Vulnerabilities (CVE)

CWE filter

CWE-20

Filter

7652 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-16335 1 Fasterxml 1 Jackson-databind 2019-09-18 7.5
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.
CVE-2016-10991 1 Imdb-widget Project 1 Imdb-widget 2019-09-18 5.0
The imdb-widget plugin before 1.0.9 for WordPress has Local File Inclusion.
CVE-2019-15030 1 Linux 1 Linux Kernel 2019-09-18 3.6
In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware...
CVE-2019-16353 1 Geautomation 1 Proficy 2019-09-18 5.0
Emerson GE Automation Proficy Machine Edition 8.0 allows an access violation and application crash via crafted traffic from a remote device, as demonstrated by an RX7i device.
CVE-2019-10071 1 Apache 1 Tapestry 2019-09-17 6.8
The code which checks HMAC in form submissions used String.equals() for comparisons, which results in a timing side channel for the comparison of the HMAC signatures. This could lead to remote code execution if an attacker is able to determine...
CVE-2016-10960 2019-09-17 6.5
The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter.
CVE-2017-12652 1 Libpng 1 Libpng 2019-09-17 7.5
libpng before 1.6.32 does not properly check the length of chunks against the user limit.
CVE-2019-16237 2019-09-17 5.0
Dino before 2019-09-10 does not properly check the source of an MAM message in module/xep/0313_message_archive_management.vala.
CVE-2019-16235 2019-09-17 5.0
Dino before 2019-09-10 does not properly check the source of a carbons message in module/xep/0280_message_carbons.vala.
CVE-2019-10937 2019-09-16 5.0
A vulnerability has been identified in SIMATIC TDC CP51M1 (All versions < V1.1.7). An attacker with network access to the device could cause a Denial-of-Service condition by sending a specially crafted UDP packet. The vulnerability affects the...
CVE-2016-10956 1 Mail-masta Project 1 Mail-masta 2019-09-16 5.0
The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php.
CVE-2019-16275 1 W1.fi 2 Hostapd, Wpa Supplicant 2019-09-16 3.3
hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka...
CVE-2019-16294 2 Notepad Plus Plus, Scintilla 2 Notepad%2b%2b, Scintilla 2019-09-16 6.8
SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file.
CVE-2019-16314 1 Indexhibit 1 Indexhibit 2019-09-16 7.5
Indexhibit 2.1.5 allows a product reinstallation, with resultant remote code execution, via /ndxzstudio/install.php?p=2.
CVE-2018-5252 2 Imageworsener Project, Entropymine 2 Imageworsener, Imageworsener 2019-09-16 2.6
libimageworsener.a in ImageWorsener 1.3.2, when libjpeg 8d is used, has a large loop in the get_raw_sample_int function in imagew-main.c.
CVE-2017-9093 2 Imageworsener Project, Entropymine 2 Imageworsener, Imageworsener 2019-09-16 4.3
The my_skip_input_data_fn function in imagew-jpeg.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image.
CVE-2017-9094 2 Imageworsener Project, Entropymine 2 Imageworsener, Imageworsener 2019-09-16 4.3
The lzw_add_to_dict function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image.
CVE-2018-7081 1 Arubanetworks 1 Arubaos 2019-09-16 9.3
A remote code execution vulnerability is present in network-listening components in some versions of ArubaOS. An attacker with the ability to transmit specially-crafted IP traffic to a mobility controller could exploit this vulnerability and...
CVE-2019-16288 1 Tenda 1 N301 Firmware 2019-09-16 7.8
On Tenda N301 wireless routers, a long string in the wifiSSID parameter of a goform/setWifi POST request causes the device to crash.
CVE-2019-11777 1 Eclipse 1 Paho Java Client 2019-09-13 5.0
In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow one MQTT server to impersonate another and...