National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 115,297 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2019-3719

Dell SupportAssist Client versions prior to 3.2.0.90 contain a remote code execution vulnerability. An unauthenticated attacker, sharing the network access layer with the vulnerable system, can compromise the vulnerable system by tricking a victim user into downloading and executing arbitrary executables.

Published: April 18, 2019; 04:29:01 PM -04:00
(not available)
CVE-2019-3718

Dell SupportAssist Client versions prior to 3.2.0.90 contain an improper origin validation vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to attempt CSRF attacks on users of the impacted systems.

Published: April 18, 2019; 04:29:01 PM -04:00
(not available)
CVE-2019-10893

CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version) and 0.9.8.753 (Pro) is vulnerable to Stored/Persistent XSS for Admin Email fields on the "CWP Settings > "Edit Settings" screen. By changing the email ID to any XSS Payload and clicking on Save Changes, the XSS Payload will execute.

Published: April 18, 2019; 04:29:00 PM -04:00
(not available)
CVE-2019-11084

GAuth 0.9.9 beta has stored XSS that shows a popup repeatedly and discloses cookies.

Published: April 18, 2019; 03:29:02 PM -04:00
(not available)
CVE-2018-20200

CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application.

Published: April 18, 2019; 03:29:01 PM -04:00
(not available)
CVE-2019-9005

The Cprime Power Scripts app before 4.0.14 for Atlassian Jira allows Directory Traversal.

Published: April 18, 2019; 02:29:01 PM -04:00
(not available)
CVE-2019-3885

A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs.

Published: April 18, 2019; 02:29:01 PM -04:00
(not available)
CVE-2019-3398

Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center. All versions of Confluence Server from 2.0.0 before 6.6.13 (the fixed version for 6.6.x), from 6.7.0 before 6.12.4 (the fixed version for 6.12.x), from 6.13.0 before 6.13.4 (the fixed version for 6.13.x), from 6.14.0 before 6.14.3 (the fixed version for 6.14.x), and from 6.15.0 before 6.15.2 are affected by this vulnerability.

Published: April 18, 2019; 02:29:00 PM -04:00
(not available)
CVE-2019-11223

An Unrestricted File Upload Vulnerability in the SupportCandy plugin through 2.0.0 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension.

Published: April 18, 2019; 02:29:00 PM -04:00
(not available)
CVE-2019-11017

On D-Link DI-524 V2.06RU devices, multiple Stored and Reflected XSS vulnerabilities were found in the Web Configuration: /spap.htm, /smap.htm, and /cgi-bin/smap, as demonstrated by the cgi-bin/smap RC parameter.

Published: April 18, 2019; 02:29:00 PM -04:00
(not available)
CVE-2018-17289

An XML external entity (XXE) vulnerability in Kofax Front Office Server Administration Console version 4.1.1.11.0.5212 allows remote authenticated users to read arbitrary files via crafted XML inside an imported package configuration (.ZIP file) within the Kofax/KFS/Admin/PackageService/package/upload file parameter.

Published: April 18, 2019; 02:29:00 PM -04:00
(not available)
CVE-2018-17288

Kofax Front Office Server version 4.1.1.11.0.5212 (both Thin Client and Administration Console) suffers from multiple authenticated stored XSS vulnerabilities via the (1) "Filename" field in /Kofax/KFS/ThinClient/document/upload/ - (Thin Client) or (2) "DeviceName" field in /Kofax/KFS/Admin/DeviceService/device/ - (Administration Console).

Published: April 18, 2019; 02:29:00 PM -04:00
(not available)
CVE-2018-17287

In Kofax Front Office Server Administration Console 4.1.1.11.0.5212, some fields, such as passwords, are obfuscated in the front-end, but the cleartext value can be exfiltrated by using the back-end "download" feature, as demonstrated by an mfp.password downloadsettingvalue operation.

Published: April 18, 2019; 02:29:00 PM -04:00
(not available)
CVE-2018-16878

A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS

Published: April 18, 2019; 02:29:00 PM -04:00
(not available)
CVE-2018-16877

A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.

Published: April 18, 2019; 02:29:00 PM -04:00
(not available)
CVE-2019-8999

An XML External Entity vulnerability in the UEM Core of BlackBerry UEM version(s) earlier than 12.10.1a could allow an attacker to potentially gain read access to files on any system reachable by the UEM service account.

Published: April 18, 2019; 01:29:01 PM -04:00
(not available)
CVE-2019-11322

An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function startRmtAssist in hnap, which leads to remote code execution via shell metacharacters in a JSON value.

Published: April 18, 2019; 01:29:01 PM -04:00
(not available)
CVE-2019-11321

An issue was discovered in Motorola CX2 1.01 and M2 1.01. The router opens TCP port 8010. Users can send hnap requests to this port without authentication to obtain information such as the MAC addresses of connected client devices.

Published: April 18, 2019; 01:29:01 PM -04:00
(not available)
CVE-2019-11320

In Motorola CX2 1.01 and M2 1.01, users can access the router's /priv_mgt.html web page to launch telnetd, as demonstrated by the 192.168.51.1 address.

Published: April 18, 2019; 01:29:01 PM -04:00
(not available)
CVE-2019-11319

An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function downloadFirmware in hnap, which leads to remote code execution via shell metacharacters in a JSON value.

Published: April 18, 2019; 01:29:00 PM -04:00
(not available)