Total
4798 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-9163 | 1 Marchnetworks | 1 Command Client | 2024-11-21 | 9.8 Critical |
| The connection initiation process in March Networks Command Client before 2.7.2 allows remote attackers to execute arbitrary code via crafted XAML objects. | ||||
| CVE-2019-9140 | 1 Happypointcard | 1 Happypoint | 2024-11-21 | 8.1 High |
| When processing Deeplink scheme, Happypoint mobile app 6.3.19 and earlier versions doesn't check Deeplink URL correctly. This could lead to javascript code execution, url redirection, sensitive information disclosure. An attacker can exploit this issue by enticing an unsuspecting user to open a specific malicious URL. | ||||
| CVE-2019-9115 | 1 Irisnet | 1 Irisnet-crypto | 2024-11-21 | N/A |
| In irisnet-crypto before 1.1.7 for IRISnet, the util/utils.js file allows code execution because of unsafe eval usage. | ||||
| CVE-2019-8563 | 2 Apple, Redhat | 7 Icloud, Iphone Os, Itunes and 4 more | 2024-11-21 | 8.8 High |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2019-8559 | 2 Apple, Redhat | 7 Icloud, Iphone Os, Itunes and 4 more | 2024-11-21 | 8.8 High |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2019-8558 | 2 Apple, Redhat | 7 Icloud, Iphone Os, Itunes and 4 more | 2024-11-21 | 8.8 High |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2019-8544 | 2 Apple, Redhat | 10 Icloud, Iphone Os, Itunes and 7 more | 2024-11-21 | 8.8 High |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2019-8536 | 2 Apple, Redhat | 10 Icloud, Iphone Os, Itunes and 7 more | 2024-11-21 | 8.8 High |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2019-8535 | 2 Apple, Redhat | 9 Icloud, Iphone Os, Itunes and 6 more | 2024-11-21 | 8.8 High |
| A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2019-8524 | 2 Apple, Redhat | 6 Icloud, Iphone Os, Itunes and 3 more | 2024-11-21 | 8.8 High |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2019-8523 | 2 Apple, Redhat | 6 Icloud, Iphone Os, Itunes and 3 more | 2024-11-21 | 8.8 High |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2019-8518 | 2 Apple, Redhat | 7 Icloud, Iphone Os, Itunes and 4 more | 2024-11-21 | 8.8 High |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2019-8503 | 2 Apple, Redhat | 6 Icloud, Iphone Os, Itunes and 3 more | 2024-11-21 | 8.8 High |
| A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. A malicious website may be able to execute scripts in the context of another website. | ||||
| CVE-2019-8341 | 2 Opensuse, Pocoo | 2 Leap, Jinja2 | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing | ||||
| CVE-2019-8324 | 4 Debian, Opensuse, Redhat and 1 more | 9 Debian Linux, Leap, Cloudforms Managementengine and 6 more | 2024-11-21 | 8.8 High |
| An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check. | ||||
| CVE-2019-7871 | 1 Magento | 1 Magento | 2024-11-21 | N/A |
| A security bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 that could be abused to execute arbitrary PHP code. An authenticated user can bypass security protections that prevent arbitrary PHP script upload via form data injection. | ||||
| CVE-2019-7720 | 1 Taogogo | 1 Taocms | 2024-11-21 | N/A |
| taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request. | ||||
| CVE-2019-7719 | 1 Nibbleblog | 1 Nibbleblog | 2024-11-21 | N/A |
| Nibbleblog 4.0.5 allows eval injection by placing PHP code in the install.php username parameter and then making a content/private/shadow.php request. | ||||
| CVE-2019-7692 | 1 Cim Project | 1 Cim | 2024-11-21 | N/A |
| install/install.php in CIM 0.9.3 allows remote attackers to execute arbitrary PHP code via a crafted prefix value because of configuration file mishandling in the N=83 case, as demonstrated by a call to the PHP fputs function that creates a .php file in the public folder. | ||||
| CVE-2019-7610 | 2 Elastic, Redhat | 2 Kibana, Openshift | 2024-11-21 | N/A |
| Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. | ||||