Vulnerabilities (CVE)

CWE filter

CWE-20

Filter

7489 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-14809 2 Golang, Debian 2 Go, Debian Linux 2019-08-24 7.5
net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is...
CVE-2017-18580 2019-08-23 7.5
The shortcodes-ultimate plugin before 5.0.1 for WordPress has remote code execution via a filter in a meta, post, or user shortcode.
CVE-2019-4402 1 Ibm 1 Api Connect 2019-08-23 5.0
IBM API Connect 2018.1 through 2018.4.1.6 developer portal could allow an unauthorized user to cause a denial of service via an unprotected API. IBM X-Force ID: 162263.
CVE-2019-4049 2019-08-23 2.1
IBM MQ 9.1.0.0, 9.1.0.1, 9.1.1, and 9.1.0.2 is vulnerable to a denial of service due to a local user being able to fill up the disk space of the underlying filesystem using the error logging service. IBM X-Force ID: 156398.
CVE-2016-0785 1 Apache 1 Struts 2019-08-23 9.0
Apache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation.
CVE-2016-10899 1 Fabrix 1 Total Security 2019-08-22 5.0
The total-security plugin before 3.4.1 for WordPress has a settings-change vulnerability.
CVE-2019-2137 1 Google 1 Android 2019-08-22 4.9
In the endCall() function of TelecomManager.java, there is a possible Denial of Service due to a missing permission check. This could lead to local denial of access to Emergency Services with User execution privileges needed. User interaction is...
CVE-2019-1223 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2019-08-22 5.0
A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'.
CVE-2019-10927 1 Siemens 5 Scalance Xb-200 Firmware, Scalance Xc-200 Firmware, Scalance Xf-200ba Firmware and 2 more 2019-08-22 4.0
A vulnerability has been identified in SCALANCE SC-600 (V2.0), SCALANCE XB-200 (V4.1), SCALANCE XC-200 (V4.1), SCALANCE XF-200BA (V4.1), SCALANCE XP-200 (V4.1), SCALANCE XR-300WG (V4.1). An authenticated attacker with network access to to port...
CVE-2019-10942 1 Siemens 3 Scalance X-200 Firmware, Scalance X-200irt Firmware, Scalance X-200rna Firmware 2019-08-22 5.0
A vulnerability has been identified in SCALANCE X-200 (All versions), SCALANCE X-200IRT (All versions), SCALANCE X-200RNA (All versions). The device contains a vulnerability that could allow an attacker to trigger a denial-of-service condition by...
CVE-2019-14379 3 Fasterxml, Netapp, Debian 4 Jackson-databind, Oncommand Workflow Automation, Snapcenter and 1 more 2019-08-22 7.5
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used, leading to remote code execution.
CVE-2019-1010204 1 Gnu 1 Binutils 2019-08-22 4.3
GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497,...
CVE-2019-2822 1 Oracle 1 Mysql 2019-08-22 5.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Shell: Admin / InnoDB Cluster). Supported versions that are affected are 8.0.16 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network...
CVE-2017-18509 2 Debian, Linux 2 Debian Linux, Linux Kernel 2019-08-21 7.2
An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute...
CVE-2019-14985 1 Eq-3 2 Homematic Ccu2 Firmware, Homematic Ccu3 Firmware 2019-08-21 7.5
eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because this interface can access the CMD_EXEC virtual device type 28.
CVE-2019-7959 1 Adobe 1 Creative Cloud 2019-08-21 10.0
Creative Cloud Desktop Application versions 4.6.1 and earlier have a using components with known vulnerabilities vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2017-18545 2019-08-21 5.0
The invite-anyone plugin before 1.3.16 for WordPress has incorrect escaping of untrusted Dashboard and front-end input.
CVE-2018-20973 2019-08-21 7.5
The companion-auto-update plugin before 3.2.1 for WordPress has local file inclusion.
CVE-2019-14940 1 Spdk 1 Storage Performance Development Kit 2019-08-21 4.0
In Storage Performance Development Kit (SPDK) before 19.07, a user of a vhost can cause a crash if the target is sent invalid input.
CVE-2013-7338 2 Python, Apple 2 Mac Os X, Python 2019-08-21 7.1
Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3)...