CWE-19
235 CVEs classified under CWE-19. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-13917 | Critical | 9.8 | 2019-07-25 | Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can… |
CVE-2019-13624 | Critical | 9.8 | 2019-07-17 | In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within strings that can be used in a… |
CVE-2019-9870 | Critical | 9.8 | 2019-03-21 | plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for CKEditor mishandles SCRIPT elements. |
CVE-2018-5915 | Critical | 9.8 | 2019-01-18 | Exception in Modem IP stack while processing IPv6 packet in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9607, MDM9640, MDM9650… |
CVE-2019-6440 | Critical | 9.8 | 2019-01-16 | Zemana AntiMalware before 3.0.658 Beta mishandles update logic. |
CVE-2017-6920 | Critical | 9.8 | 2018-08-06 | Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certai… |
CVE-2014-10039 | Critical | 9.8 | 2018-04-18 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, SD 400, and SD 800, calling qsee_app_entry_return() without… |
CVE-2012-5358 | Critical | 9.8 | 2017-10-30 | The XSLTCompiledTransform function in Ektron Content Management System (CMS) before 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which… |
CVE-2012-5357 | Critical | 9.8 | 2017-10-30 | Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote attackers to exec… |
CVE-2015-3991 | Critical | 9.8 | 2017-09-07 | strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code. |
CVE-2016-0761 | Critical | 9.8 | 2017-05-25 | Cloud Foundry Garden-Linux versions prior to v0.333.0 and Elastic Runtime 1.6.x version prior to 1.6.17 contain a flaw in managing container files during Docke… |
CVE-2014-9693 | Critical | 9.8 | 2017-04-02 | Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH226… |
CVE-2016-9305 | Critical | 9.8 | 2017-01-25 | Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismatches and previously deleted objects related to reading and converting malformed FBX forma… |
CVE-2016-2783 | Critical | 9.8 | 2017-01-23 | Avaya Fabric Connect Virtual Services Platform (VSP) Operating System Software (VOSS) before 4.2.3.0 and 5.x before 5.0.1.0 does not properly handle VLAN and I… |
CVE-2016-7117 | Critical | 9.8 | 2016-10-10 | Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code… |
CVE-2016-3236 | Critical | 9.8 | 2016-06-16 | The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Win… |
CVE-2016-2000 | Critical | 9.8 | 2016-04-05 | HPE Asset Manager 9.40, 9.41, and 9.50 and Asset Manager CloudSystem Chargeback 9.40 allow remote attackers to execute arbitrary commands via a crafted seriali… |
CVE-2016-2231 | Critical | 9.8 | 2016-02-15 | The Windows-based Host Interface Program (WHIP) service on Huawei SmartAX MT882 devices V200R002B022 Arg relies on the client to send a length field that is co… |
CVE-2015-5344 | Critical | 9.8 | 2016-02-03 | The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary commands via a crafted serialize… |
CVE-2015-8772 | Critical | 9.1 | 2016-01-29 | McPvDrv.sys 4.6.111.0 in McAfee File Lock 5.x in McAfee Total Protection allows local users to obtain sensitive information from kernel memory or cause a denia… |