CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2019 (CVSS score >= 8)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-18425 269 +Priv 2019-10-31 2019-11-14
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table accesses are performed by the emulating code. Such accesses should respect the guest specified limits, unless otherwise guaranteed to fail in such a case. Without this, emulation of 32-bit guest user mode calls through call gates would allow guest user mode to install and then use descriptors of their choice, as long as the guest kernel did not itself install an LDT. (Most OSes don't install any LDT by default). 32-bit PV guest user mode can elevate its privileges to that of the guest kernel. Xen versions from at least 3.2 onwards are affected. Only 32-bit PV guest user mode can leverage this vulnerability. HVM, PVH, as well as 64-bit PV guests cannot leverage this vulnerability. Arm systems are unaffected.
2 CVE-2019-18423 193 DoS 2019-10-31 2020-08-24
8.5
None Remote Medium ??? Complete Complete Complete
An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service via a XENMEM_add_to_physmap hypercall. p2m->max_mapped_gfn is used by the functions p2m_resolve_translation_fault() and p2m_get_entry() to sanity check guest physical frame. The rest of the code in the two functions will assume that there is a valid root table and check that with BUG_ON(). The function p2m_get_root_pointer() will ignore the unused top bits of a guest physical frame. This means that the function p2m_set_entry() will alias the frame. However, p2m->max_mapped_gfn will be updated using the original frame. It would be possible to set p2m->max_mapped_gfn high enough to cover a frame that would lead p2m_get_root_pointer() to return NULL in p2m_get_entry() and p2m_resolve_translation_fault(). Additionally, the sanity check on p2m->max_mapped_gfn is off-by-one allowing "highest mapped + 1" to be considered valid. However, p2m_get_root_pointer() will return NULL. The problem could be triggered with a specially crafted hypercall XENMEM_add_to_physmap{, _batch} followed by an access to an address (via hypercall or direct access) that passes the sanity check but cause p2m_get_root_pointer() to return NULL. A malicious guest administrator may cause a hypervisor crash, resulting in a Denial of Service (DoS). Xen version 4.8 and newer are vulnerable. Only Arm systems are vulnerable. x86 systems are not affected.
3 CVE-2019-18422 732 DoS +Priv 2019-10-31 2019-11-17
8.5
None Remote Medium ??? Complete Complete Complete
An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service or gain privileges by leveraging the erroneous enabling of interrupts. Interrupts are unconditionally unmasked in exception handlers. When an exception occurs on an ARM system which is handled without changing processor level, some interrupts are unconditionally enabled during exception entry. So exceptions which occur when interrupts are masked will effectively unmask the interrupts. A malicious guest might contrive to arrange for critical Xen code to run with interrupts erroneously enabled. This could lead to data corruption, denial of service, or possibly even privilege escalation. However a precise attack technique has not been identified.
4 CVE-2019-18396 78 Exec Code 2019-10-31 2020-02-10
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices. A Command Injection in the Ping module in the Web Interface in OI_Fw_V20 allows remote attackers to execute arbitrary OS commands in the pingAddr parameter to mnt_ping.cgi. NOTE: This may overlap CVE-2017–14127.
5 CVE-2019-18200 2019-10-24 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, they are prone to keystroke injection attacks.
6 CVE-2019-18189 22 Dir. Trav. Bypass 2019-10-28 2019-11-05
10.0
None Remote Low Not required Complete Complete Complete
A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not require authentication.
7 CVE-2019-17666 120 Overflow 2019-10-17 2019-10-24
8.3
None Local Network Low Not required Complete Complete Complete
rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.
8 CVE-2019-17625 79 Exec Code XSS 2019-10-16 2019-10-16
8.5
None Remote Medium ??? Complete Complete Complete
There is a stored XSS in Rambox 0.6.9 that can lead to code execution. The XSS is in the name field while adding/editing a service. The problem occurs due to incorrect sanitization of the name field when being processed and stored. This allows a user to craft a payload for Node.js and Electron, such as an exec of OS commands within the onerror attribute of an IMG element.
