Vulnerabilities (CVE)

CWE filter

CWE-20

Filter

6744 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-11847 1 Qualcomm 33 Ipq8074 Firmware, Mdm9206 Firmware, Mdm9607 Firmware and 30 more 2019-02-21 7.2
Malicious TA can tag QSEE kernel memory and map to EL0, there by corrupting the physical memory as well it can be used to corrupt the QSEE kernel and compromise the whole TEE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,...
CVE-2018-20752 2019-02-21 7.5
An issue was discovered in Recon-ng before 4.9.5. Lack of validation in the modules/reporting/csv.py file allows CSV injection. More specifically, when a Twitter user possesses an Excel macro for a username, it will not be properly sanitized when...
CVE-2019-8308 2 Debian, Redhat 7 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 4 more 2019-02-21 4.4
Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.
CVE-2018-15460 1 Cisco 1 Email Security Appliances Firmware 2019-02-21 7.8
A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial...
CVE-2018-1945 2019-02-21 5.8
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could...
CVE-2019-5916 1 D-circle 1 Power Egg 2019-02-21 7.5
Input validation issue in POWER EGG(Ver 2.0.1, Ver 2.02 Patch 3 and earlier, Ver 2.1 Patch 4 and earlier, Ver 2.2 Patch 7 and earlier, Ver 2.3 Patch 9 and earlier, Ver 2.4 Patch 13 and earlier, Ver 2.5 Patch 12 and earlier, Ver 2.6 Patch 8 and...
CVE-2019-3464 2 Pizzashack, Debian 2 Rssh, Debian Linux 2019-02-21 7.5
Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.
CVE-2018-12549 1 Eclipse 1 Openj9 2019-02-21 7.5
In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it.
CVE-2019-8954 1 Indexhibit 1 Indexhibit 2019-02-21 6.5
In Indexhibit 2.1.5, remote attackers can execute arbitrary code via the v parameter (in conjunction with the id parameter) in a upd_jxcode=true action to the ndxzstudio/?a=system URI.
CVE-2019-7323 2019-02-20 5.1
GUP (generic update process) in LightySoft LogMX before 7.4.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update. The update process relies on...
CVE-2019-0106 2019-02-20 4.6
Insufficient run protection in install routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2018-1294 1 Apache 1 Commons Email 2019-02-20 5.0
If a user of Apache Commons Email (typically an application programmer) passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details (recipients, contents, etc.) might be manipulated....
CVE-2019-1000014 1 Erlang 1 Rebar3 2019-02-20 6.8
Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via...
CVE-2016-1712 1 Paloaltonetworks 1 Pan-os 2019-02-20 7.2
Palo Alto Networks PAN-OS before 5.0.19, 5.1.x before 5.1.12, 6.0.x before 6.0.14, 6.1.x before 6.1.12, and 7.0.x before 7.0.8 might allow local users to gain privileges by leveraging improper sanitization of the root_reboot local invocation.
CVE-2019-5769 3 Google, Debian, Redhat 5 Chrome, Debian Linux, Enterprise Linux Desktop and 2 more 2019-02-20 6.8
Incorrect handling of invalid end character position when front rendering in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2018-0395 1 Cisco 2 Fxos, Nx-os 2019-02-20 2.9
A vulnerability in the Link Layer Discovery Protocol (LLDP) implementation for Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition when the device...
CVE-2018-6909 1 Rainmachine 1 Rainmachine Web Application 2019-02-20 4.3
A missing X-Frame-Options header in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application could be used by a remote attacker for clickjacking, as demonstrated by triggering an API page request.
CVE-2018-16636 1 Nucleuscms 1 Nucleus Cms 2019-02-20 4.0
Nucleus CMS 3.70 allows HTML Injection via the index.php body parameter.
CVE-2019-0112 2019-02-20 2.1
Improper flow control in crypto routines for Intel(R) Data Center Manager SDK before version 5.0.2 may allow a privileged user to potentially enable a denial of service via local access.
CVE-2019-1656 1 Cisco 1 Enterprise Nfv Infrastructure Software 2019-02-20 4.6
A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to...