Vulnerabilities (CVE)

CWE filter

CWE-20

Filter

2166 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-9535 1 Iterm2 1 Iterm2 2019-10-16 10.0
A vulnerability exists in the way that iTerm2 integrates with tmux's control mode, which may allow an attacker to execute arbitrary commands by providing malicious output to the terminal. This affects versions of iTerm2 up to and including 3.3.5....
CVE-2019-3980 1 Solarwinds 1 Dameware Mini Remote Control Firmware 2019-10-15 10.0
The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can request smart card login...
CVE-2019-16943 2 Fasterxml, Debian 2 Jackson-databind, Debian Linux 2019-10-12 7.5
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy...
CVE-2019-15166 1 Tcpdump 1 Tcpdump 2019-10-11 7.5
lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.
CVE-2018-10105 1 Tcpdump 1 Tcpdump 2019-10-11 7.5
tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2).
CVE-2018-10103 1 Tcpdump 1 Tcpdump 2019-10-11 7.5
tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2).
CVE-2019-1333 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2019-10-11 9.3
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'.
CVE-2019-15019 1 Zingbox 1 Inspector 2019-10-11 7.5
A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector.
CVE-2019-1326 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2019-10-11 7.8
A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'.
CVE-2019-17192 1 Signal 1 Signal Private Messenger 2019-10-10 7.5
** DISPUTED ** The WebRTC component in the Signal Private Messenger application through 4.47.7 for Android processes videoconferencing RTP packets before a callee chooses to answer a call, which might make it easier for remote attackers to cause...
CVE-2019-6015 1 Fon 4 Fon2601e-fsw-b Firmware, Fon2601e-fsw-s Firmware, Fon2601e-re Firmware and 1 more 2019-10-10 7.8
FON2601E-SE, FON2601E-RE, FON2601E-FSW-S, and FON2601E-FSW-B with firmware versions 1.1.7 and earlier contain an issue where they may behave as open resolvers. If this vulnerability is exploited, FON routers may be leveraged for DNS amplification...
CVE-2019-12689 1 Cisco 1 Firepower Management Center 2019-10-10 9.0
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. The...
CVE-2019-17267 1 Fasterxml 1 Jackson-databind 2019-10-10 7.5
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.
CVE-2019-10918 1 Siemens 4 Simatic Pcs 7, Simatic Wincc, Simatic Wincc %28tia Portal%29 and 1 more 2019-10-10 9.0
A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All...
CVE-2019-10916 1 Siemens 4 Simatic Pcs 7, Simatic Wincc, Simatic Wincc %28tia Portal%29 and 1 more 2019-10-10 9.0
A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All...
CVE-2019-12812 2019-10-10 7.5
MyBuilder viewer before 6.2.2019.814 allow an attacker to execute arbitrary command via specifically crafted configuration file. This can be leveraged for code execution.
CVE-2009-1784 1 Avg 1 Avg Anti-virus 2019-10-10 10.0
The AVG parsing engine 8.5 323, as used in multiple AVG anti-virus products including Anti-Virus Network Edition, Internet Security Netzwerk Edition, Server Edition f?r Linux/FreeBSD, Anti-Virus SBS Edition, and others allows remote attackers to...
CVE-2019-9900 1 Envoyproxy 1 Envoy 2019-10-09 7.5
When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0). This allows remote attackers crafting header values containing embedded NUL characters to potentially bypass header matching...
CVE-2019-9141 1 Imgtech 1 Zoneplayer 2019-10-09 7.5
ZInsVX.dll ActiveX Control 2018.02 and earlier in Zoneplayer contains a vulnerability that could allow remote attackers to execute arbitrary files by setting the arguments to the ActiveX method. This can be leveraged for remote code execution.
CVE-2019-7304 1 Canonical 2 Ubuntu Linux, Snapd 2019-10-09 10.0
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.