Vulnerabilities (CVE)

CWE filter

CWE-20

Filter

7789 total CVE
CVE Vendors Products Updated CVSS
CVE-2009-1784 1 Avg 1 Avg Anti-virus 2019-10-10 10.0
The AVG parsing engine 8.5 323, as used in multiple AVG anti-virus products including Anti-Virus Network Edition, Internet Security Netzwerk Edition, Server Edition f?r Linux/FreeBSD, Anti-Virus SBS Edition, and others allows remote attackers to...
CVE-2019-12676 1 Cisco 1 Firepower Threat Defense 2019-10-10 3.3
A vulnerability in the Open Shortest Path First (OSPF) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to cause a reload of an...
CVE-2019-9900 1 Envoyproxy 1 Envoy 2019-10-09 7.5
When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0). This allows remote attackers crafting header values containing embedded NUL characters to potentially bypass header matching...
CVE-2019-9141 1 Imgtech 1 Zoneplayer 2019-10-09 7.5
ZInsVX.dll ActiveX Control 2018.02 and earlier in Zoneplayer contains a vulnerability that could allow remote attackers to execute arbitrary files by setting the arguments to the ActiveX method. This can be leveraged for remote code execution.
CVE-2019-8989 1 Tibco 2 Data Science For Aws, Spotfire Data Science 2019-10-09 N/A
The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a vulnerability that theoretically enables a user to spoof their account to look like a different user in the affected...
CVE-2019-8458 2019-10-09 3.5
Check Point Endpoint Security Client for Windows, with Anti-Malware blade installed, before version E81.00, tries to load a non-existent DLL during an update initiated by the UI. An attacker with administrator privileges can leverage this to gain...
CVE-2019-7617 1 Elastic 1 Apm Agent 2019-10-09 6.4
When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy...
CVE-2019-7613 1 Elastic 1 Winlogbeat 2019-10-09 5.0
Winlogbeat versions before 5.6.16 and 6.6.2 had an insufficient logging flaw. An attacker able to inject certain characters into a log entry could prevent Winlogbeat from recording the event.
CVE-2019-7304 1 Canonical 2 Ubuntu Linux, Snapd 2019-10-09 10.0
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.
CVE-2019-6739 1 Malwarebytes 1 Antimalware 2019-10-09 6.8
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Malwarebytes Antimalware 3.6.1.2711. User interaction is required to exploit this vulnerability in that the target must visit a malicious web...
CVE-2019-6731 1 Foxitsoftware 2 Phantompdf, Reader 2019-10-09 6.8
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...
CVE-2019-6729 1 Foxitsoftware 2 Phantompdf, Reader 2019-10-09 6.8
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....
CVE-2019-6578 1 Siemens 6 Sinamics Perfect Harmony Gh180 With Nxg I Control Mlfb 6sr2 Firmware, Sinamics Perfect Harmony Gh180 With Nxg I Control Mlfb 6sr3 Firmware, Sinamics Perfect Harmony Gh180 With Nxg I Control Mlfb 6sr4 Firmware and 3 more 2019-10-09 5.0
A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G28), SINAMICS PERFECT HARMONY GH180 with NXG II control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...-...
CVE-2019-6555 1 Hornerautomation 1 Cscape 2019-10-09 6.8
Cscape, 9.80 SP4 and prior. An improper input validation vulnerability may be exploited by processing specially crafted POC files. This may allow an attacker to read confidential information and remotely execute arbitrary code.
CVE-2019-6528 1 Psigridconnect 1 Iec104 Security Proxy Firmware 2019-10-09 6.5
PSI GridConnect GmbH Telecontrol Gateway and Smart Telecontrol Unit family, IEC104 Security Proxy versions Telecontrol Gateway 3G Versions 4.2.21, 5.0.27, 5.1.19, 6.0.16 and prior, and Telecontrol Gateway XS-MU Versions 4.2.21, 5.0.27, 5.1.19,...
CVE-2019-6339 2 Drupal, Debian 2 Drupal, Debian Linux 2019-10-09 7.5
In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal...
CVE-2019-6155 1 Ibm 4 Bladecenter Hs23 Firmware, System X3530 M4 Firmware, System X3630 M4 Firmware and 1 more 2019-10-09 7.8
A potential vulnerability was found in an SMI handler in various BIOS versions of certain legacy IBM System x and IBM BladeCenter systems that could lead to denial of service.
CVE-2019-5478 1 Xilinx 2 Zynq Ultrascale%2b Mpsoc Firmware, Zynq Ultrascale%2b Rfsoc Firmware 2019-10-09 2.1
A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ devices. This could lead to an adversary being able to modify the control fields of the boot image leading to an incorrect secure boot behavior.
CVE-2019-5461 1 Gitlab 1 Gitlab 2019-10-09 4.0
An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4,...
CVE-2019-5452 1 Nextcloud 1 Nextcloud 2019-10-09 2.1
Bypass lock protection in the Nextcloud Android app prior to version 3.6.2 causes leaking of thumbnails when requesting the Android content provider although the lock protection was not solved.