Vulnerabilities (CVE)

CWE filter

CWE-20

Filter

7789 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-3913 2019-10-09 4.0
Command manipulation in LabKey Server Community Edition before 18.3.0-61806.763 allows an authenticated remote attacker to unmount any drive on the system leading to denial of service.
CVE-2019-3801 1 Cloudfoundry 2 Cf-deployment, Uaa Release 2019-10-09 5.0
Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entry for the dependency, and...
CVE-2019-3794 1 Pivotal Software 1 Cloud Foundry Uaa 2019-10-09 4.3
Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various endpoints. A remote user can perform clickjacking attacks on UAA's frontend sites.
CVE-2019-3737 1 Dell 1 Avamar Data Migration Enabler Web Interface 2019-10-09 5.0
Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected by an LFI vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially crafted request to the Web Interface application.
CVE-2019-3723 1 Dell 1 Emc Openmanage Server Administrator 2019-10-09 6.4
Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain a web parameter tampering vulnerability. A remote unauthenticated attacker could potentially manipulate parameters of web requests to OMSA to...
CVE-2019-3719 1 Dell 1 Supportassist 2019-10-09 7.9
Dell SupportAssist Client versions prior to 3.2.0.90 contain a remote code execution vulnerability. An unauthenticated attacker, sharing the network access layer with the vulnerable system, can compromise the vulnerable system by tricking a...
CVE-2019-3644 1 Mcafee 4 Active Response, Advanced Threat Defense, Enterprise Security Manager and 1 more 2019-10-09 5.0
McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to a denial of service. This affects the scanning proxies.
CVE-2019-3643 1 Mcafee 4 Active Response, Advanced Threat Defense, Enterprise Security Manager and 1 more 2019-10-09 5.0
McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9511, potentially leading to a denial of service. This affects the scanning proxies.
CVE-2019-3639 1 Mcafee 1 Web Gateway 2019-10-09 5.8
Clickjack vulnerability in Adminstrator web console in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 allows remote attackers to conduct clickjacking attacks via a crafted web page that contains an iframe via does not send an X-Frame-Options...
CVE-2019-3581 2019-10-09 5.0
Improper input validation in the proxy component of McAfee Web Gateway 7.8.2.0 and later allows remote attackers to cause a denial of service via a crafted HTTP request parameter.
CVE-2019-3571 2019-10-09 5.0
An input validation issue affected WhatsApp Desktop versions prior to 0.3.3793 which allows malicious clients to send files to users that would be displayed with a wrong extension.
CVE-2019-3564 1 Facebook 1 Thrift 2019-10-09 5.0
Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to...
CVE-2019-3559 1 Facebook 1 Thrift 2019-10-09 5.0
Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to...
CVE-2019-3416 1 Zte 1 Zxv10 B860a Firmware 2019-10-09 10.0
All versions up to V81511329.1008 of ZTE ZXV10 B860A products are impacted by input validation vulnerability. Due to input validation, unauthorized users can take advantage of this vulnerability to control the user terminal system.
CVE-2019-2389 1 Mongodb 1 Mongodb 2019-10-09 3.3
Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue...
CVE-2019-1984 2019-10-09 5.5
A vulnerability in Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) could allow an authenticated, remote attacker with administrator privileges to overwrite files on the underlying operating system (OS) of an...
CVE-2019-1968 1 Cisco 1 Nx-os 2019-10-09 5.0
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. The vulnerability is due to incorrect validation of the HTTP header of a...
CVE-2019-1964 1 Cisco 1 Nx-os 2019-10-09 7.8
A vulnerability in the IPv6 traffic processing of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an unexpected restart of the netstack process on an affected device. The vulnerability is due to improper validation...
CVE-2019-1963 1 Cisco 1 Nx-os 2019-10-09 6.8
A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application on an affected device to restart...
CVE-2019-1962 1 Cisco 1 Nx-os 2019-10-09 7.8
A vulnerability in the Cisco Fabric Services component of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause process crashes, which can result in a denial of service (DoS) condition on an affected system. The...