CVE-2019-18257

In Advantech DiagAnywhere Server, Versions 3.07.11 and prior, multiple stack-based buffer overflow vulnerabilities exist in the file transfer service listening on the TCP port. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code with the privileges of the use...

CVE-2019-18915

A potential security vulnerability has been identified with certain versions of HP System Event Utility prior to version 1.4.33. This vulnerability may allow a local attacker to execute arbitrary code via an HP System Event Utility system service...

CVE-2019-2194

In SurfaceFlinger::createLayer of SurfaceFlinger.cpp, there is a possible arbitrary code execution due to improper casting. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2019-11456

Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code...

CVE-2019-11595

In uBlock before 0.9.5.15, the $rewrite filter option allows filter-list maintainers to run arbitrary code in a client-side session when a web service loads a script for execution using XMLHttpRequest or Fetch, and the script origin has an open redirect...

CVE-2019-11215

In Combodo iTop 2.2.0 through 2.6.0, if the configuration file is writable, then execution of arbitrary code can be accomplished by calling ajax.dataloader with a maliciously crafted payload. Many conditions can place the configuration file into a writable state: during installation; during...

CVE-2019-11071

SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated visitors to execute arbitrary code on the host server because varmemotri is mishandled...

CVE-2019-11552

Code42 Enterprise and Crashplan for Small Business Client version 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 allows eval injection. A proxy auto-configuration file, crafted by a lesser privileged user, may be used to execute arbitrary code at a higher privilege as the service user...

CVE-2019-11509

In Pulse Secure Pulse Connect Secure PCS before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pulse Policy Secure PPS before 5.1R15.1, 5.2 before 5.2R12.1, 5.3 before 5.3R15.1, 5.4 before 5.4R7.1, and 9.0 before 9.0R3.2, an authenticated attacker via the admin web...

CVE-2019-20607

An issue was discovered on Samsung mobile devices with N7.x, O8.x, and P9.0 MSM8996, MSM8998, Exynos7420, Exynos7870, Exynos8890, and Exynos8895 chipsets software. A heap overflow in the keymaster Trustlet allows attackers to write to TEE memory, and achieve arbitrary code execution. The Samsung ...

CVE-2019-20588

An issue was discovered on Samsung mobile devices with O8.x and P9.0 with TEEGRIS software. There is type confusion in the SEM Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14891 August 2019...

CVE-2019-20357

A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 v160 and 2019 v15 consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system...

CVE-2019-20861

An issue was discovered in Mattermost Desktop App before 4.2.2. It allows attackers to execute arbitrary code via a crafted link...

CVE-2019-20586

An issue was discovered on Samsung mobile devices with O8.1 and P9.0 with TEEGRIS software. There is type confusion in the FINGERPRINT Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14864 August 2019...

CVE-2019-20583

An issue was discovered on Samsung mobile devices with O8.x and P9.0 with TEEGRIS software. There is type confusion in the EXTFR Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14847 August 2019...

CVE-2019-20358

Trend Micro Anti-Threat Toolkit ATTK versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution RCE when executed. Another attack vector similar to CVE-2019-9491 was idenitfi...

CVE-2019-20611

An issue was discovered on Samsung mobile devices with N7.x, O8.x, Go8.1, P9.0, and Go9.0 Exynos chipsets software. A baseband stack overflow leads to arbitrary code execution. The Samsung ID is SVE-2019-13963 April 2019...

CVE-2019-20530

An issue was discovered on Samsung mobile devices with N7.1, O8.x, P9.0, and Q10.0 software. Arbitrary code execution is possible on the lock screen. The Samsung ID is SVE-2019-15266 December 2019...

CVE-2019-20893

An issue was discovered in Activision Infinity Ward Call of Duty Modern Warfare 2 through 2019-12-11. PartyHostHandleJoinPartyRequest has a buffer overflow vulnerability and can be exploited by using a crafted joinParty packet. This can be utilized to conduct arbitrary code execution on a victim'...

CVE-2019-20587

An issue was discovered on Samsung mobile devices with O8.1 and P9.0 with TEEGRIS software. There is type confusion in the MLDAP Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14867 August 2019...