Total
5290 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-10863 | 1 Combodo | 1 Teemip | 2024-11-21 | N/A |
| A command injection vulnerability exists in TeemIp versions before 2.4.0. The new_config parameter of exec.php allows one to create a new PHP file with the exception of config information. The malicious PHP code sent is executed instantaneously and is not saved on the server. | ||||
| CVE-2019-10842 | 1 Getbootstrap | 1 Bootstrap-sass | 2024-11-21 | N/A |
| Arbitrary code execution (via backdoor code) was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the ___cfduid cookie value with base64 arbitrary code to be executed via eval(), which can be leveraged to execute arbitrary code on the target system. Note that there are three underscore characters in the cookie name. This is unrelated to the __cfduid cookie that is legitimately used by Cloudflare. | ||||
| CVE-2019-10769 | 1 Safer-eval Project | 1 Safer-eval | 2024-11-21 | 9.8 Critical |
| safer-eval is a npm package to sandbox the he evaluation of code used within the eval function. Affected versions of this package are vulnerable to Arbitrary Code Execution via generating a RangeError. | ||||
| CVE-2019-10768 | 2 Angularjs, Redhat | 4 Angular.js, Amq Broker, Jboss Fuse and 1 more | 2024-11-21 | 7.5 High |
| In AngularJS before 1.7.9 the function `merge()` could be tricked into adding or modifying properties of `Object.prototype` using a `__proto__` payload. | ||||
| CVE-2019-10684 | 1 74cms | 1 74cms | 2024-11-21 | N/A |
| Application/Admin/Controller/ConfigController.class.php in 74cms v5.0.1 allows remote attackers to execute arbitrary PHP code via the index.php?m=Admin&c=config&a=edit site_domain parameter. | ||||
| CVE-2019-10633 | 1 Zyxel | 2 Nas326, Nas326 Firmware | 2024-11-21 | N/A |
| An eval injection vulnerability in the Python web server routing on the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to execute arbitrary code via the tjp6jp6y4, simZysh, and ck6fup6 APIs. | ||||
| CVE-2019-10431 | 2 Jenkins, Redhat | 2 Script Security, Openshift | 2024-11-21 | 9.9 Critical |
| A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed scripts. | ||||
| CVE-2019-10400 | 2 Jenkins, Redhat | 2 Script Security, Openshift | 2024-11-21 | 4.2 Medium |
| A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of subexpressions in increment and decrement expressions not involving actual assignment allowed attackers to execute arbitrary code in sandboxed scripts. | ||||
| CVE-2019-10399 | 2 Jenkins, Redhat | 2 Script Security, Openshift | 2024-11-21 | 4.2 Medium |
| A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions in increment and decrement expressions allowed attackers to execute arbitrary code in sandboxed scripts. | ||||
| CVE-2019-10394 | 2 Jenkins, Redhat | 2 Script Security, Openshift | 2024-11-21 | 4.2 Medium |
| A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions on the left-hand side of assignment expressions allowed attackers to execute arbitrary code in sandboxed scripts. | ||||
| CVE-2019-10393 | 2 Jenkins, Redhat | 2 Script Security, Openshift | 2024-11-21 | 4.2 Medium |
| A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of method names in method call expressions allowed attackers to execute arbitrary code in sandboxed scripts. | ||||
| CVE-2019-10211 | 2 Microsoft, Postgresql | 2 Windows, Postgresql | 2024-11-21 | 9.8 Critical |
| Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory. | ||||
| CVE-2019-10182 | 2 Icedtea-web Project, Redhat | 7 Icedtea-web, Enterprise Linux, Enterprise Linux Desktop and 4 more | 2024-11-21 | N/A |
| It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context of the user. | ||||
| CVE-2019-10100 | 1 Jetbrains | 1 Youtrack Integration | 2024-11-21 | N/A |
| In JetBrains YouTrack Confluence plugin versions before 1.8.1.3, it was possible to achieve Server Side Template Injection. The attacker could add an Issue macro to the page in Confluence, and use a combination of a valid id field and specially crafted code in the link-text-template field to execute code remotely. | ||||
| CVE-2019-10015 | 1 Baigo | 1 Baigo Sso | 2024-11-21 | N/A |
| baigoStudio baigoSSO v3.0.1 allows remote attackers to execute arbitrary PHP code via the first form field of a configuration screen, because this code is written to the BG_SITE_NAME field in the opt_base.inc.php file. | ||||
| CVE-2019-1010006 | 4 Canonical, Debian, Gnome and 1 more | 4 Ubuntu Linux, Debian Linux, Evince and 1 more | 2024-11-21 | 7.8 High |
| Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_render and tiff_document_get_thumbnail. | ||||
| CVE-2019-0542 | 2 Redhat, Xtermjs | 3 Openshift, Openshift Container Platform, Xterm.js | 2024-11-21 | 8.8 High |
| A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka "Xterm Remote Code Execution Vulnerability." This affects xterm.js. | ||||
| CVE-2019-0355 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 7.2 High |
| SAP NetWeaver Application Server Java Web Container, ENGINEAPI (before versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) and SAP-JEECOR (before versions 6.40, 7.0, 7.01), allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application. | ||||
| CVE-2019-0343 | 1 Sap | 1 Commerce Cloud | 2024-11-21 | N/A |
| SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authenticated Backoffice/HMC user to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application. | ||||
| CVE-2019-0330 | 1 Sap | 1 Diagnostics Agent | 2024-11-21 | 9.1 Critical |
| The OS Command Plugin in the transaction GPA_ADMIN and the OSCommand Console of SAP Diagnostic Agent (LM-Service), version 7.2, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application. | ||||