National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): NSD
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 68 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2019-10677

Multiple Cross-Site Scripting (XSS) issues in the web interface on DASAN Zhone ZNID GPON 2426A EU version S3.1.285 devices allow a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameter: /zhndnsdisplay.cmd (name), /wlsecrefresh.wl (wlWscCfgMethod, wl_wsc_reg).

Published: September 05, 2019; 10:15:10 AM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-1010234

The Linux Foundation ONOS 1.15.0 and ealier is affected by: Improper Input Validation. The impact is: The attacker can remotely execute any commands by sending malicious http request to the controller. The component is: Method runJavaCompiler in YangLiveCompilerManager.java. The attack vector is: network connectivity.

Published: July 22, 2019; 11:15:10 AM -04:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2019-1010245

The Linux Foundation ONOS SDN Controller 1.15 and earlier versions is affected by: Improper Input Validation. The impact is: A remote attacker can execute arbitrary commands on the controller. The component is: apps/yang/src/main/java/org/onosproject/yang/impl/YangLiveCompilerManager.java. The attack vector is: network connectivity. The fixed version is: 1.15.

Published: July 19, 2019; 11:15:11 AM -04:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2019-13952

The set_ipv6() function in zscan_rfc1035.rl in gdnsd before 2.4.3 and 3.x before 3.2.1 has a stack-based buffer overflow via a long and malformed IPv6 address in zone data.

Published: July 18, 2019; 01:15:12 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2019-13951

The set_ipv4() function in zscan_rfc1035.rl in gdnsd 3.x before 3.2.1 has a stack-based buffer overflow via a long and malformed IPv4 address in zone data.

Published: July 18, 2019; 01:15:12 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2019-13207

nsd-checkzone in NLnet Labs NSD 4.2.0 has a Stack-based Buffer Overflow in the dname_concatenate() function in dname.c.

Published: July 03, 2019; 04:15:11 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2019-3709

IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while registering vCenter servers. A remote attacker can trick an admin user to potentially exploit this vulnerability to execute malicious HTML or JavaScript code in the context of the admin user.

Published: April 17, 2019; 10:29:03 AM -04:00
V3.0: 9.6 CRITICAL
    V2: 9.3 HIGH
CVE-2019-3708

IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while uploading an OVA file. A remote attacker can trick an admin user to potentially exploit this vulnerability to execute malicious HTML or JavaScript code in the context of the admin user.

Published: April 17, 2019; 10:29:03 AM -04:00
V3.0: 9.6 CRITICAL
    V2: 9.3 HIGH
CVE-2018-1771

IBM Domino 9.0 and 9.0.1 could allow an attacker to execute commands on the system by triggering a buffer overflow in the parsing of command line arguments passed to nsd.exe. IBM X-force ID: 148687.

Published: December 20, 2018; 09:29:00 AM -05:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2018-14663

An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record when adding EDNS Client Subnet, might result in the trailing data being smuggled to the backend as a valid record while not seen by dnsdist. This is an issue when dnsdist is deployed as a DNS Firewall and used to filter some records that should not be received by the backend. This issue occurs only when either the 'useClientSubnet' or the experimental 'addXPF' parameters are used when declaring a new backend.

Published: November 26, 2018; 06:29:00 PM -05:00
V3.0: 5.9 MEDIUM
    V2: 4.3 MEDIUM
CVE-2018-11071

Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 and Dell EMC IsilonSD Edge versions 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 contain a remote process crash vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the isi_drive_d process by sending specially crafted input data to the affected system. This process will then be restarted.

Published: September 18, 2018; 05:29:02 PM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2016-7069

An issue has been found in dnsdist before 1.2.0 in the way EDNS0 OPT records are handled when parsing responses from a backend. When dnsdist is configured to add EDNS Client Subnet to a query, the response may contain an EDNS0 OPT record that has to be removed before forwarding the response to the initial client. On a 32-bit system, the pointer arithmetic used when parsing the received response to remove that record might trigger an undefined behavior leading to a crash.

Published: September 11, 2018; 09:29:00 AM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2018-1000603

A exposure of sensitive information vulnerability exists in Jenkins Openstack Cloud Plugin 2.35 and earlier in BootSource.java, InstancesToRun.java, JCloudsCleanupThread.java, JCloudsCloud.java, JCloudsComputer.java, JCloudsPreCreationThread.java, JCloudsRetentionStrategy.java, JCloudsSlave.java, JCloudsSlaveTemplate.java, LauncherFactory.java, OpenstackCredentials.java, OpenStackMachineStep.java, SlaveOptions.java, SlaveOptionsDescriptor.java that allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins, and to cause Jenkins to submit HTTP requests to attacker-specified URLs.

Published: June 26, 2018; 01:29:00 PM -04:00
V3.0: 8.8 HIGH
    V2: 4.0 MEDIUM
CVE-2018-0496

Directory traversal issues in the D-Mod extractor in DFArc and DFArc2 (as well as in RTsoft's Dink Smallwood HD / ProtonSDK version) before 3.14 allow an attacker to overwrite arbitrary files on the user's system.

Published: June 12, 2018; 04:29:00 PM -04:00
V3.0: 7.5 HIGH
    V2: 6.4 MEDIUM
CVE-2015-2004

The GraceNote GNSDK SDK before SVN Changeset 1.1.7 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.

Published: March 29, 2018; 02:29:00 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2017-1714

IBM Notes and Domino NSD 8.5 and 9.0 could allow an authenticated local user without administrative privileges to gain System privilege. IBM X-Force ID: 134633.

Published: February 13, 2018; 03:29:00 PM -05:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2017-7560

It was found that rhnsd PID files are created as world-writable that allows local attackers to fill the disks or to kill selected processes.

Published: September 13, 2017; 01:29:00 PM -04:00
V3.0: 5.5 MEDIUM
    V2: 4.9 MEDIUM
CVE-2017-7557

dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack.

Published: August 22, 2017; 10:29:00 AM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2016-6173

NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data.

Published: February 09, 2017; 10:59:01 AM -05:00
V3.0: 7.5 HIGH
    V2: 7.8 HIGH
CVE-2016-5263

The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 mishandles rendering display transformation, which allows remote attackers to execute arbitrary code via a crafted web site that leverages "type confusion."

Published: August 04, 2016; 09:59:19 PM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM