National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 125,638 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2019-18848

The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string.

Published: November 12, 2019; 10:15:10 AM -05:00
(not available)
CVE-2012-1109

mwlib 0.13 through 0.13.4 has a denial of service vulnerability when parsing #iferror magic functions

Published: November 12, 2019; 10:15:10 AM -05:00
(not available)
CVE-2011-3618

atop: symlink attack possible due to insecure tempfile handling

Published: November 12, 2019; 10:15:10 AM -05:00
(not available)
CVE-2019-18817

Istio 1.3.x before 1.3.5 allows Denial of Service because continue_on_listener_filters_timeout is set to True, a related issue to CVE-2019-18836.

Published: November 12, 2019; 09:15:11 AM -05:00
(not available)
CVE-2019-18658

In Helm 2.x before 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide an opportunity for a maliciously designed chart to include sensitive content such as /etc/passwd, or to execute a denial of service (DoS) via a special file such as /dev/urandom, via symlinks. No version of Tiller is known to be impacted. This is a client-only issue.

Published: November 12, 2019; 09:15:11 AM -05:00
(not available)
CVE-2018-18819

A vulnerability in the web conference chat component of MiCollab, versions 7.3 PR6 (7.3.0.601) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP2 (8.0.2.202), and MiVoice Business Express versions 7.3 PR3 (7.3.1.302) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP1 (8.0.2.202), could allow creation of unauthorized chat sessions, due to insufficient access controls. A successful exploit could allow execution of arbitrary commands.

Published: November 12, 2019; 09:15:11 AM -05:00
(not available)
CVE-2014-7143

Python Twisted 14.0 trustRoot is not respected in HTTP client

Published: November 12, 2019; 09:15:11 AM -05:00
(not available)
CVE-2014-3599

HornetQ REST is vulnerable to XML External Entity due to insecure configuration of RestEasy

Published: November 12, 2019; 09:15:11 AM -05:00
(not available)
CVE-2011-5271

Pacemaker before 1.1.6 configure script creates temporary files insecurely

Published: November 12, 2019; 09:15:11 AM -05:00
(not available)
CVE-2011-3370

statusnet before 0.9.9 has XSS

Published: November 12, 2019; 09:15:10 AM -05:00
(not available)
CVE-2011-2936

Elgg through 1.7.10 has a SQL injection vulnerability

Published: November 12, 2019; 09:15:10 AM -05:00
(not available)
CVE-2011-2935

Elgg through 1.7.10 has XSS

Published: November 12, 2019; 09:15:10 AM -05:00
(not available)
CVE-2011-2897

gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw

Published: November 12, 2019; 09:15:10 AM -05:00
(not available)
CVE-2019-18882

WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled.

Published: November 11, 2019; 10:15:10 PM -05:00
(not available)
CVE-2019-18881

WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile.

Published: November 11, 2019; 10:15:10 PM -05:00
(not available)
CVE-2019-18874

psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.

Published: November 11, 2019; 09:15:10 PM -05:00
(not available)
CVE-2019-18873

FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. The problem is in admsession.php and admuser.php.

Published: November 11, 2019; 09:15:10 PM -05:00
(not available)
CVE-2019-18862

maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.

Published: November 11, 2019; 11:15:12 AM -05:00
(not available)
CVE-2019-18857

darylldoyle svg-sanitizer before 0.12.0 mishandles script and data values in attributes, as demonstrated by unexpected whitespace such as in the javascript	:alert substring.

Published: November 11, 2019; 10:15:12 AM -05:00
(not available)
CVE-2019-18856

A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled.

Published: November 11, 2019; 10:15:12 AM -05:00
(not available)