Vulnerabilities (CVE)

CWE filter

CWE-20

Filter

7801 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-12697 1 Cisco 1 Firepower 2019-10-10 5.0
Multiple vulnerabilities in the Cisco Firepower System Software Detection Engine could allow an unauthenticated, remote attacker to bypass configured Malware and File Policies for RTF and RAR file types. For more information about these...
CVE-2019-12696 1 Cisco 1 Firepower 2019-10-10 5.0
Multiple vulnerabilities in the Cisco Firepower System Software Detection Engine could allow an unauthenticated, remote attacker to bypass configured Malware and File Policies for RTF and RAR file types. For more information about these...
CVE-2019-17267 1 Fasterxml 1 Jackson-databind 2019-10-10 7.5
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.
CVE-2019-6568 1 Siemens 43 Simatic Cp443-1 Opc Ua, Simatic Ipc Diagmonitor, Simatic S7-1500 Software Controller and 40 more 2019-10-10 5.0
A vulnerability has been identified in CP1604 (All versions), CP1616 (All versions), SIMATIC CP343-1 Advanced (All versions), SIMATIC CP443-1 (All versions), SIMATIC CP443-1 Advanced (All versions), SIMATIC CP443-1 OPC UA (All versions), SIMATIC...
CVE-2019-10918 1 Siemens 4 Simatic Pcs 7, Simatic Wincc, Simatic Wincc %28tia Portal%29 and 1 more 2019-10-10 9.0
A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All...
CVE-2019-10917 1 Siemens 4 Simatic Pcs 7, Simatic Wincc, Simatic Wincc %28tia Portal%29 and 1 more 2019-10-10 2.1
A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All...
CVE-2019-10916 1 Siemens 4 Simatic Pcs 7, Simatic Wincc, Simatic Wincc %28tia Portal%29 and 1 more 2019-10-10 9.0
A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All...
CVE-2018-4843 1 Siemens 8 Simatic Cp 343-1 Firmware, Simatic Cp 443-1 Firmware, Simatic S7-300 Firmware and 5 more 2019-10-10 6.1
A vulnerability has been identified in SIMATIC CP 343-1 Advanced (All versions), SIMATIC CP 343-1 Standard (All versions), SIMATIC CP 443-1 Advanced (All versions), SIMATIC CP 443-1 Standard (All versions), SIMATIC S7-1500 Software Controller...
CVE-2019-12812 2019-10-10 7.5
MyBuilder viewer before 6.2.2019.814 allow an attacker to execute arbitrary command via specifically crafted configuration file. This can be leveraged for code execution.
CVE-2019-7441 1 Woocommerce 1 Paypal Checkout Payment Gateway 2019-10-10 4.0
** DISPUTED ** cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchasing an item for lower than the...
CVE-2019-14979 1 Woocommerce 1 Paypal Checkout Payment Gateway 2019-10-10 5.0
** DISPUTED ** cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.17 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchasing an item for lower than the...
CVE-2019-12102 1 Kentico 1 Kentico 2019-10-10 6.4
** DISPUTED ** Kentico 11 through 12 lets attackers upload and explore files without authentication via the cmsmodules/medialibrary/formcontrols/liveselectors/insertimageormedia/tabs_media.aspx URI. NOTE: The vendor disputes the report because...
CVE-2018-4833 1 Siemens 8 Rfid 181-eip Firmware, Ruggedcom Wimax Firmware, Scalance X200irt Firmware and 5 more 2019-10-10 5.8
A vulnerability has been identified in RFID 181-EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 (All versions < V5.2.3), SCALANCE X-200IRT (All versions < V5.4.1), SCALANCE X-200RNA (All versions < V3.2.6), SCALANCE...
CVE-2009-1784 1 Avg 1 Avg Anti-virus 2019-10-10 10.0
The AVG parsing engine 8.5 323, as used in multiple AVG anti-virus products including Anti-Virus Network Edition, Internet Security Netzwerk Edition, Server Edition f?r Linux/FreeBSD, Anti-Virus SBS Edition, and others allows remote attackers to...
CVE-2019-12676 1 Cisco 1 Firepower Threat Defense 2019-10-10 3.3
A vulnerability in the Open Shortest Path First (OSPF) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to cause a reload of an...
CVE-2019-9900 1 Envoyproxy 1 Envoy 2019-10-09 7.5
When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0). This allows remote attackers crafting header values containing embedded NUL characters to potentially bypass header matching...
CVE-2019-9141 1 Imgtech 1 Zoneplayer 2019-10-09 7.5
ZInsVX.dll ActiveX Control 2018.02 and earlier in Zoneplayer contains a vulnerability that could allow remote attackers to execute arbitrary files by setting the arguments to the ActiveX method. This can be leveraged for remote code execution.
CVE-2019-8989 1 Tibco 2 Data Science For Aws, Spotfire Data Science 2019-10-09 N/A
The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a vulnerability that theoretically enables a user to spoof their account to look like a different user in the affected...
CVE-2019-8458 2019-10-09 3.5
Check Point Endpoint Security Client for Windows, with Anti-Malware blade installed, before version E81.00, tries to load a non-existent DLL during an update initiated by the UI. An attacker with administrator privileges can leverage this to gain...
CVE-2019-7617 1 Elastic 1 Apm Agent 2019-10-09 6.4
When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy...