Vulnerabilities (CVE)

CWE filter

CWE-94

Filter

2446 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-10759 1 Safer-eval Project 1 Safer-eval 2019-10-15 6.5
safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code.
CVE-2019-10760 1 Safer-eval Project 1 Safer-eval 2019-10-15 6.5
safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code.
CVE-2019-3652 1 Mcafee 1 Endpoint Security 2019-10-15 4.6
Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to get their malicious code installed by the ENS installer via code injection into EPSetup.exe by an attacker with...
CVE-2019-11526 1 Softing 1 Uagate Si Firmware 2019-10-15 10.0
An issue was discovered in Softing uaGate SI 1.60.01. A maintenance script, that is executable via sudo, is vulnerable to file path injection. This enables the Attacker to write files with superuser privileges in specific locations.
CVE-2019-17107 1 Centreon 1 Centreon Web 2019-10-15 6.5
minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. NOTE: some sources have listed CVE-2019-17017 for this, but that is incorrect.
CVE-2018-21023 1 Centreon 1 Centreon Web 2019-10-15 6.5
getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter.
CVE-2003-0498 1 Intersystems 1 Cache Database 2019-10-10 7.2
Cach? Database 5.x installs the /cachesys/csp directory with insecure permissions, which allows local users to execute arbitrary code by adding server-side scripts that are executed with root privileges.
CVE-2019-9140 1 Happypointcard 1 Happypoint 2019-10-09 5.8
When processing Deeplink scheme, Happypoint mobile app 6.3.19 and earlier versions doesn't check Deeplink URL correctly. This could lead to javascript code execution, url redirection, sensitive information disclosure. An attacker can exploit this...
CVE-2019-6823 1 Schneider-electric 1 Proclima 2019-10-09 10.0
A CWE-94: Code Injection vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0.
CVE-2019-6742 2019-10-09 7.5
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to 1.4.20.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of...
CVE-2019-5450 1 Nextcloud 1 Nextcloud 2019-10-09 4.6
Improper sanitization of HTML in directory names in the Nextcloud Android app prior to version 3.7.0 allowed to style the directory name in the header bar when using basic HTML.
CVE-2019-5443 1 Haxx 1 Curl 2019-10-09 4.6
A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a...
CVE-2019-3759 1 Dell 2 Rsa Identity Governance And Lifecycle, Rsa Via Lifecycle And Governance 2019-10-09 5.5
The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a code injection vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to run...
CVE-2019-13558 1 Advantech 1 Webaccess 2019-10-09 9.0
In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, which may allow remote code execution, data exfiltration, or cause a system crash.
CVE-2019-11773 1 Eclipse 1 Omr 2019-10-09 4.6
Prior to 0.1, AIX builds of Eclipse OMR contain unused RPATHs which may facilitate code injection and privilege elevation by local users.
CVE-2019-10431 1 Jenkins 1 Script Security 2019-10-09 6.5
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed scripts.
CVE-2018-6499 1 Microfocus 8 Data Center Automation, Hybrid Cloud Management, Network Operations Management and 5 more 2019-10-09 7.5
Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01...
CVE-2018-6498 1 Microfocus 5 Data Center Automation, Hybrid Cloud Management, Network Operations Management and 2 more 2019-10-09 7.5
Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01...
CVE-2018-6488 1 Microfocus 1 Ucmdb Configuration Manager 2019-10-09 7.5
Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. This vulnerability could be remotely exploited to allow Arbitrary Code Execution.
CVE-2018-2418 2019-10-09 7.5
SAP MaxDB ODBC driver (all versions before 7.9.09.07) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.