CVE |
Vendors |
Products |
Updated |
CVSS |
CVE-2019-10759 |
1 Safer-eval Project |
1 Safer-eval |
2019-10-15 |
6.5 |
safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code. |
CVE-2019-10760 |
1 Safer-eval Project |
1 Safer-eval |
2019-10-15 |
6.5 |
safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code. |
CVE-2019-3652 |
1 Mcafee |
1 Endpoint Security |
2019-10-15 |
4.6 |
Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to get their malicious code installed by the ENS installer via code injection into EPSetup.exe by an attacker with... |
CVE-2019-11526 |
1 Softing |
1 Uagate Si Firmware |
2019-10-15 |
10.0 |
An issue was discovered in Softing uaGate SI 1.60.01. A maintenance script, that is executable via sudo, is vulnerable to file path injection. This enables the Attacker to write files with superuser privileges in specific locations. |
CVE-2019-17107 |
1 Centreon |
1 Centreon Web |
2019-10-15 |
6.5 |
minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. NOTE: some sources have listed CVE-2019-17017 for this, but that is incorrect. |
CVE-2018-21023 |
1 Centreon |
1 Centreon Web |
2019-10-15 |
6.5 |
getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter. |
CVE-2003-0498 |
1 Intersystems |
1 Cache Database |
2019-10-10 |
7.2 |
Cach? Database 5.x installs the /cachesys/csp directory with insecure permissions, which allows local users to execute arbitrary code by adding server-side scripts that are executed with root privileges. |
CVE-2019-9140 |
1 Happypointcard |
1 Happypoint |
2019-10-09 |
5.8 |
When processing Deeplink scheme, Happypoint mobile app 6.3.19 and earlier versions doesn't check Deeplink URL correctly. This could lead to javascript code execution, url redirection, sensitive information disclosure. An attacker can exploit this... |
CVE-2019-6823 |
1 Schneider-electric |
1 Proclima |
2019-10-09 |
10.0 |
A CWE-94: Code Injection vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0. |
CVE-2019-6742 |
|
|
2019-10-09 |
7.5 |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to 1.4.20.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of... |
CVE-2019-5450 |
1 Nextcloud |
1 Nextcloud |
2019-10-09 |
4.6 |
Improper sanitization of HTML in directory names in the Nextcloud Android app prior to version 3.7.0 allowed to style the directory name in the header bar when using basic HTML. |
CVE-2019-5443 |
1 Haxx |
1 Curl |
2019-10-09 |
4.6 |
A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a... |
CVE-2019-3759 |
1 Dell |
2 Rsa Identity Governance And Lifecycle, Rsa Via Lifecycle And Governance |
2019-10-09 |
5.5 |
The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a code injection vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to run... |
CVE-2019-13558 |
1 Advantech |
1 Webaccess |
2019-10-09 |
9.0 |
In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, which may allow remote code execution, data exfiltration, or cause a system crash. |
CVE-2019-11773 |
1 Eclipse |
1 Omr |
2019-10-09 |
4.6 |
Prior to 0.1, AIX builds of Eclipse OMR contain unused RPATHs which may facilitate code injection and privilege elevation by local users. |
CVE-2019-10431 |
1 Jenkins |
1 Script Security |
2019-10-09 |
6.5 |
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed scripts. |
CVE-2018-6499 |
1 Microfocus |
8 Data Center Automation, Hybrid Cloud Management, Network Operations Management and 5 more |
2019-10-09 |
7.5 |
Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01... |
CVE-2018-6498 |
1 Microfocus |
5 Data Center Automation, Hybrid Cloud Management, Network Operations Management and 2 more |
2019-10-09 |
7.5 |
Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01... |
CVE-2018-6488 |
1 Microfocus |
1 Ucmdb Configuration Manager |
2019-10-09 |
7.5 |
Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. This vulnerability could be remotely exploited to allow Arbitrary Code Execution. |
CVE-2018-2418 |
|
|
2019-10-09 |
7.5 |
SAP MaxDB ODBC driver (all versions before 7.9.09.07) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application. |