National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 126,432 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2019-10206

ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.

Published: November 22, 2019; 08:15:11 AM -05:00
(not available)
CVE-2019-10203

PowerDNS Authoritative daemon , all versions pdns 4.1.x before pdns 4.1.10, exiting when encountering a serial between 2^31 and 2^32-1 while trying to notify a slave leads to DoS.

Published: November 22, 2019; 08:15:11 AM -05:00
(not available)
CVE-2018-10854

cloudforms version, cloudforms 5.8 and cloudforms 5.9, is vulnerable to a cross-site-scripting. A flaw was found in CloudForms's v2v infrastructure mapping delete feature. A stored cross-site scripting due to improper sanitization of user input in Name field.

Published: November 22, 2019; 07:15:11 AM -05:00
(not available)
CVE-2019-13157

nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive.

Published: November 21, 2019; 09:15:11 PM -05:00
(not available)
CVE-2012-2079

A cross-site request forgery (CSRF) vulnerability in the Activity module 6.x-1.x for Drupal.

Published: November 21, 2019; 07:15:11 PM -05:00
(not available)
CVE-2019-19221

In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive.

Published: November 21, 2019; 06:15:13 PM -05:00
(not available)
CVE-2019-18933

In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication (e.g., GitHub or Google SSO) in an organization that also allows password authentication could have their personal API key stolen by an unprivileged attacker, allowing nearly full access to the user's account.

Published: November 21, 2019; 06:15:13 PM -05:00
(not available)
CVE-2019-18889

An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache.

Published: November 21, 2019; 06:15:13 PM -05:00
(not available)
CVE-2019-18888

An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command. This is related to symfony/http-foundation (and symfony/mime in 4.3.x).

Published: November 21, 2019; 06:15:13 PM -05:00
(not available)
CVE-2019-18887

An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel.

Published: November 21, 2019; 06:15:13 PM -05:00
(not available)
CVE-2019-11325

An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.

Published: November 21, 2019; 06:15:13 PM -05:00
(not available)
CVE-2014-5255

xcfa before 5.0.1 creates temporary files insecurely which could allow local users to launch a symlink attack and overwrite arbitrary files. Note: A different vulnerability than CVE-2014-5254.

Published: November 21, 2019; 06:15:12 PM -05:00
(not available)
CVE-2014-5254

xcfa before 5.0.1 creates temporary files insecurely which could allow local users to launch a symlink attack and overwrite arbitrary files.

Published: November 21, 2019; 06:15:11 PM -05:00
(not available)
CVE-2014-2904

wolfssl before 3.2.0 has a server certificate that is not properly authorized for server authentication.

Published: November 21, 2019; 06:15:11 PM -05:00
(not available)
CVE-2014-2902

wolfssl before 3.2.0 does not properly authorize CA certificate for signing other certificates.

Published: November 21, 2019; 06:15:11 PM -05:00
(not available)
CVE-2014-2901

wolfssl before 3.2.0 does not properly issue certificates for a server's hostname.

Published: November 21, 2019; 06:15:11 PM -05:00
(not available)
CVE-2012-2078

Cross-site scripting (XSS) vulnerability in the Activity module 6.x-1.x for Drupal.

Published: November 21, 2019; 06:15:11 PM -05:00
(not available)
CVE-2012-1637

Cross-site scripting vulnerability (XSS) in the Quick Tabs module 6.x-2.x before 6.x-2.1, 6.x-3.x before 6.x-3.1, and 7.x-3.x before 7.x-3.3 for Drupal.

Published: November 21, 2019; 06:15:11 PM -05:00
(not available)
CVE-2019-19207

rConfig 3.9.2 allows devices.php?searchColumn= SQL injection.

Published: November 21, 2019; 05:15:15 PM -05:00
(not available)
CVE-2015-3140

Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies SynaMan before 3.5 Build 1451, Syncrify before 3.7 Build 856, and SynTail before 1.5 Build 567

Published: November 21, 2019; 05:15:15 PM -05:00
(not available)