Vulnerabilities (CVE)

CWE filter

CWE-20

Filter

5199 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-17420 2 Oisf, Suricata-ids 2 Libhtp, Suricata 2019-10-16 5.0
In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature to not alert on a response with a single \r\n ending.
CVE-2019-6333 1 Hp 1 Touchpoint Analytics 2019-10-16 7.2
A potential security vulnerability has been identified with certain versions of HP Touchpoint Analytics prior to version 4.1.4.2827. This vulnerability may allow a local attacker with administrative privileges to execute arbitrary code via an HP...
CVE-2019-10969 1 Moxa 1 Edr-810 Firmware 2019-10-16 6.5
Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution.
CVE-2019-17426 1 Mongoosejs 1 Mongoose 2019-10-16 6.4
Automattic Mongoose through 5.7.4 allows attackers to bypass access control (in some applications) because any query object with a _bsontype attribute is ignored. For example, adding "_bsontype":"a" can sometimes interfere with a query filter....
CVE-2016-6087 1 Ibm 1 Domino 2019-10-16 5.0
IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials using multiple sessions and large amounts of data using Domino TLS Key Exchange validation. IBM X-Force ID: 117918.
CVE-2019-1230 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2019-10-15 4.0
An information disclosure vulnerability exists when the Windows Hyper-V Network Switch on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Information Disclosure Vulnerability'.
CVE-2019-17507 1 Dlink 1 Dir-816 A1 Firmware 2019-10-15 5.0
An issue was discovered on D-Link DIR-816 A1 1.06 devices. An attacker could access management pages of the router via a client that ignores the 'top.location.href = "/dir_login.asp"' line in a .asp file. This provides access to d_status.asp,...
CVE-2019-5700 1 Nvidia 1 Shield Experience 2019-10-15 7.2
NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra software contains a vulnerability in the bootloader, where it does not validate the fields of the boot image, which may lead to code execution, denial of service, escalation of privileges,...
CVE-2019-13120 1 Amazon 1 Freertos 2019-10-15 5.0
Amazon FreeRTOS up to and including v1.4.8 for AWS lacks length checking in prvProcessReceivedPublish, resulting in leakage of arbitrary memory contents on a device to an attacker. An attacker sends a malformed MQTT publish packet, and waits for...
CVE-2019-1342 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2019-10-15 7.2
An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1315, CVE-2019-1339.
CVE-2019-17132 1 Vbulletin 1 Vbulletin 2019-10-11 6.8
vBulletin through 5.5.4 mishandles custom avatars.
CVE-2019-17191 2019-10-11 5.0
The Signal Private Messenger application before 4.47.7 for Android allows a caller to force a call to be answered, without callee user interaction, via a connect message. The existence of the call is noticeable to the callee; however, the audio...
CVE-2019-1584 1 Zingbox 1 Inspector 2019-10-11 6.8
A security vulnerability exists in Zingbox Inspector version 1.293 and earlier, that allows for remote code execution if the Inspector were sent a malicious command from the Zingbox cloud, or if the Zingbox Inspector were tampered with to connect...
CVE-2018-21020 2019-10-11 5.0
In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass authentication mechanisms in place.
CVE-2019-17370 1 Otcms 1 Otcms 2019-10-11 6.5
OTCMS v3.85 allows arbitrary PHP Code Execution because admin/sysCheckFile_deal.php blocks "into outfile" in a SELECT statement, but does not block the "into/**/outfile" manipulation. Therefore, the attacker can create a .php file.
CVE-2019-17344 1 Xen 1 Xen 2019-10-11 4.9
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates.
CVE-2019-17348 1 Xen 1 Xen 2019-10-11 4.9
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching.
CVE-2019-12701 1 Cisco 1 Firepower Management Center 2019-10-10 5.0
A vulnerability in the file and malware inspection feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass the file and malware inspection policies on an affected system. The...
CVE-2019-17340 1 Xen 1 Xen 2019-10-10 6.1
An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.
CVE-2019-17347 1 Xen 1 Xen 2019-10-10 4.6
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels).