Vulnerabilities (CVE)

CWE filter

CWE-284

Filter

3820 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-11807 2019-08-23 6.4
The WooCommerce Checkout Manager plugin before 4.3 for WordPress allows media deletion via the wp-admin/admin-ajax.php?action=update_attachment_wccm wccm_default_keys_load parameter because of a nopriv_ registration and a lack of capabilities checks.
CVE-2019-10929 1 Siemens 12 Simatic S7-1500, Simatic S7-plcsim Advanced, Simatic Et 200sp Open Controller Cpu 1515sp Pc2 Firmware and 9 more 2019-08-22 4.3
A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (All versions), SIMATIC S7-1200 CPU family (All versions >= V4.0), SIMATIC S7-1500 CPU family...
CVE-2019-10943 1 Siemens 12 Simatic S7-1500, Simatic S7-plcsim Advanced, Simatic Et 200sp Open Controller Cpu 1515sp Pc2 Firmware and 9 more 2019-08-22 5.0
A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (All versions), SIMATIC S7-1200 CPU family (All versions >= V4.0), SIMATIC S7-1500 CPU family...
CVE-2019-2791 2 Oracle, Canonical 2 Mysql, Ubuntu Linux 2019-08-22 5.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker...
CVE-2019-2747 1 Oracle 1 Mysql 2019-08-22 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: GIS). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...
CVE-2019-2746 1 Oracle 1 Mysql 2019-08-22 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Data Dictionary). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access...
CVE-2019-2743 1 Oracle 1 Mysql 2019-08-22 3.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Supported versions that are affected are 8.0.12 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access...
CVE-2019-2741 2 Oracle, Canonical 2 Mysql, Ubuntu Linux 2019-08-22 3.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Log). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Difficult to exploit vulnerability allows low privileged attacker with...
CVE-2017-18543 2019-08-21 7.5
The invite-anyone plugin before 1.3.16 for WordPress has incorrect access control for email-based invitations.
CVE-2019-2731 1 Oracle 1 Mysql 2019-08-21 5.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.23 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via...
CVE-2019-2730 1 Oracle 1 Mysql 2019-08-21 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.44 and prior and 5.7.18 and prior. Easily exploitable vulnerability allows high privileged...
CVE-2019-1182 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2019-08-19 10.0
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop...
CVE-2019-1222 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2019-08-19 10.0
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop...
CVE-2019-1226 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2019-08-19 10.0
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop...
CVE-2019-1181 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2019-08-19 10.0
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop...
CVE-2018-3252 1 Oracle 1 Weblogic Server 2019-08-18 7.5
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows...
CVE-2019-5237 2019-08-16 6.8
Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versions before 9.0.1.70 (China) have a code execution vulnerability. Successful exploitation may cause the attacker to execute code and read/write information.
CVE-2018-20957 2019-08-16 5.8
The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 allows replay attacks.
CVE-2019-12618 1 Hashicorp 1 Nomad 2019-08-16 10.0
HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via the exec driver.
CVE-2019-5238 2019-08-16 6.8
Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versions before 9.0.1.70 (China) have a code execution vulnerability. Successful exploitation may cause the attacker to execute code and read/write information.