Vulnerabilities (CVE)

CWE filter

CWE-94

Filter

2440 total CVE
CVE Vendors Products Updated CVSS
CVE-2003-0498 1 Intersystems 1 Cache Database 2019-10-10 7.2
Cach? Database 5.x installs the /cachesys/csp directory with insecure permissions, which allows local users to execute arbitrary code by adding server-side scripts that are executed with root privileges.
CVE-2019-9140 1 Happypointcard 1 Happypoint 2019-10-09 5.8
When processing Deeplink scheme, Happypoint mobile app 6.3.19 and earlier versions doesn't check Deeplink URL correctly. This could lead to javascript code execution, url redirection, sensitive information disclosure. An attacker can exploit this...
CVE-2019-6823 1 Schneider-electric 1 Proclima 2019-10-09 10.0
A CWE-94: Code Injection vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0.
CVE-2019-6742 2019-10-09 7.5
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to 1.4.20.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of...
CVE-2019-5450 1 Nextcloud 1 Nextcloud 2019-10-09 4.6
Improper sanitization of HTML in directory names in the Nextcloud Android app prior to version 3.7.0 allowed to style the directory name in the header bar when using basic HTML.
CVE-2019-5443 1 Haxx 1 Curl 2019-10-09 4.6
A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a...
CVE-2019-3759 1 Dell 2 Rsa Identity Governance And Lifecycle, Rsa Via Lifecycle And Governance 2019-10-09 5.5
The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a code injection vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to run...
CVE-2019-13558 1 Advantech 1 Webaccess 2019-10-09 9.0
In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, which may allow remote code execution, data exfiltration, or cause a system crash.
CVE-2019-11773 1 Eclipse 1 Omr 2019-10-09 4.6
Prior to 0.1, AIX builds of Eclipse OMR contain unused RPATHs which may facilitate code injection and privilege elevation by local users.
CVE-2019-10431 1 Jenkins 1 Script Security 2019-10-09 6.5
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed scripts.
CVE-2018-6499 1 Microfocus 8 Data Center Automation, Hybrid Cloud Management, Network Operations Management and 5 more 2019-10-09 7.5
Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01...
CVE-2018-6498 1 Microfocus 5 Data Center Automation, Hybrid Cloud Management, Network Operations Management and 2 more 2019-10-09 7.5
Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01...
CVE-2018-6488 1 Microfocus 1 Ucmdb Configuration Manager 2019-10-09 7.5
Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. This vulnerability could be remotely exploited to allow Arbitrary Code Execution.
CVE-2018-2418 2019-10-09 7.5
SAP MaxDB ODBC driver (all versions before 7.9.09.07) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.
CVE-2018-1792 1 Ibm 1 Websphere Mq 2019-10-09 7.2
IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947.
CVE-2018-1774 1 Ibm 1 Api Connect 2019-10-09 6.8
IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerable to CSV injection via the developer portal and analytics that could contain malicious commands that would be executed once opened by an administrator. IBM X-Force ID: 148692.
CVE-2018-1104 1 Redhat 2 Ansible Tower, Cloudforms 2019-10-09 6.5
Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server.
CVE-2018-19641 1 Microfocus 1 Solutions Business Manager 2019-10-09 N/A
Unauthenticated remote code execution issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
CVE-2018-19011 1 Omron 1 Cx-supervisor 2019-10-09 6.8
CX-Supervisor (Versions 3.42 and prior) can execute code that has been injected into a project file. An attacker could exploit this to execute code under the privileges of the application.
CVE-2018-19002 2019-10-09 8.3
LCDS Laquis SCADA prior to version 4.1.0.4150 allows improper control of generation of code when opening a specially crafted project file, which may allow remote code execution, data exfiltration, or cause a system crash.