9 CVE-2019-17600 352 2019-10-15 2019-11-16
10.0
None Remote Low Not required Complete Complete Complete
Intelbras IWR 1000N 1.6.4 devices allow disclosure of the administrator login name and password because v1/system/user is mishandled.
10 CVE-2019-17526 94 Exec Code 2019-10-18 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
** DISPUTED ** An issue was discovered in SageMath Sage Cell Server through 2019-10-05. Python Code Injection can occur in the context of an internet facing web application. Malicious actors can execute arbitrary commands on the underlying operating system, as demonstrated by an __import__('os').popen('whoami').read() line. NOTE: the vendor's position is that the product is "vulnerable by design" and the current behavior will be retained.
11 CVE-2019-17510 78 Exec Code 2019-10-11 2019-10-15
10.0
None Remote Low Not required Complete Complete Complete
D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetWizardConfig with shell metacharacters to /squashfs-root/www/HNAP1/control/SetWizardConfig.php.
12 CVE-2019-17509 78 Exec Code 2019-10-11 2019-10-15
10.0
None Remote Low Not required Complete Complete Complete
D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetMasterWLanSettings with shell metacharacters to /squashfs-root/www/HNAP1/control/SetMasterWLanSettings.php.
13 CVE-2019-17508 78 2019-10-11 2019-10-16
10.0
None Remote Low Not required Complete Complete Complete
On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEVICE.TIME.php allows command injection via the $SERVER variable.
14 CVE-2019-17506 306 2019-10-11 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the router's username and password (and other information) via a DEVICE.ACCOUNT value for SERVICES in conjunction with AUTHORIZED_GROUP=1%0a to getcfg.php. This could be used to control the router remotely.
15 CVE-2019-17501 78 Exec Code 2019-10-14 2019-12-18
9.0
None Remote Low ??? Complete Complete Complete
Centreon 19.04 allows attackers to execute arbitrary OS commands via the Command Line field of main.php?p=60807&type=4 (aka the Configuration > Commands > Discovery screen). CVE-2019-17501 and CVE-2019-16405 are similar to one another and may be the same.
16 CVE-2019-17499 78 Exec Code 2019-10-11 2019-10-17
9.0
None Remote Low ??? Complete Complete Complete
The setter.xml component of the Common Gateway Interface on Compal CH7465LG 6.12.18.25-2p4 devices does not properly validate ping command arguments, which allows remote authenticated users to execute OS commands as root via shell metacharacters in the Target_IP parameter.
17 CVE-2019-17269 78 Exec Code 2019-10-07 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Intellian Remote Access 3.18 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the Ping Test field.
18 CVE-2019-17186 20 Exec Code 2019-10-08 2021-07-21
9.0
None Remote Low ??? Complete Complete Complete
/var/WEB-GUI/cgi-bin/telnet.cgi on FiberHome HG2201T 1.00.M5007_JS_201804 devices allows pre-authentication remote code execution.
19 CVE-2019-17181 120 Overflow 2019-10-28 2019-11-01
10.0
None Remote Low Not required Complete Complete Complete
A remote SEH buffer overflow has been discovered in IntraSrv 1.0 (2007-06-03). An attacker may send a crafted HTTP GET or HEAD request that can result in a compromise of the hosting system.
20 CVE-2019-17124 276 2019-10-09 2019-10-15
10.0
None Remote Low Not required Complete Complete Complete
Kramer VIAware 2.5.0719.1034 has Incorrect Access Control.
21 CVE-2019-17059 78 Exec Code 2019-10-11 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles.
22 CVE-2019-16985 22 Dir. Trav. 2019-10-21 2019-10-23
8.5
None Remote Low ??? None Complete Complete
In FusionPBX up to v4.5.7, the file app\xml_cdr\xml_cdr_delete.php uses an unsanitized "rec" variable coming from the URL, which is base64 decoded and allows deletion of any file of the system.
