Total
4759 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-10400 | 2 Jenkins, Redhat | 2 Script Security, Openshift | 2024-11-21 | 4.2 Medium |
| A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of subexpressions in increment and decrement expressions not involving actual assignment allowed attackers to execute arbitrary code in sandboxed scripts. | ||||
| CVE-2019-10399 | 2 Jenkins, Redhat | 2 Script Security, Openshift | 2024-11-21 | 4.2 Medium |
| A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions in increment and decrement expressions allowed attackers to execute arbitrary code in sandboxed scripts. | ||||
| CVE-2019-10394 | 2 Jenkins, Redhat | 2 Script Security, Openshift | 2024-11-21 | 4.2 Medium |
| A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions on the left-hand side of assignment expressions allowed attackers to execute arbitrary code in sandboxed scripts. | ||||
| CVE-2019-10393 | 2 Jenkins, Redhat | 2 Script Security, Openshift | 2024-11-21 | 4.2 Medium |
| A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of method names in method call expressions allowed attackers to execute arbitrary code in sandboxed scripts. | ||||
| CVE-2019-10211 | 2 Microsoft, Postgresql | 2 Windows, Postgresql | 2024-11-21 | 9.8 Critical |
| Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory. | ||||
| CVE-2019-10182 | 2 Icedtea-web Project, Redhat | 7 Icedtea-web, Enterprise Linux, Enterprise Linux Desktop and 4 more | 2024-11-21 | N/A |
| It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context of the user. | ||||
| CVE-2019-10100 | 1 Jetbrains | 1 Youtrack Integration | 2024-11-21 | N/A |
| In JetBrains YouTrack Confluence plugin versions before 1.8.1.3, it was possible to achieve Server Side Template Injection. The attacker could add an Issue macro to the page in Confluence, and use a combination of a valid id field and specially crafted code in the link-text-template field to execute code remotely. | ||||
| CVE-2019-10015 | 1 Baigo | 1 Baigo Sso | 2024-11-21 | N/A |
| baigoStudio baigoSSO v3.0.1 allows remote attackers to execute arbitrary PHP code via the first form field of a configuration screen, because this code is written to the BG_SITE_NAME field in the opt_base.inc.php file. | ||||
| CVE-2019-1010006 | 4 Canonical, Debian, Gnome and 1 more | 4 Ubuntu Linux, Debian Linux, Evince and 1 more | 2024-11-21 | 7.8 High |
| Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_render and tiff_document_get_thumbnail. | ||||
| CVE-2019-0542 | 2 Redhat, Xtermjs | 3 Openshift, Openshift Container Platform, Xterm.js | 2024-11-21 | 8.8 High |
| A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka "Xterm Remote Code Execution Vulnerability." This affects xterm.js. | ||||
| CVE-2019-0355 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 7.2 High |
| SAP NetWeaver Application Server Java Web Container, ENGINEAPI (before versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) and SAP-JEECOR (before versions 6.40, 7.0, 7.01), allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application. | ||||
| CVE-2019-0343 | 1 Sap | 1 Commerce Cloud | 2024-11-21 | N/A |
| SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authenticated Backoffice/HMC user to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application. | ||||
| CVE-2019-0330 | 1 Sap | 1 Diagnostics Agent | 2024-11-21 | 9.1 Critical |
| The OS Command Plugin in the transaction GPA_ADMIN and the OSCommand Console of SAP Diagnostic Agent (LM-Service), version 7.2, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application. | ||||
| CVE-2019-0247 | 1 Sap | 1 Cloud Connector | 2024-11-21 | N/A |
| SAP Cloud Connector, before version 2.11.3, allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application. | ||||
| CVE-2019-0091 | 1 Intel | 2 Converged Security And Management Engine, Trusted Execution Technology | 2024-11-21 | N/A |
| Code injection vulnerability in installer for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2018-9848 | 1 Gxlcms | 1 Gxlcms Qy | 2024-11-21 | N/A |
| In Gxlcms QY v1.0.0713, the upload function in Lib\Lib\Action\Admin\UploadAction.class.php allows remote attackers to execute arbitrary PHP code by first using an Admin-Admin-Configsave request to change the config[upload_class] value from jpg,gif,png,jpeg to jpg,gif,png,jpeg,php and then making an Admin-Upload-Upload request. | ||||
| CVE-2018-9847 | 1 Gxlcms | 1 Gxlcms Qy | 2024-11-21 | N/A |
| In Gxlcms QY v1.0.0713, the update function in Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to execute arbitrary PHP code by placing this code into a template. | ||||
| CVE-2018-9175 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
| DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the egroup parameter to uploads/dede/stepselect_main.php because code within the database is accessible to uploads/dede/sys_cache_up.php. | ||||
| CVE-2018-9174 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
| sys_verifies.php in DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the refiles array parameter, because the contents of modifytmp.inc are under an attacker's control. | ||||
| CVE-2018-9113 | 1 Cdc | 1 Microbetrace | 2024-11-21 | N/A |
| Centers for Disease Control and Prevention MicrobeTRACE 0.1.12 allows remote attackers to execute arbitrary code, related to code injection via a crafted CSV file with an initial '><script type="text/javascript" src=' line. Fix released on 2018-03-29. | ||||