National Vulnerability Database

National Vulnerability Database

National Vulnerability

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): NSD
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 56 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity

A exposure of sensitive information vulnerability exists in Jenkins Openstack Cloud Plugin 2.35 and earlier in,,,,,,,,,,,,, that allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins, and to cause Jenkins to submit HTTP requests to attacker-specified URLs.

Published: June 26, 2018; 01:29:00 PM -04:00
(not available)

Directory traversal issues in the D-Mod extractor in DFArc and DFArc2 (as well as in RTsoft's Dink Smallwood HD / ProtonSDK version) before 3.14 allow an attacker to overwrite arbitrary files on the user's system.

Published: June 12, 2018; 04:29:00 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM

The GraceNote GNSDK SDK before SVN Changeset 1.1.7 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.

Published: March 29, 2018; 02:29:00 PM -04:00
V2: 7.5 HIGH

IBM Notes and Domino NSD 8.5 and 9.0 could allow an authenticated local user without administrative privileges to gain System privilege. IBM X-Force ID: 134633.

Published: February 13, 2018; 03:29:00 PM -05:00
V3: 7.8 HIGH
V2: 7.2 HIGH

It was found that rhnsd PID files are created as world-writable that allows local attackers to fill the disks or to kill selected processes.

Published: September 13, 2017; 01:29:00 PM -04:00
V3: 5.5 MEDIUM
V2: 4.9 MEDIUM

dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack.

Published: August 22, 2017; 10:29:00 AM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM

NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data.

Published: February 09, 2017; 10:59:01 AM -05:00
V3: 7.5 HIGH
V2: 7.8 HIGH

The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 mishandles rendering display transformation, which allows remote attackers to execute arbitrary code via a crafted web site that leverages "type confusion."

Published: August 04, 2016; 09:59:19 PM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM

EMC Isilon OneFS 7.1.x and 7.2.x before and 8.0.x before, and IsilonSD Edge OneFS 8.0.x before, does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream, a similar issue to CVE-2016-2115.

Published: May 29, 2016; 09:59:00 PM -04:00
V3: 5.9 MEDIUM
V2: 4.3 MEDIUM

Buffer overflow in the nsDeque::GrowCapacity function in xpcom/glue/nsDeque.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a deque size change.

Published: December 16, 2015; 06:59:19 AM -05:00
V2: 10.0 HIGH

The SRX Network Security Daemon (nsd) in Juniper SRX Series services gateways with Junos 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 allows remote DNS servers to cause a denial of service (crash) via a crafted DNS response.

Published: July 16, 2015; 10:59:09 AM -04:00
V2: 5.0 MEDIUM

Notes System Diagnostic (NSD) in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows local users to obtain the System privilege via unspecified vectors, aka SPR TCHL9SST8V.

Published: April 05, 2015; 08:59:04 PM -04:00
V2: 7.2 HIGH

The Atkins Diet Free Shopping List (aka com.wAtkinsDietFreeShoppingList) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Published: October 21, 2014; 06:55:06 AM -04:00
V2: 5.4 MEDIUM

content/base/src/nsDocument.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not consider whether WebRTC video sharing is occurring, which allows remote attackers to obtain sensitive information from the local camera in certain IFRAME situations by maintaining a session after the user temporarily navigates away.

Published: October 15, 2014; 06:55:07 AM -04:00
V2: 5.0 MEDIUM

Use-after-free vulnerability in the nsDocLoader::OnProgress function in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allows remote attackers to execute arbitrary code via vectors that trigger a FireOnStateChange event.

Published: July 23, 2014; 07:12:43 AM -04:00
V2: 9.3 HIGH

Untrusted search path vulnerability in the ChainsDD Superuser package 3.1.3 for Android 4.2.x and earlier, CyanogenMod/ClockWorkMod/Koush Superuser package for Android 4.2.x and earlier, and Chainfire SuperSU package before 1.69 for Android 4.2.x and earlier allows attackers to load an arbitrary .jar file and gain privileges via a crafted BOOTCLASSPATH environment variable for a /system/xbin/su process. NOTE: another researcher was unable to reproduce this with ChainsDD Superuser.

Published: March 31, 2014; 10:58:57 AM -04:00
V2: 10.0 HIGH

Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving a state-change event during an update of the offline cache.

Published: October 30, 2013; 06:55:04 AM -04:00
V2: 10.0 HIGH

Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.

Published: May 16, 2013; 07:45:30 AM -04:00
V2: 4.3 MEDIUM

Use-after-free vulnerability in the nsDisplayBoxShadowOuter::Paint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

Published: February 19, 2013; 06:55:01 PM -05:00
V2: 10.0 HIGH

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code.

Published: October 10, 2012; 01:55:01 PM -04:00
V2: 6.4 MEDIUM