National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CVSS Version: 3
There are 44,579 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2019-11392

BlogEngine.NET 3.3.7 and earlier allows XXE via an apml file to syndication.axd.

Published: June 21, 2019; 03:15:10 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2019-10720

BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution via the theme cookie to the File Manager. NOTE: this issue exists because of an incomplete fix for CVE-2019-6714.

Published: June 21, 2019; 03:15:09 PM -04:00
V3: 8.8 HIGH
V2: 6.5 MEDIUM
CVE-2019-10719

BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution because file creation is mishandled, related to /api/upload and BlogEngine.NET/AppCode/Api/UploadController.cs. NOTE: this issue exists because of an incomplete fix for CVE-2019-6714.

Published: June 21, 2019; 03:15:09 PM -04:00
V3: 8.8 HIGH
V2: 6.5 MEDIUM
CVE-2019-10718

BlogEngine.NET 3.3.7.0 and earlier allows XML External Entity Blind Injection, related to pingback.axd and BlogEngine.Core/Web/HttpHandlers/PingbackHandler.cs.

Published: June 21, 2019; 03:15:09 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2019-11011

Akamai CloudTest before 58.30 allows remote code execution.

Published: June 21, 2019; 02:15:09 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-15735

An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains an Arbitrary Write vulnerability due to not validating the output buffer address value from IOCtl 0x8000206F.

Published: June 21, 2019; 11:15:09 AM -04:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2018-15734

An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains an Arbitrary Write vulnerability due to not validating the output buffer address value from IOCtl 0x8000206B.

Published: June 21, 2019; 11:15:09 AM -04:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2018-15733

An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains a NULL Pointer Dereference vulnerability due to not validating the size of the output buffer value from IOCtl 0x80002028.

Published: June 21, 2019; 11:15:09 AM -04:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2018-15732

An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains an Arbitrary Write vulnerability due to not validating the output buffer address value from IOCtl 0x80002063.

Published: June 21, 2019; 11:15:09 AM -04:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2018-15731

An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains a Denial of Service vulnerability due to not validating the output buffer address value from IOCtl 0x8000205B.

Published: June 21, 2019; 11:15:09 AM -04:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2018-15730

An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains a Denial of Service vulnerability due to not validating the output buffer address value from IOCtl 0x80002067.

Published: June 21, 2019; 11:15:09 AM -04:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2018-15729

An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains a Denial of Service vulnerability due to not validating the output buffer address value from IOCtl 0x8000204B.

Published: June 21, 2019; 11:15:09 AM -04:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2018-15665

An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.2.x through 1.4.0. Unauthenticated users can get a list of user accounts.

Published: June 21, 2019; 11:15:09 AM -04:00
V3: 5.3 MEDIUM
V2: 5.0 MEDIUM
CVE-2018-15868

SQL injection vulnerability in ChronoScan version 1.5.4.3 and earlier allows an unauthenticated attacker to execute arbitrary SQL commands via the wcr_machineid cookie.

Published: June 21, 2019; 10:15:10 AM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-15737

An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains a Denial of Service vulnerability due to not validating the output buffer address value from IOCtl 0x80002043.

Published: June 21, 2019; 10:15:10 AM -04:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2018-15736

An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains a Denial of Service vulnerability due to not validating the output buffer address value from IOCtl 0x8000204F.

Published: June 21, 2019; 10:15:10 AM -04:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2018-15913

An issue was discovered in Cloudera Manager 5.x through 5.15.0. One type of page in Cloudera Manager uses a 'returnUrl' parameter to redirect the user to another page in Cloudera Manager once a wizard is completed. The validity of this parameter was not checked. As a result, the user could be automatically redirected to an attacker's external site or perform a malicious JavaScript function that results in cross-site scripting (XSS). This was fixed by not allowing any value in the returnUrl parameter with patterns such as http://, https://, //, or javascript. The only exceptions to this rule are the SAML Login/Logout URLs, which remain supported since they are explicitly configured and they are not passed via the returnUrl parameter.

Published: June 20, 2019; 03:15:09 PM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-15879

The GD Graphics Library (aka libgd) through 2.2.5 has a Double Free Vulnerability in the gdImageBmpPt function.

Published: June 20, 2019; 03:15:09 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-15878

The GD Graphics Library (aka libgd) through 2.2.5 has a Double Free Vulnerability in the gdImageBmpPtr function.

Published: June 20, 2019; 03:15:09 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2019-12745

out/out.UsrMgr.php in SeedDMS before 5.1.11 allows Stored Cross-Site Scripting (XSS) via the name field.

Published: June 20, 2019; 01:15:10 PM -04:00
V3: 5.4 MEDIUM
V2: 3.5 LOW