Vulnerabilities (CVE)

CWE filter

CWE-20

Filter

7462 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-10917 1 Siemens 4 Simatic Pcs 7, Simatic Wincc, Simatic Wincc %28tia Portal%29 and 1 more 2019-08-13 2.1
A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All...
CVE-2019-10916 1 Siemens 4 Simatic Pcs 7, Simatic Wincc, Simatic Wincc %28tia Portal%29 and 1 more 2019-08-13 9.0
A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All...
CVE-2016-10814 1 Cpanel 1 Cpanel 2019-08-13 6.5
cPanel before 57.9999.54 allows demo-mode escape via show_template.stor (SEC-119).
CVE-2017-18401 1 Cpanel 1 Cpanel 2019-08-13 4.0
cPanel before 68.0.15 allows user accounts to be partially created with invalid username formats (SEC-334).
CVE-2019-5686 1 Nvidia 1 Gpu Driver 2019-08-13 4.9
NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software uses an API function or data structure in a way that relies on properties that are...
CVE-2017-18431 1 Cpanel 1 Cpanel 2019-08-13 5.0
cPanel before 66.0.1 does not reliably perform suspend/unsuspend operations on accounts (CPANEL-13941).
CVE-2019-2628 2 Oracle, Canonical 2 Mysql, Ubuntu Linux 2019-08-13 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network...
CVE-2017-18395 1 Cpanel 1 Cpanel 2019-08-13 4.0
cPanel before 68.0.15 does not block a username of ssl (SEC-328).
CVE-2017-18394 1 Cpanel 1 Cpanel 2019-08-13 4.0
cPanel before 68.0.15 does not have a sufficient list of reserved usernames (SEC-327).
CVE-2017-18393 1 Cpanel 1 Cpanel 2019-08-13 4.0
cPanel before 68.0.15 does not block a username of postmaster, which might allow reception of private e-mail (SEC-326).
CVE-2017-18392 1 Cpanel 1 Cpanel 2019-08-13 2.1
cPanel before 68.0.15 allows collisions because PostgreSQL databases can be assigned to multiple accounts (SEC-325).
CVE-2019-14379 1 Fasterxml 1 Jackson-databind 2019-08-13 7.5
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used, leading to remote code execution.
CVE-2019-13173 1 Fstream Project 1 Fstream 2019-08-13 6.4
fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of...
CVE-2017-9793 1 Apache 1 Struts 2019-08-12 5.0
The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.
CVE-2017-9791 1 Apache 1 Struts 2019-08-12 7.5
The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.
CVE-2017-12611 1 Apache 1 Struts 2019-08-12 7.5
In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.
CVE-2016-4438 1 Apache 1 Struts 2019-08-12 7.5
The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression.
CVE-2016-3087 1 Apache 1 Struts 2019-08-12 7.5
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.
CVE-2017-18405 1 Cpanel 1 Cpanel 2019-08-12 2.1
cPanel before 68.0.15 allows arbitrary file-read operations because of the backup .htaccess modification logic (SEC-345).
CVE-2016-10793 1 Cpanel 1 Cpanel 2019-08-12 6.5
cPanel before 59.9999.145 allows arbitrary code execution due to an incorrect #! in Mail::SPF scripts (SEC-152).