format character was done using BUG(), which crashes Xen. One path, via the VCPUOP_initialise hypercall, has a bad format character. The BUG() can be hit if VCPUOP_initialise executes for a sufficiently long period of time for a continuation to be created. Malicious guests may cause a hypervisor crash, resulting in a Denial of Service (DoS). Xen versions 4.6 and newer are vulnerable. Xen versions 4.5 and earlier are not vulnerable. Only x86 PV guests can exploit the vulnerability. HVM and PVH guests, and guests on ARM systems, cannot exploit the vulnerability.
13 CVE-2019-18418 384 2019-10-24 2019-10-29
7.5
None Remote Low Not required Partial Partial Partial
clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because there is no session management.
14 CVE-2019-18417 434 Exec Code 2019-10-24 2019-10-28
6.5
None Remote Low ??? Partial Partial Partial
Sourcecodester Restaurant Management System 1.0 allows an authenticated attacker to upload arbitrary files that can result in code execution. The issue occurs because the application fails to adequately sanitize user-supplied input, e.g., "add a new food" allows .php files.
15 CVE-2019-18414 352 CSRF 2019-10-24 2019-10-28
6.8
None Remote Medium Not required Partial Partial Partial
Sourcecodester Restaurant Management System 1.0 is affected by an admin/staff-exec.php Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code or adding a staff entry via a crafted HTML page.
16 CVE-2019-18413 79 Sql XSS Bypass 2019-10-24 2021-12-07
7.5
None Remote Low Not required Partial Partial Partial
In TypeStack class-validator 0.10.2, validate() input validation can be bypassed because certain internal attributes can be overwritten via a conflicting name. Even though there is an optional forbidUnknownValues parameter that can be used to reduce the risk of this bypass, this option is not documented and thus most developers configure input validation in the vulnerable default manner. With this vulnerability, attackers can launch SQL Injection or XSS attacks by injecting arbitrary malicious input. NOTE: a software maintainer agrees with the "is not documented" finding but suggests that much of the responsibility for the risk lies in a different product.
17 CVE-2019-18396 78 Exec Code 2019-10-31 2020-02-10
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices. A Command Injection in the Ping module in the Web Interface in OI_Fw_V20 allows remote attackers to execute arbitrary OS commands in the pingAddr parameter to mnt_ping.cgi. NOTE: This may overlap CVE-2017–14127.
18 CVE-2019-18394 918 2019-10-24 2020-08-07
7.5
None Remote Low Not required Partial Partial Partial
A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests.
19 CVE-2019-18387 89 Exec Code Sql 2019-10-23 2019-10-28
7.5
None Remote Low Not required Partial Partial Partial
Sourcecodester Hotel and Lodge Management System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the id parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details.
20 CVE-2019-18370 20 2019-10-23 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. The backup file is in tar.gz format. After uploading, the application uses the tar zxf command to decompress, so one can control the contents of the files in the decompressed directory. In addition, the application's sh script for testing upload and download speeds reads a URL list from /tmp/speedtest_urls.xml, and there is a command injection vulnerability, as demonstrated by api/xqnetdetect/netspeed.
21 CVE-2019-18368 2019-10-31 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible.
22 CVE-2019-18364 502 Exec Code 2019-10-31 2019-11-01
7.5
None Remote Low Not required Partial Partial Partial
In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution.
23 CVE-2019-18355 918 2019-10-23 2019-10-30
7.5
None Remote Low Not required Partial Partial Partial
An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7.
24 CVE-2019-18344 89 Exec Code Sql 2019-10-23 2020-09-03
7.5
None Remote Low Not required Partial Partial Partial
Sourcecodester Online Grading System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the student, instructor, department, room, class, or user page (id or classid parameter).
25 CVE-2019-18280 352 CSRF 2019-10-23 2020-09-03
6.8
None Remote Medium Not required Partial Partial Partial
Sourcecodester Online Grading System 1.0 is affected by a Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code via a crafted HTML page, as demonstrated by a Create User action at the admin/modules/user/controller.php?action=add URI.
26 CVE-2019-18226 294 2019-10-31 2020-09-29
7.5
None Remote Low Not required Partial Partial Partial
Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a weak authentication method is retained for compatibility with legacy products.
27 CVE-2019-18225 Bypass 2019-10-21 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 before build 41.28. An attacker with management-interface access can bypass authentication to obtain appliance administrative access. These products formerly used the NetScaler brand name.
28 CVE-2019-18224 787 Overflow 2019-10-21 2019-10-29
7.5
None Remote Low Not required Partial Partial Partial
idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string.
29 CVE-2019-18220 352 CSRF 2019-10-23 2019-10-24
6.8
None Remote Medium Not required Partial Partial Partial
Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery (CSRF) issue as it doesn't implement any method to validate incoming requests, allowing the execution of critical functionalities via spoofed requests. This behavior could be abused by a remote unauthenticated attacker to trick Sitemagic users into performing unwarranted actions.
30 CVE-2019-18218 787 Overflow 2019-10-21 2021-09-14
7.5
None Remote Low Not required Partial Partial Partial
cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).
