CWE-749
Low likelihoodExposed Dangerous Method or Function
The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.
167 vulnerabilities with CWE-749
CVE-2019-13945
MEDIUM
SIMATIC S7-1200 and S7-200 SMART CPU Families - Unauthenticated Exposed Dangerous Method via UART Interface
CVSS 6.8
CVE-2019-12948
HIGH
Polycom Unified Communications Software < 5.8.5.1256 / < 5.9.0 - RCE or DoS
CVSS 8.3
CVE-2019-4386
MEDIUM
IBM DB2 11.1.3-11.1.3.2 - Authenticated Denial of Service via Exposed Function
CVSS 6.5
CVE-2019-10918
HIGH
SIMATIC PCS 7 <8.0, <8.1 with WinCC <7.3 Upd19, <8.2 with WinCC <7....
CVSS 8.8
CVE-2019-5015
HIGH
Pixar Renderman <22.3.0 - Privilege Escalation
CVSS 7.8
CVE-2018-19322
HIGH
KEV
GIGABYTE APP Center <1.05.21 - Privilege Escalation
CVSS 7.8
CVE-2018-10931
CRITICAL
Cobbler 2.6.x - Privilege Escalation
CVSS 9.8
CVE-2018-8868
MEDIUM
Medtronic MyCareLink Monitor - Info Disclosure
CVSS 6.2
CVE-2018-8949
MEDIUM
MISP <2.4.89 - Privilege Escalation
CVSS 4.3
CVE-2017-2735
HIGH
TIT-AL00 <TIT-AL00C583B214 - Privilege Escalation
CVSS 7.1
CVE-2016-9469
HIGH
GitLab 8.12.0-8.14.2 - Authenticated Issue and Merge Request Deletion
CVSS 8.2
CVE-2016-7462
HIGH
VMware vROps <6.4.0 - Deserialization
CVSS 8.5
CVE-2014-5415
CRITICAL
Beckhoff Embedded PC <2014-10-22 - RCE
CVSS 9.1
CVE-2014-0758
ICONICS GENESIS32 8.0 8.02 8.04 8.05 - Remote Code Execution via GenLaunch.htm ActiveX Control
CVE-2010-1428
HIGH
KEV
Red Hat JBoss EAP/JBEAP <4.2.0.CP09-4.3.0.CP08 - Info Disclosure
CVSS 7.5
CVE-2010-0738
MEDIUM
KEV
JBoss JMX Console Deployer Upload and Execute
CVSS 5.3
CVE-2006-1547
HIGH
KEV
Apache Struts < 1.2.9 - Denial of Service via Multipart Form Parameter Manipulation
CVSS 7.5
Details
Vulnerabilities
167
Exploit Likelihood
Low