Vulnerabilities (CVE)

CWE filter

CWE-20

Filter

2166 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-12669 1 Cisco 1 Ios 2019-10-09 7.8
A vulnerability in the RADIUS Change of Authorization (CoA) code of Cisco TrustSec, a feature within Cisco IOS XE Software, could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The...
CVE-2019-12663 1 Cisco 1 Ios Xe 2019-10-09 7.8
A vulnerability in the Cisco TrustSec (CTS) Protected Access Credential (PAC) provisioning module of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service...
CVE-2019-12657 1 Cisco 1 Ios Xe 2019-10-09 7.8
A vulnerability in Unified Threat Defense (UTD) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper validation of IPv6 packets through the UTD...
CVE-2019-12653 1 Cisco 1 Ios Xe 2019-10-09 7.8
A vulnerability in the Raw Socket Transport feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to...
CVE-2019-11278 1 Cloudfoundry 1 User Account And Authentication 2019-10-09 7.5
CF UAA versions prior to 74.1.0, allow external input to be directly queried against. A remote malicious user with 'client.write' and 'groups.update' can craft a SCIM query, which leaks information that allows an escalation of privileges,...
CVE-2019-11211 1 Tibco 2 Enterprise Runtime For R, Spotfire Analytics Platform For Aws 2019-10-09 9.0
The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an authenticated user to trigger remote...
CVE-2019-11210 1 Tibco 2 Enterprise Runtime For R, Spotfire Analytics Platform For Aws 2019-10-09 10.0
The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an unauthenticated user to bypass access...
CVE-2019-10973 2019-10-09 9.0
Quest KACE, all versions prior to version 8.0.x, 8.1.x, and 9.0.x, allows unintentional access to the appliance leveraging functions of the troubleshooting tools located in the administrator user interface.
CVE-2019-10400 1 Jenkins 1 Script Security 2019-10-09 7.5
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of subexpressions in increment and decrement expressions not involving actual assignment allowed attackers to execute arbitrary code in...
CVE-2019-10399 1 Jenkins 1 Script Security 2019-10-09 7.5
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions in increment and decrement expressions allowed attackers to execute arbitrary code in sandboxed scripts.
CVE-2019-10394 1 Jenkins 1 Script Security 2019-10-09 7.5
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions on the left-hand side of assignment expressions allowed attackers to execute arbitrary code in...
CVE-2019-10393 1 Jenkins 1 Script Security 2019-10-09 7.5
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of method names in method call expressions allowed attackers to execute arbitrary code in sandboxed scripts.
CVE-2019-0006 1 Juniper 1 Junos 2019-10-09 7.5
A certain crafted HTTP packet can trigger an uninitialized function pointer deference vulnerability in the Packet Forwarding Engine manager (fxpc) on all EX, QFX and MX Series devices in a Virtual Chassis configuration. This issue can result in a...
CVE-2019-0002 1 Juniper 1 Junos 2019-10-09 7.5
On EX2300 and EX3400 series, stateless firewall filter configuration that uses the action 'policer' in combination with other actions might not take effect. When this issue occurs, the output of the command: show pfe filter hw summary will not...
CVE-2018-9866 1 Sonicwall 1 Global Management System 2019-10-09 7.5
A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earlier.
CVE-2018-8869 1 Lantech 1 Ids 2102 Firmware 2019-10-09 10.0
In Lantech IDS 2102 2.0 and prior, nearly all input fields allow for arbitrary input on the device. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVE-2018-8867 1 Ge 8 Pacsystems Cpu320 Firmware, Pacsystems Cru320 Firmware, Pacsystems Rsti-ep Cpe 100 Firmware and 5 more 2019-10-09 7.8
In GE PACSystems RX3i CPE305/310 version 9.20 and prior, RX3i CPE330 version 9.21 and prior, RX3i CPE 400 version 9.30 and prior, PACSystems RSTi-EP CPE 100 all versions, and PACSystems CPU320/CRU320 RXi all versions, the device does not properly...
CVE-2018-8850 1 Philips 1 E-alert Firmware 2019-10-09 7.5
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not validate input properly, allowing an attacker to craft the input in a form that is not expected by the rest of the application. This would lead to parts of...
CVE-2018-6490 1 Hp 1 Operations Orchestration 2019-10-09 7.8
Denial of Service vulnerability in Micro Focus Operations Orchestration Software, version 10.x. This vulnerability could be remotely exploited to allow Denial of Service.
CVE-2018-6334 1 Facebook 1 Hhvm 2019-10-09 7.5
Multipart-file uploads call variables to be improperly registered in the global scope. In cases where variables are not declared explicitly before being used this can lead to unexpected behavior. This affects all supported versions of HHVM prior...