Vulnerabilities (CVE)

CWE filter

CWE-20

Filter

5134 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-16398 1 Keeper 1 K5 Firmware 2019-09-19 7.2
On Keeper K5 20.1.0.25 and 20.1.0.63 devices, remote code execution can occur by inserting an SD card containing a file named zskj_script_run.sh that executes a reverse shell.
CVE-2019-15943 2019-09-19 6.8
vphysics.dll in Counter-Strike: Global Offensive before 1.37.1.1 allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a...
CVE-2015-9239 1 Ansi2html Project 1 Ansi2html 2019-09-19 5.0
ansi2html is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in.
CVE-2016-10520 1 Jadedown Project 1 Jadedown 2019-09-19 5.0
jadedown is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in.
CVE-2016-10521 1 Jshamcrest Project 1 Jshamcrest 2019-09-19 5.0
jshamcrest is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in to the emailAddress validator.
CVE-2011-4181 1 Opensuse 1 Open Build Service 2019-09-19 5.0
A vulnerability in open build service allows remote attackers to gain access to source files even though source access is disabled. Affected releases are SUSE open build service up to and including version 2.1.15 (for 2.1) and before version 2.3.
CVE-2019-9678 2019-09-19 5.0
Some Dahua products have the problem of denial of service during the login process. An attacker can cause a device crashed by constructing a malicious packet. Affected products include:...
CVE-2019-15858 1 Webcraftic 1 Woody Ad Snippets 2019-09-19 6.8
admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code execution.
CVE-2019-16370 1 Gradle 1 Gradle 2019-09-19 4.3
The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.
CVE-2018-12565 2 Debian, Linaro 2 Debian Linux, Lava 2019-09-18 6.5
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load() instead of yaml.safe_load() when parsing user data, remote code execution can occur.
CVE-2019-9009 2019-09-18 5.0
An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.
CVE-2019-7441 1 Woocommerce 1 Paypal Checkout Payment Gateway 2019-09-18 4.0
** DISPUTED ** cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchasing an item for lower than the...
CVE-2019-14979 1 Woocommerce 1 Paypal Checkout Payment Gateway 2019-09-18 5.0
** DISPUTED ** cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.17 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchasing an item for lower than the...
CVE-2016-10991 1 Imdb-widget Project 1 Imdb-widget 2019-09-18 5.0
The imdb-widget plugin before 1.0.9 for WordPress has Local File Inclusion.
CVE-2019-16353 1 Geautomation 1 Proficy 2019-09-18 5.0
Emerson GE Automation Proficy Machine Edition 8.0 allows an access violation and application crash via crafted traffic from a remote device, as demonstrated by an RX7i device.
CVE-2019-10071 1 Apache 1 Tapestry 2019-09-17 6.8
The code which checks HMAC in form submissions used String.equals() for comparisons, which results in a timing side channel for the comparison of the HMAC signatures. This could lead to remote code execution if an attacker is able to determine...
CVE-2016-10960 2019-09-17 6.5
The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter.
CVE-2019-16237 2019-09-17 5.0
Dino before 2019-09-10 does not properly check the source of an MAM message in module/xep/0313_message_archive_management.vala.
CVE-2019-16235 2019-09-17 5.0
Dino before 2019-09-10 does not properly check the source of a carbons message in module/xep/0280_message_carbons.vala.
CVE-2019-10937 2019-09-16 5.0
A vulnerability has been identified in SIMATIC TDC CP51M1 (All versions < V1.1.7). An attacker with network access to the device could cause a Denial-of-Service condition by sending a specially crafted UDP packet. The vulnerability affects the...