23 CVE-2019-16965 78 Exec Code 2019-10-21 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute any commands on the host as www-data.
24 CVE-2019-16964 78 Exec Code 2019-10-21 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
app/call_centers/cmd.php in the Call Center Queue Module in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated attackers (with at least the permission call_center_queue_add or call_center_queue_edit) to execute any commands on the host as www-data.
25 CVE-2019-16663 78 Exec Code 2019-10-28 2019-10-29
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution.
26 CVE-2019-16662 78 Exec Code 2019-10-28 2019-10-29
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution.
27 CVE-2019-16647 428 2019-10-29 2019-11-05
9.0
None Remote Low ??? Complete Complete Complete
Unquoted Search Path in Maxthon 5.1.0 to 5.2.7 Browser for Windows.
28 CVE-2019-16530 434 Exec Code 2019-10-21 2019-10-22
9.0
None Remote Low ??? Complete Complete Complete
Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution.
29 CVE-2019-16508 190 Overflow +Priv 2019-10-01 2019-10-08
9.3
None Remote Medium Not required Complete Complete Complete
The Imagination Technologies driver for Chrome OS before R74-11895.B, R75 before R75-12105.B, and R76 before R76-12208.0.0 allows attackers to trigger an Integer Overflow and gain privileges via a malicious application. This occurs because of intentional access for the GPU process to /dev/dri/card1 and the PowerVR ioctl handler, as demonstrated by PVRSRVBridgeSyncPrimOpCreate.
30 CVE-2019-15940 306 2019-10-01 2019-10-04
10.0
None Remote Low Not required Complete Complete Complete
Victure PC530 devices allow unauthenticated TELNET access as root.
31 CVE-2019-15901 269 2019-10-18 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. A setusercontext(3) call with flags to change the UID, primary GID, and secondary GIDs was replaced (on certain platforms: Linux and possibly NetBSD) with a single setuid(2) call. This resulted in neither changing the group id nor initializing secondary group ids.
32 CVE-2019-15900 1187 Exec Code 2019-10-18 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. On platforms without strtonum(3), sscanf was used without checking for error cases. Instead, the uninitialized variable errstr was checked and in some cases returned success even if sscanf failed. The result was that, instead of reporting that the supplied username or group name did not exist, it would execute the command as root.
33 CVE-2019-15859 200 +Info 2019-10-09 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 allows a remote attacker to get full access to a device via the /password.jsn URI.
34 CVE-2019-15850 862 Exec Code 2019-10-17 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
eQ-3 HomeMatic CCU3 firmware version 3.41.11 allows Remote Code Execution in the ReGa.runScript method. An authenticated attacker can easily execute code and compromise the system.
35 CVE-2019-15751 434 Exec Code 2019-10-07 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
An unrestricted file upload vulnerability in SITOS six Build v6.2.1 allows remote attackers to execute arbitrary code by uploading a SCORM file with an executable extension. This allows an unauthenticated attacker to upload a malicious file (containing PHP code to execute operating system commands) to the web root of the application.
36 CVE-2019-15746 94 Exec Code 2019-10-07 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
SITOS six Build v6.2.1 allows an attacker to inject arbitrary PHP commands. As a result, an attacker can compromise the running server and execute system commands in the context of the web user.
37 CVE-2019-15710 78 Exec Code 2019-10-31 2019-11-06
9.0
None Remote Low ??? Complete Complete Complete
An OS command injection vulnerability in FortiExtender 4.1.0 to 4.1.1, 4.0.0 and below under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted "execute date" commands.
38 CVE-2019-15260 DoS +Priv 2019-10-16 2021-11-02
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability in Cisco Aironet Access Points (APs) Software could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device with elevated privileges. The vulnerability is due to insufficient access control for certain URLs on an affected device. An attacker could exploit this vulnerability by requesting specific URLs from an affected AP. An exploit could allow the attacker to gain access to the device with elevated privileges. While the attacker would not be granted access to all possible configuration options, it could allow the attacker to view sensitive information and replace some options with values of their choosing, including wireless network configuration. It would also allow the attacker to disable the AP, creating a denial of service (DoS) condition for clients associated with the AP.
