| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2003-0498 |
1 Intersystems |
1 Cache Database |
2019-10-10 |
7.2 |
| Cach? Database 5.x installs the /cachesys/csp directory with insecure permissions, which allows local users to execute arbitrary code by adding server-side scripts that are executed with root privileges. |
| CVE-2019-9140 |
1 Happypointcard |
1 Happypoint |
2019-10-09 |
5.8 |
| When processing Deeplink scheme, Happypoint mobile app 6.3.19 and earlier versions doesn't check Deeplink URL correctly. This could lead to javascript code execution, url redirection, sensitive information disclosure. An attacker can exploit this... |
| CVE-2019-6823 |
1 Schneider-electric |
1 Proclima |
2019-10-09 |
10.0 |
| A CWE-94: Code Injection vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0. |
| CVE-2019-6742 |
|
|
2019-10-09 |
7.5 |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to 1.4.20.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of... |
| CVE-2019-5450 |
1 Nextcloud |
1 Nextcloud |
2019-10-09 |
4.6 |
| Improper sanitization of HTML in directory names in the Nextcloud Android app prior to version 3.7.0 allowed to style the directory name in the header bar when using basic HTML. |
| CVE-2019-5443 |
1 Haxx |
1 Curl |
2019-10-09 |
4.6 |
| A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a... |
| CVE-2019-3759 |
1 Dell |
2 Rsa Identity Governance And Lifecycle, Rsa Via Lifecycle And Governance |
2019-10-09 |
5.5 |
| The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a code injection vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to run... |
| CVE-2019-13558 |
1 Advantech |
1 Webaccess |
2019-10-09 |
9.0 |
| In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, which may allow remote code execution, data exfiltration, or cause a system crash. |
| CVE-2019-11773 |
1 Eclipse |
1 Omr |
2019-10-09 |
4.6 |
| Prior to 0.1, AIX builds of Eclipse OMR contain unused RPATHs which may facilitate code injection and privilege elevation by local users. |
| CVE-2019-10431 |
1 Jenkins |
1 Script Security |
2019-10-09 |
6.5 |
| A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed scripts. |
| CVE-2018-6499 |
1 Microfocus |
8 Data Center Automation, Hybrid Cloud Management, Network Operations Management and 5 more |
2019-10-09 |
7.5 |
| Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01... |
| CVE-2018-6498 |
1 Microfocus |
5 Data Center Automation, Hybrid Cloud Management, Network Operations Management and 2 more |
2019-10-09 |
7.5 |
| Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01... |
| CVE-2018-6488 |
1 Microfocus |
1 Ucmdb Configuration Manager |
2019-10-09 |
7.5 |
| Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. This vulnerability could be remotely exploited to allow Arbitrary Code Execution. |
| CVE-2018-2418 |
|
|
2019-10-09 |
7.5 |
| SAP MaxDB ODBC driver (all versions before 7.9.09.07) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application. |
| CVE-2018-1792 |
1 Ibm |
1 Websphere Mq |
2019-10-09 |
7.2 |
| IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947. |
| CVE-2018-1774 |
1 Ibm |
1 Api Connect |
2019-10-09 |
6.8 |
| IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerable to CSV injection via the developer portal and analytics that could contain malicious commands that would be executed once opened by an administrator. IBM X-Force ID: 148692. |
| CVE-2018-1104 |
1 Redhat |
2 Ansible Tower, Cloudforms |
2019-10-09 |
6.5 |
| Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server. |
| CVE-2018-19641 |
1 Microfocus |
1 Solutions Business Manager |
2019-10-09 |
N/A |
| Unauthenticated remote code execution issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. |
| CVE-2018-19011 |
1 Omron |
1 Cx-supervisor |
2019-10-09 |
6.8 |
| CX-Supervisor (Versions 3.42 and prior) can execute code that has been injected into a project file. An attacker could exploit this to execute code under the privileges of the application. |
| CVE-2018-19002 |
|
|
2019-10-09 |
8.3 |
| LCDS Laquis SCADA prior to version 4.1.0.4150 allows improper control of generation of code when opening a specially crafted project file, which may allow remote code execution, data exfiltration, or cause a system crash. |
