National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 115,345 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2019-11371

BWA (aka Burrow-Wheeler Aligner) 0.7.17 r1198 has a Buffer Overflow via a long prefix that is mishandled in bns_fasta2bntseq and bns_dump at btnseq.c.

Published: April 20, 2019; 02:29:00 PM -04:00
(not available)
CVE-2019-11378

An issue was discovered in ProjectSend r1053. upload-process-form.php allows finished_files[]=../ directory traversal. It is possible for users to read arbitrary files and (potentially) access the supporting database, delete arbitrary files, access user passwords, or run arbitrary code.

Published: April 20, 2019; 11:29:01 AM -04:00
(not available)
CVE-2019-11377

wcms/wex/finder/action.php in WCMS v0.3.2 has a Arbitrary File Upload Vulnerability via developer/finder because .php is a valid extension according to the fm_get_text_exts function.

Published: April 20, 2019; 11:29:00 AM -04:00
(not available)
CVE-2019-11376

** DISPUTED ** SOY CMS v3.0.2 allows remote attackers to execute arbitrary PHP code via a <?php substring in the second text box. NOTE: the vendor indicates that there was an assumption that the content is "made editable on its own."

Published: April 20, 2019; 11:29:00 AM -04:00
(not available)
CVE-2019-11375

Msvod v10 has a CSRF vulnerability to change user information via the admin/member/edit.html URI.

Published: April 20, 2019; 11:29:00 AM -04:00
(not available)
CVE-2019-11374

74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI.

Published: April 20, 2019; 11:29:00 AM -04:00
(not available)
CVE-2019-11373

An out-of-bounds read in File__Analyze::Get_L8 in File__Analyze_Buffer.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash.

Published: April 20, 2019; 11:29:00 AM -04:00
(not available)
CVE-2019-11372

An out-of-bounds read in MediaInfoLib::File__Tags_Helper::Synched_Test in Tag/File__Tags.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash.

Published: April 20, 2019; 11:29:00 AM -04:00
(not available)
CVE-2019-11366

An issue was discovered in atftpd in atftp 0.7.1. It does not lock the thread_list_mutex mutex before assigning the current thread data structure. As a result, the daemon is vulnerable to a denial of service attack due to a NULL pointer dereference. If thread_data is NULL when assigned to current, and modified by another thread before a certain tftpd_list.c check, there is a crash when dereferencing current->next.

Published: April 20, 2019; 09:29:00 AM -04:00
(not available)
CVE-2019-11365

An issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a crafted packet triggering a stack-based buffer overflow due to an insecurely implemented strncpy call. The vulnerability is triggered by sending an error packet of 3 bytes or fewer. There are multiple instances of this vulnerable strncpy pattern within the code base, specifically within tftpd_file.c, tftp_file.c, tftpd_mtftp.c, and tftp_mtftp.c.

Published: April 20, 2019; 09:29:00 AM -04:00
(not available)
CVE-2019-11362

app/controllers/frontend/PostController.php in ROCBOSS V2.2.1 has SQL injection via the Post:doReward score paramter, as demonstrated by the /do/reward/3 URI.

Published: April 20, 2019; 09:29:00 AM -04:00
(not available)
CVE-2019-11359

Cross-site scripting (XSS) vulnerability in display.php in I, Librarian 4.10 allows remote attackers to inject arbitrary web script or HTML via the project parameter.

Published: April 19, 2019; 08:29:00 PM -04:00
(not available)
CVE-2019-11358

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

Published: April 19, 2019; 08:29:00 PM -04:00
(not available)
CVE-2018-20817

SV_SteamAuthClient in various Activision Infinity Ward Call of Duty games before 2015-08-11 is missing a size check when reading authBlob data into a buffer, which allows one to execute code on the remote target machine when sending a steam authentication request. This affects Call of Duty: Modern Warfare 2, Call of Duty: Modern Warfare 3, Call of Duty: Ghosts, Call of Duty: Advanced Warfare, Call of Duty: Black Ops 1, and Call of Duty: Black Ops 2.

Published: April 19, 2019; 07:29:00 PM -04:00
(not available)
CVE-2019-11354

The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler. This can be used to escape the underlying AngularJS sandbox and achieve remote code execution via an origin2://game/launch URL for QtApplication QDesktopServices communication.

Published: April 19, 2019; 06:29:00 PM -04:00
(not available)
CVE-2019-11351

TeamSpeak 3 Client before 3.2.5 allows remote code execution in the Qt framework.

Published: April 19, 2019; 05:29:02 PM -04:00
(not available)
CVE-2019-11350

CloudBees Jenkins Operations Center 2.150.2.3, when an expired trial license exists, allows Cleartext Password Storage and Retrieval via the proxy configuration page.

Published: April 19, 2019; 05:29:02 PM -04:00
(not available)
CVE-2019-2041

In the configuration of NFC modules on certain devices, there is a possible failure to distinguish individual devices due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-8.1 Android-9. Android ID: A-122034690.

Published: April 19, 2019; 04:29:01 PM -04:00
(not available)
CVE-2019-2040

In rw_i93_process_ext_sys_info of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-122316913.

Published: April 19, 2019; 04:29:01 PM -04:00
(not available)
CVE-2019-2039

In rw_i93_sm_detect_ndef of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-121260197.

Published: April 19, 2019; 04:29:01 PM -04:00
(not available)