Vulnerabilities (CVE)

CWE filter

CWE-74

Filter

340 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-17059 1 Sophos 1 Cyberoamos 2019-10-16 10.0
A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles.
CVE-2018-11396 1 Gnome 1 Epiphany 2019-10-16 5.0
ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call.
CVE-2019-17223 1 Dolibarr 1 Dolibarr 2019-10-15 4.3
There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php.
CVE-2018-9062 2019-10-15 7.2
In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code.
CVE-2019-15894 1 Espressif 1 Esp-idf 2019-10-15 7.2
An issue was discovered in Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.6, 3.2.x through 3.2.3, and 3.3.x through 3.3.1. An attacker who uses fault injection to physically disrupt the ESP32 CPU can bypass the Secure Boot digest...
CVE-2019-15020 1 Zingbox 1 Inspector 2019-10-11 7.5
A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector that could result in command injection.
CVE-2019-15014 1 Zingbox 1 Inspector 2019-10-11 9.0
A command injection vulnerability exists in the Zingbox Inspector versions 1.286 and earlier, that allows for an authenticated user to execute arbitrary system commands in the CLI.
CVE-2019-4558 1 Ibm 1 Spectrum Scale 2019-10-11 7.2
A security vulnerability has been identified in all levels of IBM Spectrum Scale V5.0.0.0 through V5.0.3.2 and IBM Spectrum Scale V4.2.0.0 through V4.2.3.17 that could allow a local attacker to obtain root privilege by injecting parameters into...
CVE-2017-17518 1 White Dune Project 1 White Dune 2019-10-10 6.8
** DISPUTED ** swt/motif/browser.c in White_dune (aka whitedune) 0.30.10 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection...
CVE-2019-6182 1 Lenovo 1 Xclarity Administrator 2019-10-09 4.0
A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and Event Log data, that could result in crafted...
CVE-2019-5479 1 Larvit 1 Larvitbase 2019-10-09 5.0
An unintended require vulnerability in <v0.5.5 larvitbase-api may allow an attacker to load arbitrary non-production code (JavaScript file).
CVE-2019-4186 1 Ibm 1 Jazz For Service Management 2019-10-09 4.3
IBM Jazz for Service Management 1.1.3 is vulnerable to HTTP header injection, caused by incorrect trust in the HTTP Host header during caching. By sending a specially crafted HTTP GET request, a remote attacker could exploit this vulnerability to...
CVE-2019-4133 1 Ibm 1 Cloud Automation Manager 2019-10-09 3.6
IBM Cloud Automation Manager 3.1.2 could allow a malicious user on the client side (with access to client computer) to run a custom script. IBM X-Force ID: 158278.
CVE-2019-3931 1 Crestron 2 Am-100 Firmware, Am-101 Firmware 2019-10-09 9.0
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to argumention injection to the curl binary via crafted HTTP requests to return.cgi. A remote, authenticated attacker can use this vulnerability to upload files...
CVE-2019-1939 1 Cisco 1 Webex Teams 2019-10-09 9.3
A vulnerability in the Cisco Webex Teams client for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. This vulnerability is due to improper restrictions on software logging features used...
CVE-2019-11277 1 Cloudfoundry 1 Cf-deployment 2019-10-09 5.5
Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation,...
CVE-2018-8920 1 Synology 1 Diskstation Manager 2019-10-09 6.5
Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format.
CVE-2018-1998 1 Ibm 1 Websphere Mq 2019-10-09 7.2
IBM WebSphere MQ 8.0.0.0 through 9.1.1 could allow a local user to inject code that could be executed with root privileges. This is due to an incomplete fix for CVE-2018-1792. IBM X-ForceID: 154887.
CVE-2018-1943 1 Ibm 1 Cloud Private 2019-10-09 3.5
IBM Cloud Private 3.1.0 and 3.1.1 is vulnerable to HTTP HOST header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject...
CVE-2018-1896 1 Ibm 1 Connections 2019-10-09 3.5
IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain. IBM X-Force ID: 152456.