CWE-19

235 CVEs classified under CWE-19. Browse by severity and year.

Top CVEs for CWE-19
CVESeverityScorePublishedSummary
CVE-2019-13917Critical9.82019-07-25Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can…
CVE-2019-13624Critical9.82019-07-17In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within strings that can be used in a…
CVE-2019-9870Critical9.82019-03-21plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for CKEditor mishandles SCRIPT elements.
CVE-2018-5915Critical9.82019-01-18Exception in Modem IP stack while processing IPv6 packet in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9607, MDM9640, MDM9650…
CVE-2019-6440Critical9.82019-01-16Zemana AntiMalware before 3.0.658 Beta mishandles update logic.
CVE-2017-6920Critical9.82018-08-06Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certai…
CVE-2014-10039Critical9.82018-04-18In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, SD 400, and SD 800, calling qsee_app_entry_return() without…
CVE-2012-5358Critical9.82017-10-30The XSLTCompiledTransform function in Ektron Content Management System (CMS) before 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which…
CVE-2012-5357Critical9.82017-10-30Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote attackers to exec…
CVE-2015-3991Critical9.82017-09-07strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code.
CVE-2016-0761Critical9.82017-05-25Cloud Foundry Garden-Linux versions prior to v0.333.0 and Elastic Runtime 1.6.x version prior to 1.6.17 contain a flaw in managing container files during Docke…
CVE-2014-9693Critical9.82017-04-02Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH226…
CVE-2016-9305Critical9.82017-01-25Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismatches and previously deleted objects related to reading and converting malformed FBX forma…
CVE-2016-2783Critical9.82017-01-23Avaya Fabric Connect Virtual Services Platform (VSP) Operating System Software (VOSS) before 4.2.3.0 and 5.x before 5.0.1.0 does not properly handle VLAN and I…
CVE-2016-7117Critical9.82016-10-10Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code…
CVE-2016-3236Critical9.82016-06-16The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Win…
CVE-2016-2000Critical9.82016-04-05HPE Asset Manager 9.40, 9.41, and 9.50 and Asset Manager CloudSystem Chargeback 9.40 allow remote attackers to execute arbitrary commands via a crafted seriali…
CVE-2016-2231Critical9.82016-02-15The Windows-based Host Interface Program (WHIP) service on Huawei SmartAX MT882 devices V200R002B022 Arg relies on the client to send a length field that is co…
CVE-2015-5344Critical9.82016-02-03The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary commands via a crafted serialize…
CVE-2015-8772Critical9.12016-01-29McPvDrv.sys 4.6.111.0 in McAfee File Lock 5.x in McAfee Total Protection allows local users to obtain sensitive information from kernel memory or cause a denia…