CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
851 CVE-2019-10202 502 2019-10-01 2021-07-30
7.5
None Remote Low Not required Partial Partial Partial
A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist approach that will mitigate these vulnerabilities and future ones alike.
852 CVE-2019-10079 770 2019-10-22 2022-01-01
5.0
None Remote Low Not required None None Partial
Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traffic Server didn't limit the number of setting frames sent from the client using the HTTP/2 protocol. Users should upgrade to Apache Traffic Server 7.1.7, 8.0.4, or later versions.
853 CVE-2019-9926 352 Exec Code CSRF 2019-10-29 2019-11-01
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in LabKey Server 19.1.0. It is possible to force a logged-in administrator to execute code through a /reports-viewScriptReport.view CSRF vulnerability.
854 CVE-2019-9758 79 XSS 2019-10-29 2019-11-01
3.5
None Remote Medium ??? None Partial None
An issue was discovered in LabKey Server 19.1.0. The display name of a user is vulnerable to stored XSS that can execute on administrators from security/permissions.view, security/addUsers.view, or wiki/Administration/page.view in the admin panel, leading to privilege escalation.
855 CVE-2019-9757 611 2019-10-29 2019-11-01
5.0
None Remote Low Not required Partial None None
An issue was discovered in LabKey Server 19.1.0. Sending an SVG containing an XXE payload to the endpoint visualization-exportImage.view or visualization-exportPDF.view allows local files to be read.
856 CVE-2019-9745 269 2019-10-14 2019-10-21
7.2
None Local Low Not required Complete Complete Complete
CloudCTI HIP Integrator Recognition Configuration Tool allows privilege escalation via its EXQUISE integration. This tool communicates with a service (Recognition Update Client Service) via an insecure communication channel (Named Pipe). The data (JSON) sent via this channel is used to import data from CRM software using plugins (.dll files). The plugin to import data from the EXQUISE software (DatasourceExquiseExporter.dll) can be persuaded to start arbitrary programs (including batch files) that are executed using the same privileges as Recognition Update Client Service (NT AUTHORITY\SYSTEM), thus elevating privileges. This occurs because a higher-privileged process executes scripts from a directory writable by a lower-privileged user.
857 CVE-2019-9699 200 +Info 2019-10-24 2021-07-21
2.7
None Local Network Low ??? Partial None None
Symantec Messaging Gateway (prior to 10.7.0), may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data.
858 CVE-2019-9597 352 CSRF 2019-10-23 2019-10-28
4.3
None Remote Medium Not required None Partial None
Darktrace Enterprise Immune System before 3.1 allows CSRF via the /config endpoint.
859 CVE-2019-9596 352 CSRF 2019-10-23 2019-10-28
4.3
None Remote Medium Not required None Partial None
Darktrace Enterprise Immune System before 3.1 allows CSRF via the /whitelisteddomains endpoint.
860 CVE-2019-9535 74 Exec Code 2019-10-09 2021-10-26
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability exists in the way that iTerm2 integrates with tmux's control mode, which may allow an attacker to execute arbitrary commands by providing malicious output to the terminal. This affects versions of iTerm2 up to and including 3.3.5. This vulnerability may allow an attacker to execute arbitrary commands on their victim's computer by providing malicious output to the terminal. It could be exploited using command-line utilities that print attacker-controlled content.
861 CVE-2019-9534 434 2019-10-10 2019-10-16
7.2
None Local Low Not required Complete Complete Complete
The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image. Development scripts left in the firmware can be used to upload a custom firmware image that the device runs. This could allow an unauthenticated, local attacker to upload their own firmware that could be used to intercept or modify traffic, spoof or intercept GPS traffic, exfiltrate private data, hide a backdoor, or cause a denial-of-service.
862 CVE-2019-9533 798 2019-10-10 2020-10-16
10.0
None Remote Low Not required Complete Complete Complete
The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08. This could allow an attacker to reverse-engineer the password from available versions to gain authenticated access to the device.
863 CVE-2019-9532 319 2019-10-10 2019-10-17
2.1
None Local Low Not required Partial None None
The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext. This could allow an unauthenticated, local attacker to intercept the password and gain access to the portal.
864 CVE-2019-9531 287 Exec Code 2019-10-10 2019-10-17
10.0
None Remote Low Not required Complete Complete Complete
The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to port 5454. This could allow an unauthenticated, remote attacker to connect to this port via Telnet and execute 86 Attention (AT) commands, including some that provide unauthenticated, shell-like access to the device.
865 CVE-2019-9530 2019-10-10 2021-10-26
4.9
None Local Low Not required Complete None None
The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files. This could allow an unauthenticated, local attacker connected to the device to access and download any file found in the web root directory.
866 CVE-2019-9529 306 2019-10-10 2019-10-21
4.9
None Local Low Not required None Complete None
The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default. This could allow an unauthenticated, local attacker connected to the device to access the portal and to make any change to the device.
867 CVE-2019-9491 427 Exec Code 2019-10-21 2022-01-01
5.1
None Remote High Not required Partial Partial Partial
Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed.
868 CVE-2019-8462 755 2019-10-02 2019-10-09
5.0
None Remote Low Not required None None Partial
In a rare scenario, Check Point R80.30 Security Gateway before JHF Take 50 managed by Check Point R80.30 Management crashes with a unique configuration of enhanced logging.
869 CVE-2019-8292 306 2019-10-01 2019-12-23
6.4
None Remote Low Not required None Partial Partial
Online Store System v1.0 delete_product.php doesn't check to see if a user authtenticated or has administrative rights allowing arbitrary product deletion.
