Vulnerabilities (CVE)

CWE filter

CWE-20

Filter

7789 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-16943 2 Fasterxml, Debian 2 Jackson-databind, Debian Linux 2019-10-12 7.5
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy...
CVE-2019-15166 1 Tcpdump 1 Tcpdump 2019-10-11 7.5
lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.
CVE-2018-10105 1 Tcpdump 1 Tcpdump 2019-10-11 7.5
tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2).
CVE-2018-10103 1 Tcpdump 1 Tcpdump 2019-10-11 7.5
tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2).
CVE-2019-1333 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2019-10-11 9.3
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'.
CVE-2019-17132 1 Vbulletin 1 Vbulletin 2019-10-11 6.8
vBulletin through 5.5.4 mishandles custom avatars.
CVE-2019-15019 1 Zingbox 1 Inspector 2019-10-11 7.5
A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector.
CVE-2019-17191 2019-10-11 5.0
The Signal Private Messenger application before 4.47.7 for Android allows a caller to force a call to be answered, without callee user interaction, via a connect message. The existence of the call is noticeable to the callee; however, the audio...
CVE-2019-1326 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2019-10-11 7.8
A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'.
CVE-2019-1584 1 Zingbox 1 Inspector 2019-10-11 6.8
A security vulnerability exists in Zingbox Inspector version 1.293 and earlier, that allows for remote code execution if the Inspector were sent a malicious command from the Zingbox cloud, or if the Zingbox Inspector were tampered with to connect...
CVE-2018-21020 2019-10-11 5.0
In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass authentication mechanisms in place.
CVE-2019-17370 1 Otcms 1 Otcms 2019-10-11 6.5
OTCMS v3.85 allows arbitrary PHP Code Execution because admin/sysCheckFile_deal.php blocks "into outfile" in a SELECT statement, but does not block the "into/**/outfile" manipulation. Therefore, the attacker can create a .php file.
CVE-2019-17344 1 Xen 1 Xen 2019-10-11 4.9
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates.
CVE-2019-17348 1 Xen 1 Xen 2019-10-11 4.9
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching.
CVE-2019-17192 1 Signal 1 Signal Private Messenger 2019-10-10 7.5
** DISPUTED ** The WebRTC component in the Signal Private Messenger application through 4.47.7 for Android processes videoconferencing RTP packets before a callee chooses to answer a call, which might make it easier for remote attackers to cause...
CVE-2019-12701 1 Cisco 1 Firepower Management Center 2019-10-10 5.0
A vulnerability in the file and malware inspection feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass the file and malware inspection policies on an affected system. The...
CVE-2019-6015 1 Fon 4 Fon2601e-fsw-b Firmware, Fon2601e-fsw-s Firmware, Fon2601e-re Firmware and 1 more 2019-10-10 7.8
FON2601E-SE, FON2601E-RE, FON2601E-FSW-S, and FON2601E-FSW-B with firmware versions 1.1.7 and earlier contain an issue where they may behave as open resolvers. If this vulnerability is exploited, FON routers may be leveraged for DNS amplification...
CVE-2019-17340 1 Xen 1 Xen 2019-10-10 6.1
An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.
CVE-2019-17347 1 Xen 1 Xen 2019-10-10 4.6
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels).
CVE-2019-15259 1 Cisco 1 Unified Contact Center Express 2019-10-10 4.3
A vulnerability in Cisco Unified Contact Center Express (UCCX) Software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. The vulnerability is due to insufficient input validation of some parameters...