National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 116,932 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2019-12315

Samsung SCX-824 printers allow a reflected Cross-Site-Scripting (XSS) vulnerability that can be triggered by using the "print from file" feature, as demonstrated by the sws/swsAlert.sws?popupid=successMsg msg parameter.

Published: May 24, 2019; 12:29:00 PM -04:00
(not available)
CVE-2019-12195

TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name. The attacker must log into the router by breaking the password and going to the admin login page by THC-HYDRA to get the network name. With an XSS payload, the network name changed automatically and the internet connection was disconnected. All the users become disconnected from the internet.

Published: May 24, 2019; 12:29:00 PM -04:00
(not available)
CVE-2019-12155

interface_release_resource in hw/display/qxl.c in QEMU 4.0.0 has a NULL pointer dereference.

Published: May 24, 2019; 12:29:00 PM -04:00
(not available)
CVE-2019-12150

Karamasoft UltimateEditor 1 does not ensure that an uploaded file is an image or document (neither file types nor extensions are restricted). The attacker must use the Attach icon to perform an upload. An uploaded file is accessible under the UltimateEditorInclude/UserFiles/ URI.

Published: May 24, 2019; 12:29:00 PM -04:00
(not available)
CVE-2019-11876

In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/component is affected by Reflected XSS. Exploitation by a malicious actor requires the user to follow the initial stages of the setup (accepting terms and conditions) before executing the malicious link.

Published: May 24, 2019; 12:29:00 PM -04:00
(not available)
CVE-2019-11875

In AutomateAppCore.dll in Blue Prism Robotic Process Automation 6.4.0.8445, a vulnerability in access control can be exploited to escalate privileges. The vulnerability allows for abusing the application for fraud or unauthorized access to certain information. The attack requires a valid user account to connect to the Blue Prism server, but the roles associated to this account are not required to have any permissions. First of all, the application files are modified to grant full permissions on the client side. In a test environment (or his own instance of the software) an attacker is able to grant himself full privileges also on the server side. He can then, for instance, create a process with malicious behavior and export it to disk. With the modified client, it is possible to import the exported file as a release and overwrite any existing process in the database. Eventually, the bots execute the malicious process. The server does not check the user's permissions for the aforementioned actions, such that a modification of the client software enables this kind of attack. Possible scenarios may involve changing bank accounts or setting passwords.

Published: May 24, 2019; 12:29:00 PM -04:00
(not available)
CVE-2019-12314

Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS//etc/passwd URI.

Published: May 24, 2019; 10:29:00 AM -04:00
(not available)
CVE-2019-12313

XSS exists in Shave before 2.5.3 because output encoding is mishandled during the overwrite of an HTML element.

Published: May 24, 2019; 10:29:00 AM -04:00
(not available)
CVE-2019-12312

In Libreswan before 3.28, an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by sending two IKEv2 packets (init_IKE and delete_IKE) in 3des_cbc mode to a Libreswan server. This affects send_v2N_spi_response_from_state in programs/pluto/ikev2_send.c when built with Network Security Services (NSS).

Published: May 24, 2019; 10:29:00 AM -04:00
(not available)
CVE-2019-5804

Incorrect command line processing in Chrome in Google Chrome prior to 73.0.3683.75 allowed a local attacker to perform domain spoofing via a crafted domain name.

Published: May 23, 2019; 04:29:01 PM -04:00
(not available)
CVE-2019-5803

Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.

Published: May 23, 2019; 04:29:01 PM -04:00
(not available)
CVE-2019-5802

Incorrect handling of download origins in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

Published: May 23, 2019; 04:29:01 PM -04:00
(not available)
CVE-2019-5801

Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

Published: May 23, 2019; 04:29:01 PM -04:00
(not available)
CVE-2019-5800

Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.

Published: May 23, 2019; 04:29:01 PM -04:00
(not available)
CVE-2019-5799

Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.

Published: May 23, 2019; 04:29:01 PM -04:00
(not available)
CVE-2019-5798

Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Published: May 23, 2019; 04:29:01 PM -04:00
(not available)
CVE-2019-5796

Data race in extensions guest view in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: May 23, 2019; 04:29:00 PM -04:00
(not available)
CVE-2019-5795

Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file.

Published: May 23, 2019; 04:29:00 PM -04:00
(not available)
CVE-2019-5794

Incorrect handling of cancelled requests in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

Published: May 23, 2019; 04:29:00 PM -04:00
(not available)
CVE-2019-5793

Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to initiate the extensions installation user interface via a crafted HTML page.

Published: May 23, 2019; 04:29:00 PM -04:00
(not available)