Total
3574 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-0330 | 1 Sap | 1 Diagnostics Agent | 2024-02-04 | 6.5 MEDIUM | 9.1 CRITICAL |
| The OS Command Plugin in the transaction GPA_ADMIN and the OSCommand Console of SAP Diagnostic Agent (LM-Service), version 7.2, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application. | |||||
| CVE-2019-6816 | 1 Schneider-electric | 2 Modicon Quantum, Modicon Quantum Firmware | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| In Modicon Quantum all firmware versions, a CWE-94: Code Injection vulnerability could cause an unauthorized firmware modification with possible Denial of Service when using Modbus protocol. | |||||
| CVE-2018-21005 | 1 Bbpress Move Topics Project | 1 Bbpress Move Topics | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| The bbp-move-topics plugin before 1.1.6 for WordPress has code injection. | |||||
| CVE-2019-0728 | 1 Microsoft | 1 Visual Studio Code | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project, aka 'Visual Studio Code Remote Code Execution Vulnerability'. | |||||
| CVE-2019-9651 | 1 Sdcms | 1 Sdcms | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in SDCMS V1.7. In the \app\admin\controller\themecontroller.php file, the check_bad() function's filtering is not strict, resulting in PHP code execution. This occurs because some dangerous PHP functions (such as "eval") are blocked but others (such as "system") are not, and because ".php" is blocked but ".PHP" is not blocked. | |||||
| CVE-2019-13558 | 1 Advantech | 1 Webaccess | 2024-02-04 | 9.0 HIGH | 9.8 CRITICAL |
| In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, which may allow remote code execution, data exfiltration, or cause a system crash. | |||||
| CVE-2019-15224 | 1 Rest-client Project | 1 Rest-client | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| The rest-client gem 1.6.10 through 1.6.13 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions <=1.6.9 and >=1.6.14 are unaffected. | |||||
| CVE-2019-11593 | 1 Adblockplus | 1 Adblock Plus | 2024-02-04 | 6.8 MEDIUM | 8.1 HIGH |
| In Adblock Plus before 3.5.2, the $rewrite filter option allows filter-list maintainers to run arbitrary code in a client-side session when a web service loads a script for execution using XMLHttpRequest or Fetch, and the script origin has an open redirect. | |||||
| CVE-2019-0343 | 1 Sap | 1 Commerce Cloud | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authenticated Backoffice/HMC user to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application. | |||||
| CVE-2019-11594 | 1 Getadblock | 1 Adblock | 2024-02-04 | 6.8 MEDIUM | 8.1 HIGH |
| In AdBlock before 3.45.0, the $rewrite filter option allows filter-list maintainers to run arbitrary code in a client-side session when a web service loads a script for execution using XMLHttpRequest or Fetch, and the script origin has an open redirect. | |||||
| CVE-2019-8324 | 4 Debian, Opensuse, Redhat and 1 more | 4 Debian Linux, Leap, Enterprise Linux and 1 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check. | |||||
| CVE-2019-9891 | 1 Tldp | 1 Advanced Bash-scripting Guide | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| The function getopt_simple as described in Advanced Bash Scripting Guide (ISBN 978-1435752184) allows privilege escalation and execution of commands when used in a shell script called, for example, via sudo. | |||||
| CVE-2019-11552 | 1 Code42 | 2 Code42 For Enterprise, Crashplan For Small Business | 2024-02-04 | 4.4 MEDIUM | 7.0 HIGH |
| Code42 Enterprise and Crashplan for Small Business Client version 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 allows eval injection. A proxy auto-configuration file, crafted by a lesser privileged user, may be used to execute arbitrary code at a higher privilege as the service user. | |||||
| CVE-2019-10100 | 1 Jetbrains | 1 Youtrack Integration | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| In JetBrains YouTrack Confluence plugin versions before 1.8.1.3, it was possible to achieve Server Side Template Injection. The attacker could add an Issue macro to the page in Confluence, and use a combination of a valid id field and specially crafted code in the link-text-template field to execute code remotely. | |||||
| CVE-2019-0355 | 1 Sap | 1 Netweaver Application Server Java | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
| SAP NetWeaver Application Server Java Web Container, ENGINEAPI (before versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) and SAP-JEECOR (before versions 6.40, 7.0, 7.01), allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application. | |||||
| CVE-2019-13956 | 1 Codersclub | 1 Discuz\!ml | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Discuz!ML 3.2 through 3.4 allows remote attackers to execute arbitrary PHP code via a modified language cookie, as demonstrated by changing 4gH4_0df5_language=en to 4gH4_0df5_language=en'.phpinfo().'; (if the random prefix 4gH4_0df5_ were used). | |||||
| CVE-2017-18108 | 1 Atlassian | 1 Crowd | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
| The administration SMTP configuration resource in Atlassian Crowd before version 2.10.2 allows remote attackers with administration rights to execute arbitrary code via a JNDI injection. | |||||
| CVE-2019-15873 | 1 Metagauss | 1 Profilegrid | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pm_template_preview&html=<?php substring followed by PHP code. | |||||
| CVE-2019-7871 | 1 Magento | 1 Magento | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| A security bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 that could be abused to execute arbitrary PHP code. An authenticated user can bypass security protections that prevent arbitrary PHP script upload via form data injection. | |||||
| CVE-2019-3493 | 1 Microfocus | 2 Network Automation, Network Operations Management | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| A potential security vulnerability has been identified in Micro Focus Network Automation Software 9.20, 9.21, 10.00, 10.10, 10.20, 10.30, 10.40, 10.50, 2018.05, 2018.08, 2018.11, and Micro Focus Network Operations Management (NOM) all versions. The vulnerability could be remotely exploited to Remote Code Execution. | |||||