National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 124,850 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2019-18359

A buffer over-read was discovered in ReadMP3APETag in apetag.c in MP3Gain 1.6.2. The vulnerability causes an application crash, which leads to remote denial of service.

Published: October 23, 2019; 04:15:14 PM -04:00
(not available)
CVE-2019-12415

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.

Published: October 23, 2019; 04:15:12 PM -04:00
(not available)
CVE-2019-9597

Darktrace Enterprise Immune System before 3.1 allows CSRF via the /config endpoint.

Published: October 23, 2019; 03:15:12 PM -04:00
(not available)
CVE-2019-9596

Darktrace Enterprise Immune System before 3.1 allows CSRF via the /whitelisteddomains endpoint.

Published: October 23, 2019; 03:15:12 PM -04:00
(not available)
CVE-2019-6144

This vulnerability allows a normal (non-admin) user to disable the Forcepoint One Endpoint (versions 19.04 through 19.08) and bypass DLP and Web protection.

Published: October 23, 2019; 03:15:12 PM -04:00
(not available)
CVE-2019-3982

Nessus versions 8.6.0 and earlier were found to contain a Denial of Service vulnerability due to improper validation of specific imported scan types. An authenticated, remote attacker could potentially exploit this vulnerability to cause a Nessus scanner to become temporarily unresponsive.

Published: October 23, 2019; 03:15:12 PM -04:00
(not available)
CVE-2019-18357

An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 2 of 2).

Published: October 23, 2019; 03:15:11 PM -04:00
(not available)
CVE-2019-18356

An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 1 of 2).

Published: October 23, 2019; 03:15:11 PM -04:00
(not available)
CVE-2019-18355

An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7.

Published: October 23, 2019; 03:15:11 PM -04:00
(not available)
CVE-2019-18350

In Ant Design Pro 4.0.0, reflected XSS in the user/login redirect GET parameter affects the authorization component, leading to execution of JavaScript code in the login after-action script.

Published: October 23, 2019; 02:15:11 PM -04:00
(not available)
CVE-2014-2304

A vulnerability in version 0.90 of the Open Floodlight SDN controller software could result in a denial of service attack and crashing of the controller service. This effect is the result of a flaw in OpenFlow protocol processing, where specific malformed and mistimed FEATURES_REPLY messages cause the controller service to not delete switch and port data from its internal tracking structures.

Published: October 23, 2019; 02:15:11 PM -04:00
(not available)
CVE-2002-2439

Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts.

Published: October 23, 2019; 02:15:11 PM -04:00
(not available)
CVE-2019-18348

An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.)

Published: October 23, 2019; 01:15:12 PM -04:00
(not available)
CVE-2019-17606

The Post editor functionality in the hexo-admin plugin versions 2.3.0 and earlier for Node.js is vulnerable to stored XSS via the content of a post.

Published: October 23, 2019; 01:15:12 PM -04:00
(not available)
CVE-2019-17093

An issue was discovered in Avast antivirus before 19.8 and AVG antivirus before 19.8. A DLL Preloading vulnerability allows an attacker to implant %WINDIR%\system32\wbemcomn.dll, which is loaded into a protected-light process (PPL) and might bypass some of the self-defense mechanisms. This affects all components that use WMI, e.g., AVGSvc.exe 19.6.4546.0 and TuneupSmartScan.dll 19.1.884.0.

Published: October 23, 2019; 01:15:12 PM -04:00
(not available)
CVE-2019-16977

In FusionPBX up to 4.5.7, the file app\extensions\extension_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS.

Published: October 23, 2019; 01:15:12 PM -04:00
(not available)
CVE-2015-9524

The Easy Digital Downloads (EDD) Recount Earnings extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.

Published: October 23, 2019; 01:15:12 PM -04:00
(not available)
CVE-2015-9523

The Easy Digital Downloads (EDD) Recommended Products extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.

Published: October 23, 2019; 01:15:12 PM -04:00
(not available)
CVE-2015-9522

The Easy Digital Downloads (EDD) QR Code extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.

Published: October 23, 2019; 01:15:12 PM -04:00
(not available)
CVE-2015-9521

The Easy Digital Downloads (EDD) Pushover Notifications extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.

Published: October 23, 2019; 01:15:12 PM -04:00
(not available)