Vulnerabilities (CVE)

CWE filter

CWE-20

Filter

7636 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-16100 1 Silver-peak 1 Unity Edgeconnect Sd-wan Firmware 2019-09-09 5.0
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to trigger a web-interface outage via slow client-side HTTP traffic from a single source.
CVE-2019-16102 1 Silver-peak 1 Unity Edgeconnect Sd-wan Firmware 2019-09-09 7.5
Silver Peak EdgeConnect SD-WAN before 8.1.7.x has an SNMP service with a public value for rocommunity and trapcommunity.
CVE-2019-15237 1 Roundcube 1 Webmail 2019-09-08 4.3
Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks.
CVE-2019-14224 1 Alfresco 1 Alfresco 2019-09-06 9.0
An issue was discovered in Alfresco Community Edition 5.2 201707. By leveraging multiple components in the Alfresco Software applications, an exploit chain was observed that allows an attacker to achieve remote code execution on the victim...
CVE-2019-6251 6 Gnome, Webkitgtk, Canonical and 3 more 6 Epiphany, Webkitgtk, Ubuntu Linux and 3 more 2019-09-06 5.8
WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the...
CVE-2019-5420 3 Rubyonrails, Debian, Fedoraproject 3 Rails, Debian Linux, Fedora 2019-09-06 7.5
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails...
CVE-2019-2180 1 Google 1 Android 2019-09-06 2.1
In ippSetValueTag of ipp.c in Android 8.0, 8.1 and 9, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure from the printer service with no additional execution privileges...
CVE-2019-9254 1 Google 1 Android 2019-09-06 7.2
In readArgumentList of zygote.java in Android 10, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
CVE-2019-12633 1 Cisco 1 Unified Contact Center Express 2019-09-06 5.0
A vulnerability in Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on a targeted system. The vulnerability is due...
CVE-2019-12632 1 Cisco 1 Finesse 2019-09-06 5.0
A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on an affected system. The vulnerability exists because the affected system does...
CVE-2019-12645 1 Cisco 1 Jabber 2019-09-06 7.2
A vulnerability in Cisco Jabber Client Framework (JCF) for Mac Software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to execute arbitrary code on an affected device The vulnerability is due...
CVE-2019-12587 1 Espressif 1 Esp-idf 2019-09-06 4.8
The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 allows the installation of a zero Pairwise Master Key (PMK) after the completion of any EAP authentication method, which allows...
CVE-2019-8460 1 Openbsd 1 Openbsd 2019-09-06 5.0
Reuven Plevinsky and Tal Vainshtein of Check Point Software Technologies Ltd. discovered that OpenBSD kernel (all versions, including 6.5) can be forced to create long chains of TCP SACK holes that cause very expensive calls to tcp_sack_option()...
CVE-2018-17791 1 Newgensoft 1 Omniflow Intelligent Business Process Suite 2019-09-05 5.0
Newgen OmniFlow Intelligent Business Process Suite (iBPS) 7.0 has an "improper server side validation" vulnerability where client-side validations are tampered, and inappropriate information is stored on the server side and fetched from the...
CVE-2019-15545 1 Libp2p 1 Libp2p 2019-09-05 5.0
An issue was discovered in the libp2p-core crate before 0.8.1 for Rust. Attackers can spoof ed25519 signatures.
CVE-2019-12586 1 Espressif 2 Arduino-esp32, Esp-idf 2019-09-05 3.3
The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows attackers in radio range to cause a denial of...
CVE-2019-2389 1 Mongodb 1 Mongodb 2019-09-05 3.3
Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue...
CVE-2019-5478 1 Xilinx 2 Zynq Ultrascale%2b Mpsoc Firmware, Zynq Ultrascale%2b Rfsoc Firmware 2019-09-05 2.1
A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ devices. This could lead to an adversary being able to modify the control fields of the boot image leading to an incorrect secure boot behavior.
CVE-2019-15892 2 Varnish-cache, Debian 2 Varnish, Debian Linux 2019-09-05 7.8
An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests. The assert will cause an automatic restart...
CVE-2019-10055 1 Suricata-ids 1 Suricata 2019-09-05 7.8
An issue was discovered in Suricata 4.1.3. The function ftp_pasv_response lacks a check for the length of part1 and part2, leading to a crash within the ftp/mod.rs file.