National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 126,271 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2019-10766

Pixie versions 1.0.x before 1.0.3, and 2.0.x before 2.0.2 allow SQL Injection in the limit() function due to improper sanitization.

Published: November 19, 2019; 03:15:12 PM -05:00
(not available)
CVE-2019-11289

Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthorized malicious user could forge a route service request using an invalid nonce that will cause the Gorouter to crash.

Published: November 19, 2019; 02:15:23 PM -05:00
(not available)
CVE-2011-2922

ktsuss versions 1.4 and prior spawns the GTK interface to run as root. This can allow a local attacker to escalate privileges to root and use the "GTK_MODULES" environment variable to possibly execute arbitrary code.

Published: November 19, 2019; 02:15:14 PM -05:00
(not available)
CVE-2019-18934

Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in the configuration.

Published: November 19, 2019; 01:15:10 PM -05:00
(not available)
CVE-2016-1000236

Node-cookie-signature before 1.0.6 is affected by a timing attack due to the type of comparison used.

Published: November 19, 2019; 12:15:11 PM -05:00
(not available)
CVE-2012-6135

RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process.

Published: November 19, 2019; 12:15:11 PM -05:00
(not available)
CVE-2012-6071

nuSOAP before 0.7.3-5 does not properly check the hostname of a cert.

Published: November 19, 2019; 12:15:11 PM -05:00
(not available)
CVE-2012-6070

Falconpl before 0.9.6.9-git20120606 misuses the libcurl API which may allow remote attackers to interfere with security checks.

Published: November 19, 2019; 12:15:11 PM -05:00
(not available)
CVE-2011-2921

ktsuss versions 1.4 and prior has the uid set to root and does not drop privileges prior to executing user specified commands, which can result in command execution with root privileges.

Published: November 19, 2019; 12:15:10 PM -05:00
(not available)
CVE-2014-5439

sniffit 0.3.7 and prior: A configuration file can be leveraged to execute code as root

Published: November 19, 2019; 11:15:11 AM -05:00
(not available)
CVE-2012-0843

uzbl: Information disclosure via world-readable cookies storage file

Published: November 19, 2019; 11:15:11 AM -05:00
(not available)
CVE-2012-0824

gnusound 0.7.5 has format string issue

Published: November 19, 2019; 11:15:11 AM -05:00
(not available)
CVE-2011-4968

nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)

Published: November 19, 2019; 11:15:11 AM -05:00
(not available)
CVE-2011-4967

tog-Pegasus has a package hash collision DoS vulnerability

Published: November 19, 2019; 11:15:10 AM -05:00
(not available)
CVE-2011-4954

cobbler has local privilege escalation via the use of insecure location for PYTHON_EGG_CACHE

Published: November 19, 2019; 11:15:10 AM -05:00
(not available)
CVE-2011-4952

cobbler: Web interface lacks CSRF protection when using Django framework

Published: November 19, 2019; 11:15:10 AM -05:00
(not available)
CVE-2011-4919

mpack 1.6 has information disclosure via eavesdropping on mails sent by other users

Published: November 19, 2019; 11:15:10 AM -05:00
(not available)
CVE-2016-1000006

hhvm before 3.12.11 has a use-after-free in the serialize_memoize_param() and ResourceBundle::__construct() functions.

Published: November 19, 2019; 10:15:11 AM -05:00
(not available)
CVE-2012-0842

surf: cookie jar has read access from other local user

Published: November 19, 2019; 10:15:10 AM -05:00
(not available)
CVE-2019-16861

Code42 server through 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local server could create or modify a dynamic-link library (DLL). The Code42 service could then load it at runtime, and potentially execute arbitrary code at an elevated privilege on the local server.

Published: November 19, 2019; 08:15:11 AM -05:00
(not available)