39 CVE-2019-15066 Exec Code 2019-10-17 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. It allows an attacker to execute arbitrary command through port 6998. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
40 CVE-2019-15051 77 2019-10-10 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered in Softing uaGate (SI, MB, 840D) firmware through 1.71.00.1225. A CGI script is vulnerable to command injection via a maliciously crafted form parameter.
41 CVE-2019-15036 78 Exec Code 2019-10-02 2019-10-03
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could execute any command on the server machine. The issue was fixed in TeamCity 2018.2.5 and 2019.1.
42 CVE-2019-15014 78 Exec Code 2019-10-09 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
A command injection vulnerability exists in the Zingbox Inspector versions 1.286 and earlier, that allows for an authenticated user to execute arbitrary system commands in the CLI.
43 CVE-2019-14931 78 Exec Code 2019-10-28 2019-10-30
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote OS Command Injection vulnerability allows an attacker to execute arbitrary commands on the RTU due to the passing of unsafe user supplied data to the RTU's system shell. Functionality in mobile.php provides users with the ability to ping sites or IP addresses via Mobile Connection Test. When the Mobile Connection Test is submitted, action.php is called to execute the test. An attacker can use a shell command separator (;) in the host variable to execute operating system commands upon submitting the test data.
44 CVE-2019-14930 798 +Priv 2019-10-28 2019-10-30
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Undocumented hard-coded user passwords for root, ineaadmin, mitsadmin, and maint could allow an attacker to gain unauthorised access to the RTU. (Also, the accounts ineaadmin and mitsadmin are able to escalate privileges to root without supplying a password due to insecure entries in /etc/sudoers on the RTU.)
45 CVE-2019-14657 22 Exec Code Dir. Trav. 2019-10-08 2019-10-18
9.0
None Remote Low ??? Complete Complete Complete
Yealink phones through 2019-08-04 have an issue with OpenVPN file upload. They execute tar as root to extract files, but do not validate the extraction directory. Creating a tar file with ../../../../ allows replacement of almost any file on a phone. This leads to password replacement and arbitrary code execution as root.
46 CVE-2019-14656 434 2019-10-08 2019-10-17
9.0
None Remote Low ??? Complete Complete Complete
Yealink phones through 2019-08-04 do not properly check user roles in POST requests. Consequently, the default User account (with a password of user) can make admin requests via HTTP.
47 CVE-2019-14451 434 Exec Code 2019-10-25 2019-10-28
10.0
None Remote Low Not required Complete Complete Complete
RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not properly validate the XML data structure provided when uploading a new printer configuration. When this is combined with CVE-2019-14450, an attacker can upload an "external command" configuration as a printer configuration, and achieve remote code execution. After exploitation, loading of the external command configuration is dependent on a system reboot or service restart.
48 CVE-2019-14450 22 Exec Code Dir. Trav. 2019-10-28 2019-10-31
10.0
None Remote Low Not required Complete Complete Complete
A directory traversal vulnerability was discovered in RepetierServer.exe in Repetier-Server 0.8 through 0.91 that allows for the creation of a user controlled XML file at an unintended location. When this is combined with CVE-2019-14451, an attacker can upload an "external command" configuration as a printer configuration, and achieve remote code execution. After exploitation, loading of the external command configuration is dependent on a system reboot or service restart.
49 CVE-2019-14423 94 Exec Code 2019-10-17 2021-07-21
9.0
None Remote Low ??? Complete Complete Complete
A Remote Code Execution (RCE) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to execute system commands as root remotely via a simple HTTP request.
50 CVE-2019-14287 755 Bypass 2019-10-17 2021-09-15
9.0
None Remote Low ??? Complete Complete Complete
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.
Total number of vulnerabilities : 103   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.