870 CVE-2019-8291 22 Dir. Trav. 2019-10-01 2019-10-07
6.4
None Remote Low Not required None Partial Partial
Online Store System v1.0 delete_file.php doesn't check to see if a user has administrative rights nor does it check for path traversal.
871 CVE-2019-8290 79 XSS Bypass 2019-10-01 2019-10-04
4.3
None Remote Medium Not required None Partial None
Vulnerability in Online Store v1.0, The registration form requirements for the member email format can be bypassed by posting directly to sent_register.php allowing special characters to be included and an XSS payload to be injected.
872 CVE-2019-8289 79 XSS 2019-10-01 2019-10-04
3.5
None Remote Medium ??? None Partial None
Vulnerability in Online Store v1.0, stored XSS in admin/user_view.php adidas_member_email variable
873 CVE-2019-8288 79 XSS 2019-10-01 2019-10-04
3.5
None Remote Medium ??? None Partial None
Vulnerability in Online Store v1.0, Stored XSS in user_view.php where adidas_member_user variable is not sanitized.
874 CVE-2019-8287 120 Exec Code Overflow 2019-10-29 2020-12-09
7.5
None Remote Low Not required Partial Partial Partial
TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.
875 CVE-2019-8238 22 Dir. Trav. 2019-10-23 2019-10-28
5.0
None Remote Low Not required Partial None None
Adobe Acrobat and Reader versions 2019.010.20100 and earlier; 2019.010.20099 and earlier versions; 2017.011.30140 and earlier version; 2017.011.30138 and earlier version; 2015.006.30495 and earlier versions; 2015.006.30493 and earlier versions have a Path Traversal vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.
876 CVE-2019-8237 327 Bypass 2019-10-23 2021-11-22
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an insufficiently robust encryption vulnerability. Successful exploitation could lead to security feature bypass.
877 CVE-2019-8236 Bypass 2019-10-23 2021-09-08
7.5
None Remote Low Not required Partial Partial Partial
Creative Cloud Desktop Application version 4.6.1 and earlier versions have Security Bypass vulnerability. Successful exploitation could lead to Privilege Escalation in the context of the current user.
878 CVE-2019-8235 639 2019-10-30 2020-08-24
4.0
None Remote Low ??? Partial None None
An insecure direct object reference (IDOR) vulnerability exists in Magento 2.3 prior to 2.3.1, 2.2 prior to 2.2.8, and 2.1 prior to 2.1.17 versions. An authenticated user may be able to view personally identifiable shipping details of another user due to insufficient validation of user controlled input.
879 CVE-2019-8234 352 CSRF 2019-10-25 2019-10-28
4.3
None Remote Medium Not required Partial None None
Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a cross-site request forgery vulnerability. Successful exploitation could lead to sensitive information disclosure.
880 CVE-2019-8226 2019-10-17 2021-09-08
5.0
None Remote Low Not required Partial None None
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an incomplete implementation of security mechanism vulnerability. Successful exploitation could lead to information disclosure.
881 CVE-2019-8225 416 Exec Code 2019-10-17 2021-09-08
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
882 CVE-2019-8224 416 Exec Code 2019-10-17 2021-09-08
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
883 CVE-2019-8223 416 Exec Code 2019-10-17 2021-09-08
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
884 CVE-2019-8222 125 2019-10-17 2021-09-08
5.0
None Remote Low Not required Partial None None
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .
885 CVE-2019-8221 416 Exec Code 2019-10-17 2021-09-08
7.5
None Remote Low Not required Partial Partial Partial
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
886 CVE-2019-8220 416 Exec Code 2019-10-17 2021-09-08
7.5
None Remote Low Not required Partial Partial Partial
Adobe Acrobat and Reader versions, 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
887 CVE-2019-8219 416 Exec Code 2019-10-17 2021-09-08
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
888 CVE-2019-8218 125 2019-10-17 2021-09-08
5.0
None Remote Low Not required Partial None None
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .
889 CVE-2019-8217 416 Exec Code 2019-10-17 2021-09-08
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
890 CVE-2019-8216 125 2019-10-17 2021-09-08
5.0
None Remote Low Not required Partial None None
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .
891 CVE-2019-8215 416 Exec Code 2019-10-17 2021-09-08
7.5
None Remote Low Not required Partial Partial Partial
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
892 CVE-2019-8214 416 Exec Code 2019-10-17 2021-09-08
7.5
None Remote Low Not required Partial Partial Partial
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
893 CVE-2019-8213 416 Exec Code 2019-10-17 2021-09-08
7.5
None Remote Low Not required Partial Partial Partial
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
894 CVE-2019-8212 416 Exec Code 2019-10-17 2021-09-08
7.5
None Remote Low Not required Partial Partial Partial
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
895 CVE-2019-8211 416 Exec Code 2019-10-17 2021-09-08
7.5
None Remote Low Not required Partial Partial Partial
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
896 CVE-2019-8210 416 Exec Code 2019-10-17 2021-09-08
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
897 CVE-2019-8209 416 Exec Code 2019-10-17 2021-09-08
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
898 CVE-2019-8208 416 Exec Code 2019-10-17 2021-09-08
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
899 CVE-2019-8207 125 2019-10-17 2021-09-08
5.0
None Remote Low Not required Partial None None
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .
900 CVE-2019-8206 787 Exec Code 2019-10-17 2021-09-08
7.5
None Remote Low Not required Partial Partial Partial
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
Total number of vulnerabilities : 1567   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 (This Page)19 20 21 22 23 24 25 26 27 28 29 30 31 32
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.