| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2019-0091 |
|
|
2019-06-20 |
7.2 |
| Code injection vulnerability in installer for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access. |
| CVE-2018-18879 |
1 Columbiaweather |
1 Weather Microserver Firmware |
2019-06-18 |
6.5 |
| In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can pipe commands directly to the underlying operating system as user input is not sanitized in networkdiags.php. |
| CVE-2019-9858 |
1 Horde |
1 Groupware |
2019-06-17 |
6.5 |
| Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the Horde_Form_Type_image method onSubmit() is called on uploads, it... |
| CVE-2019-10125 |
1 Linux |
1 Linux Kernel |
2019-06-15 |
10.0 |
| An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by the close of a pair of pipes) after the return of vfs_poll(),... |
| CVE-2019-0304 |
1 Sap |
5 Advanced Business Application Programming Platform Kernel, Advanced Business Application Programming Platform Krnl32nuc, Advanced Business Application Programming Platform Krnl32uc and 2 more |
2019-06-14 |
7.5 |
| FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21,... |
| CVE-2014-4043 |
3 Gnu, Novell, Opensuse |
3 Glibc, Opensuse, Opensuse |
2019-06-13 |
7.5 |
| The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities. |
| CVE-2017-16544 |
1 Busybox |
1 Busybox |
2019-06-13 |
6.5 |
| In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the... |
| CVE-2019-0308 |
1 Sap |
1 E-commerce |
2019-06-13 |
3.5 |
| An authenticated attacker in SAP E-Commerce (Business-to-Consumer application), versions 7.3, 7.31, 7.32, 7.33, 7.54, can change the price of the product to zero and also checkout, by injecting an HTML code in the application that will be... |
| CVE-2018-19462 |
1 Phome |
1 Empirecms |
2019-06-09 |
6.5 |
| admin\db\DoSql.php in EmpireCMS through 7.5 allows remote attackers to execute arbitrary PHP code via SQL injection that uses a .php filename in a SELECT INTO OUTFILE statement to admin/admin.php. |
| CVE-2019-12548 |
1 Bludit |
1 Bludit |
2019-06-04 |
6.5 |
| Bludit before 3.9.0 allows remote code execution for an authenticated user by uploading a php file while changing the logo through /admin/ajax/upload-logo. |
| CVE-2019-6742 |
|
|
2019-06-04 |
7.5 |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to 1.4.20.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of... |
| CVE-2017-14853 |
1 Orpak |
1 Siteomat |
2019-06-04 |
10.0 |
| The Orpak SiteOmat OrCU component is vulnerable to code injection, for all versions prior to 2017-09-25, due to a search query that uses a direct shell command. By tampering with the request, an attacker is able to run shell commands and receive... |
| CVE-2012-4791 |
1 Microsoft |
1 Exchange Server |
2019-06-01 |
3.5 |
| Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability." |
| CVE-2019-12295 |
1 Wireshark |
1 Wireshark |
2019-05-27 |
5.0 |
| In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion. |
| CVE-2013-4330 |
1 Apache |
1 Camel |
2019-05-24 |
6.8 |
| Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including "$simple{}" in a CamelFileName message header to a (1) FILE or (2) FTP producer. |
| CVE-2019-6816 |
1 Schneider-electric |
1 Modicon Quantum Firmware |
2019-05-23 |
6.4 |
| In Modicon Quantum all firmware versions, a CWE-94: Code Injection vulnerability could cause an unauthorized firmware modification with possible Denial of Service when using Modbus protocol. |
| CVE-2015-1696 |
1 Microsoft |
8 Windows Rt 8.1, Windows 8, Windows Server 2008 and 5 more |
2019-05-16 |
9.3 |
| Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka... |
| CVE-2015-1698 |
1 Microsoft |
8 Windows Rt 8.1, Windows 8, Windows Server 2008 and 5 more |
2019-05-15 |
9.3 |
| Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka... |
| CVE-2015-1697 |
1 Microsoft |
8 Windows Rt 8.1, Windows 8, Windows Server 2008 and 5 more |
2019-05-15 |
9.3 |
| Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka... |
| CVE-2014-6321 |
1 Microsoft |
9 Windows Rt 8.1, Windows 8, Windows Server 2008 and 6 more |
2019-05-15 |
10.0 |
| Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary... |
