Total
4426 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-7486 | 1 Sonicwall | 2 Sma 100, Sma 100 Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Code injection in SonicWall SMA100 allows an authenticated user to execute arbitrary code in viewcacert CGI script. This vulnerability impacted SMA100 version 9.0.0.4 and earlier. | |||||
| CVE-2019-7177 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| Pexip Infinity before 20.1 allows Code Injection onto nodes via an admin. | |||||
| CVE-2019-6823 | 1 Schneider-electric | 1 Proclima | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A CWE-94: Code Injection vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0. | |||||
| CVE-2019-6816 | 1 Schneider-electric | 2 Modicon Quantum, Modicon Quantum Firmware | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| In Modicon Quantum all firmware versions, a CWE-94: Code Injection vulnerability could cause an unauthorized firmware modification with possible Denial of Service when using Modbus protocol. | |||||
| CVE-2019-6713 | 1 Thinkcmf | 1 Thinkcmf | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| app\admin\controller\RouteController.php in ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code by using vectors involving portal/List/index and list/:id to inject this code into data\conf\route.php, as demonstrated by a file_put_contents call. | |||||
| CVE-2019-5997 | 1 Panasonic | 1 Video Insight Vms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Video Insight VMS versions prior to 7.6.1 allow remote attackers to conduct code injection attacks via unspecified vectors. | |||||
| CVE-2019-5509 | 1 Netapp | 1 Ontap Select Deploy Administration Utility | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ONTAP Select Deploy administration utility versions 2.11.2 through 2.12.2 are susceptible to a code injection vulnerability which when successfully exploited could allow an unauthenticated remote attacker to enable and use a privileged user account. | |||||
| CVE-2019-4038 | 1 Ibm | 1 Security Identity Manager | 2024-11-21 | 4.6 MEDIUM | 6.2 MEDIUM |
| IBM Security Identity Manager 6.0 and 7.0 could allow an attacker to create unexpected control flow paths through the application, potentially bypassing security checks. Exploitation of this weakness can result in a limited form of code injection. IBM X-Force ID: 156162. | |||||
| CVE-2019-4000 | 2 Apple, Druva | 2 Macos, Insync | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Improper neutralization of directives in dynamically evaluated code in Druva inSync Mac OS Client 6.5.0 allows a local, authenticated attacker to execute arbitrary Python expressions with root privileges. | |||||
| CVE-2019-3759 | 1 Dell | 2 Rsa Identity Governance And Lifecycle, Rsa Via Lifecycle And Governance | 2024-11-21 | 5.5 MEDIUM | 6.4 MEDIUM |
| The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a code injection vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to run custom Groovy scripts to gain limited access to view or modify information on the Workflow system. | |||||
| CVE-2019-3695 | 2 Opensuse, Suse | 5 Leap, Pcp, Linux Enterprise High Performance Computing and 2 more | 2024-11-21 | 7.2 HIGH | 8.4 HIGH |
| A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows the user pcp to run code as root by placing it into /var/log/pcp/configs.sh This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server for SAP 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Software Development Kit 12-SP4 pcp versions prior to 3.11.9-6.14.1. SUSE Linux Enterprise Software Development Kit 12-SP5 pcp versions prior to 3.11.9-6.14.1. openSUSE Leap 15.1 pcp versions prior to 4.3.1-lp151.2.3.1. | |||||
| CVE-2019-3665 | 1 Mcafee | 1 Webadvisor | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Code Injection vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to render a website which Web Advisor would normally have blocked via a carefully crafted web site. | |||||
| CVE-2019-3652 | 2 Mcafee, Microsoft | 2 Endpoint Security, Windows | 2024-11-21 | 4.6 MEDIUM | 5.0 MEDIUM |
| Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to get their malicious code installed by the ENS installer via code injection into EPSetup.exe by an attacker with access to the installer. | |||||
| CVE-2019-3575 | 1 Sqla Yaml Fixtures Project | 1 Sqla Yaml Fixtures | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Sqla_yaml_fixtures 0.9.1 allows local users to execute arbitrary python code via the fixture_text argument in sqla_yaml_fixtures.load. | |||||
| CVE-2019-3427 | 1 Zte | 2 Zxcdn Iamweb, Zxcdn Iamweb Firmware | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a code injection vulnerability. An attacker could exploit the vulnerability to inject malicious code into the management page, resulting in users’ information leakage. | |||||
| CVE-2019-20920 | 1 Handlebarsjs | 1 Handlebars | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars templates or in a victim's browser (effectively serving as XSS). | |||||
| CVE-2019-20343 | 1 Mojohaus | 1 Exec Maven | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The MojoHaus Exec Maven plugin 1.1.1 for Maven allows code execution via a crafted XML document because a configuration element (within a plugin element) can specify an arbitrary program in an executable element (and can also specify arbitrary command-line arguments in an arguments element). | |||||
| CVE-2019-20155 | 1 Determine | 1 Contract Lifecycle Management | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in report_edit.jsp in Determine (formerly Selectica) Contract Lifecycle Management (CLM) v5.4. Any authenticated user may execute Groovy code when generating a report, resulting in arbitrary code execution on the underlying server. | |||||
| CVE-2019-1577 | 1 Paloaltonetworks | 1 Traps | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| Code injection vulnerability in Palo Alto Networks Traps 5.0.5 and earlier may allow an authenticated attacker to inject arbitrary JavaScript or HTML. | |||||
| CVE-2019-1194 | 1 Microsoft | 9 Internet Explorer, Windows 10, Windows 7 and 6 more | 2024-11-21 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. | |||||