Vulnerabilities (CVE)

CWE filter

CWE-20

Filter

2092 total CVE
CVE Vendors Products Updated CVSS
CVE-2017-12652 1 Libpng 1 Libpng 2019-09-17 7.5
libpng before 1.6.32 does not properly check the length of chunks against the user limit.
CVE-2019-16314 1 Indexhibit 1 Indexhibit 2019-09-16 7.5
Indexhibit 2.1.5 allows a product reinstallation, with resultant remote code execution, via /ndxzstudio/install.php?p=2.
CVE-2018-7081 1 Arubanetworks 1 Arubaos 2019-09-16 9.3
A remote code execution vulnerability is present in network-listening components in some versions of ArubaOS. An attacker with the ability to transmit specially-crafted IP traffic to a mobility controller could exploit this vulnerability and...
CVE-2019-16288 1 Tenda 1 N301 Firmware 2019-09-16 7.8
On Tenda N301 wireless routers, a long string in the wifiSSID parameter of a goform/setWifi POST request causes the device to crash.
CVE-2018-17200 1 Apache 1 Ofbiz 2019-09-13 7.5
The Apache OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles requests for HTTP services via the /webtools/control/httpService endpoint. This service takes the `serviceContent` parameter in the request and deserializes it...
CVE-2019-10918 1 Siemens 4 Simatic Pcs 7, Simatic Wincc, Simatic Wincc %28tia Portal%29 and 1 more 2019-09-13 9.0
A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All...
CVE-2019-10916 1 Siemens 4 Simatic Pcs 7, Simatic Wincc, Simatic Wincc %28tia Portal%29 and 1 more 2019-09-13 9.0
A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All...
CVE-2019-10074 1 Apache 1 Ofbiz 2019-09-13 7.5
An RCE is possible by entering Freemarker markup in an Apache OFBiz Form Widget textarea field when encoding has been disabled on such a field. This was the case for the Customer Request "story" input in the Order Manager application. Encoding...
CVE-2019-10399 1 Jenkins 1 Script Security 2019-09-13 7.5
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions in increment and decrement expressions allowed attackers to execute arbitrary code in sandboxed scripts.
CVE-2019-10400 1 Jenkins 1 Script Security 2019-09-13 7.5
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of subexpressions in increment and decrement expressions not involving actual assignment allowed attackers to execute arbitrary code in...
CVE-2019-1306 1 Microsoft 2 Team Foundation Server, Azure Devops Server 2019-09-13 7.5
A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly, aka 'Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability'.
CVE-2019-1280 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2019-09-12 9.3
A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka...
CVE-2019-1290 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2019-09-12 9.3
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0787,...
CVE-2019-1291 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2019-09-12 9.3
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0787,...
CVE-2019-0787 1 Microsoft 4 Windows 10, Windows 7, Windows 8.1 and 1 more 2019-09-12 9.3
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0788,...
CVE-2019-0788 1 Microsoft 3 Windows 10, Windows 8.1, Windows Rt 8.1 2019-09-12 9.3
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0787,...
CVE-2019-10665 1 Librenms 1 Librenms 2019-09-10 7.5
An issue was discovered in LibreNMS through 1.47. The scripts that handle the graphing options (html/includes/graphs/common.inc.php and html/includes/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied...
CVE-2019-5611 1 Freebsd 1 Freebsd 2019-09-10 7.8
In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r350829, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, a missing check in the function to arrange data in a chain of...
CVE-2019-16142 2019-09-09 7.5
An issue was discovered in the renderdoc crate before 0.5.0 for Rust. Multiple exposed methods take self by immutable reference, which is incompatible with a multi-threaded application.
CVE-2019-16143 2019-09-09 7.5
An issue was discovered in the blake2 crate before 0.8.1 for Rust. The BLAKE2b and BLAKE2s algorithms, when used with HMAC, produce incorrect results because the block sizes are half of the required sizes.