31 CVE-2019-18216 20 2019-10-20 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
** DISPUTED ** The BIOS configuration design on ASUS ROG Zephyrus M GM501GS laptops with BIOS 313 relies on the main battery instead of using a CMOS battery, which reduces the value of a protection mechanism in which booting from a USB device is prohibited. Attackers who have physical laptop access can exhaust the main battery to reset the BIOS configuration, and then achieve direct access to the hard drive by booting a live USB OS without disassembling the laptop. NOTE: the vendor has apparently indicated that this is "normal" and use of the same battery for the BIOS and the overall system is a "new design." However, the vendor apparently plans to "improve" this an unspecified later time.
32 CVE-2019-18214 772 DoS 2019-10-19 2019-10-22
6.8
None Remote Low ??? None None Complete
The Video_Converter app 0.1.0 for Nextcloud allows denial of service (CPU and memory consumption) via multiple concurrent conversions because many FFmpeg processes may be running at once. (The workload is not queued for serial execution.)
33 CVE-2019-18213 91 2019-10-23 2021-07-21
6.5
None Remote Low ??? Partial Partial Partial
XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with resultant SSRF (as well as SMB connection initiation that can lead to NetNTLM challenge/response capture for password cracking). This occurs in extensions/contentmodel/participants/diagnostics/LSPXMLParserConfiguration.java.
34 CVE-2019-18206 352 CSRF 2019-10-30 2019-11-05
6.8
None Remote Medium Not required Partial Partial Partial
A cross-site request forgery (CSRF) vulnerability in Zucchetti InfoBusiness before and including 4.4.1 allows arbitrary file upload.
35 CVE-2019-18204 434 Exec Code 2019-10-30 2019-11-01
6.5
None Remote Low ??? Partial Partial Partial
Zucchetti InfoBusiness before and including 4.4.1 allows any authenticated user to upload .php files in order to achieve code execution.
36 CVE-2019-18200 2019-10-24 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, they are prone to keystroke injection attacks.
37 CVE-2019-18199 294 2019-10-24 2021-07-21
6.9
None Local Medium Not required Complete Complete Complete
An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, and because of password-based authentication, they are vulnerable to replay attacks.
38 CVE-2019-18198 772 2019-10-18 2019-10-31
7.2
None Local Low Not required Complete Complete Complete
In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753.
39 CVE-2019-18196 426 Exec Code 2019-10-24 2019-11-18
6.9
None Local Medium Not required Complete Complete Complete
A DLL side loading vulnerability in the Windows Service in TeamViewer versions up to 11.0.133222 (fixed in 11.0.214397), 12.0.181268 (fixed in 12.0.214399), 13.2.36215 (fixed in 13.2.36216), and 14.6.4835 (fixed in 14.7.1965) on Windows could allow an attacker to perform code execution on a target system via a service restart where the DLL was previously installed with administrative privileges. Exploitation requires that an attacker be able to create a new file in the TeamViewer application directory; directory permissions restrict that by default.
40 CVE-2019-18195 2019-10-28 2020-08-24
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered on TerraMaster FS-210 4.0.19 devices. Normal users can use 1.user.php for privilege elevation.
41 CVE-2019-18189 22 Dir. Trav. Bypass 2019-10-28 2019-11-05
10.0
None Remote Low Not required Complete Complete Complete
A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not require authentication.
42 CVE-2019-17676 352 CSRF 2019-10-17 2019-10-21
6.8
None Remote Medium Not required Partial Partial Partial
app/system/admin/admin/index.class.php in MetInfo 7.0.0beta allows a CSRF attack to add a user account via a doSaveSetup action to admin/index.php, as demonstrated by an admin/?n=admin&c=index&a=doSaveSetup URI.
43 CVE-2019-17675 352 CSRF 2019-10-17 2019-11-05
6.8
None Remote Medium Not required Partial Partial Partial
WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF.
44 CVE-2019-17670 918 2019-10-17 2020-09-11
7.5
None Remote Low Not required Partial Partial Partial
WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative URLs.
45 CVE-2019-17669 918 2019-10-17 2019-11-05
7.5
None Remote Low Not required Partial Partial Partial
WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters.
46 CVE-2019-17666 120 Overflow 2019-10-17 2019-10-24
8.3
None Local Network Low Not required Complete Complete Complete
rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.
47 CVE-2019-17631 269 2019-10-17 2020-10-16
6.4
None Remote Low Not required None Partial Partial
From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks.
48 CVE-2019-17626 91 Exec Code 2019-10-16 2020-07-27
7.5
None Remote Low Not required Partial Partial Partial
ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code.
49 CVE-2019-17625 79 Exec Code XSS 2019-10-16 2019-10-16
8.5
None Remote Medium ??? Complete Complete Complete
There is a stored XSS in Rambox 0.6.9 that can lead to code execution. The XSS is in the name field while adding/editing a service. The problem occurs due to incorrect sanitization of the name field when being processed and stored. This allows a user to craft a payload for Node.js and Electron, such as an exec of OS commands within the onerror attribute of an IMG element.
50 CVE-2019-17613 94 Exec Code CSRF 2019-10-15 2019-10-18
7.5
None Remote Low Not required Partial Partial Partial
qibosoft 7 allows remote code execution because do/jf.php makes eval calls. The attacker can use the Point Introduction Management feature to supply PHP code to be evaluated. Alternatively, the attacker can access admin/index.php?lfj=jfadmin&action=addjf via CSRF, as demonstrated by a payload in the content parameter.
Total number of vulnerabilities : 606   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.