Vulnerabilities (CVE)

CWE filter

CWE-20

Filter

7801 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-17420 2 Oisf, Suricata-ids 2 Libhtp, Suricata 2019-10-16 5.0
In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature to not alert on a response with a single \r\n ending.
CVE-2019-9535 1 Iterm2 1 Iterm2 2019-10-16 10.0
A vulnerability exists in the way that iTerm2 integrates with tmux's control mode, which may allow an attacker to execute arbitrary commands by providing malicious output to the terminal. This affects versions of iTerm2 up to and including 3.3.5....
CVE-2019-6333 1 Hp 1 Touchpoint Analytics 2019-10-16 7.2
A potential security vulnerability has been identified with certain versions of HP Touchpoint Analytics prior to version 4.1.4.2827. This vulnerability may allow a local attacker with administrative privileges to execute arbitrary code via an HP...
CVE-2019-10969 1 Moxa 1 Edr-810 Firmware 2019-10-16 6.5
Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution.
CVE-2019-17426 1 Mongoosejs 1 Mongoose 2019-10-16 6.4
Automattic Mongoose through 5.7.4 allows attackers to bypass access control (in some applications) because any query object with a _bsontype attribute is ignored. For example, adding "_bsontype":"a" can sometimes interfere with a query filter....
CVE-2016-6087 1 Ibm 1 Domino 2019-10-16 5.0
IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials using multiple sessions and large amounts of data using Domino TLS Key Exchange validation. IBM X-Force ID: 117918.
CVE-2019-1230 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2019-10-15 4.0
An information disclosure vulnerability exists when the Windows Hyper-V Network Switch on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Information Disclosure Vulnerability'.
CVE-2019-17507 1 Dlink 1 Dir-816 A1 Firmware 2019-10-15 5.0
An issue was discovered on D-Link DIR-816 A1 1.06 devices. An attacker could access management pages of the router via a client that ignores the 'top.location.href = "/dir_login.asp"' line in a .asp file. This provides access to d_status.asp,...
CVE-2019-3980 1 Solarwinds 1 Dameware Mini Remote Control Firmware 2019-10-15 10.0
The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can request smart card login...
CVE-2019-5700 1 Nvidia 1 Shield Experience 2019-10-15 7.2
NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra software contains a vulnerability in the bootloader, where it does not validate the fields of the boot image, which may lead to code execution, denial of service, escalation of privileges,...
CVE-2019-13120 1 Amazon 1 Freertos 2019-10-15 5.0
Amazon FreeRTOS up to and including v1.4.8 for AWS lacks length checking in prvProcessReceivedPublish, resulting in leakage of arbitrary memory contents on a device to an attacker. An attacker sends a malformed MQTT publish packet, and waits for...
CVE-2019-1342 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2019-10-15 7.2
An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1315, CVE-2019-1339.
CVE-2019-1368 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2019-10-15 2.1
A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality, aka 'Windows Secure Boot Security Feature Bypass Vulnerability'.
CVE-2019-16943 2 Fasterxml, Debian 2 Jackson-databind, Debian Linux 2019-10-12 7.5
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy...
CVE-2019-15166 1 Tcpdump 1 Tcpdump 2019-10-11 7.5
lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.
CVE-2018-10105 1 Tcpdump 1 Tcpdump 2019-10-11 7.5
tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2).
CVE-2018-10103 1 Tcpdump 1 Tcpdump 2019-10-11 7.5
tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2).
CVE-2019-1333 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2019-10-11 9.3
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'.
CVE-2019-17132 1 Vbulletin 1 Vbulletin 2019-10-11 6.8
vBulletin through 5.5.4 mishandles custom avatars.
CVE-2019-15019 1 Zingbox 1 Inspector 2019-10-11 7.5
A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector.