National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 125,760 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2019-3648

A Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0.R22 and earlier allows administrators to execute arbitrary code via carefully placing malicious files in specific locations protected by administrator permission.

Published: November 13, 2019; 04:15:10 AM -05:00
(not available)
CVE-2019-5246

Smartphones with software of ELLE-AL00B 9.1.0.109(C00E106R1P21), 9.1.0.113(C00E110R1P21), 9.1.0.125(C00E120R1P21), 9.1.0.135(C00E130R1P21), 9.1.0.153(C00E150R1P21), 9.1.0.155(C00E150R1P21), 9.1.0.162(C00E160R2P1) have an insufficient verification vulnerability. The system does not verify certain parameters sufficiently, an attacker should connect to the phone and gain high privilege to launch the attack. Successful exploit could cause DOS or malicious code execution.

Published: November 12, 2019; 07:15:11 PM -05:00
(not available)
CVE-2019-5233

Huawei smartphones with versions earlier than Taurus-AL00B 10.0.0.41(SP2C00E41R3P2) have an improper authentication vulnerability. Successful exploitation may cause the attacker to access specific components.

Published: November 12, 2019; 07:15:11 PM -05:00
(not available)
CVE-2019-5231

P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.186(C00E180R2P1) have an improper authorization vulnerability. The software incorrectly performs an authorization check when a user attempts to perform certain action. Successful exploit could allow the attacker to update a crafted package.

Published: November 12, 2019; 07:15:11 PM -05:00
(not available)
CVE-2019-5230

P20 Pro, P20, Mate RS smartphones with versions earlier than Charlotte-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than Emily-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than NEO-AL00D NEO-AL00 9.1.0.321(C786E320R1P1T8) have an improper validation vulnerability. The system does not perform a properly validation of certain input models, an attacker could trick the user to install a malicious application then craft a malformed model, successful exploit could allow the attacker to get and tamper certain output data information.

Published: November 12, 2019; 07:15:11 PM -05:00
(not available)
CVE-2019-5229

P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an insufficient verification vulnerability. The system does not verify certain parameters sufficiently, an attacker should connect to the phone and gain high privilege to launch the attack, successful exploit could cause malicious code execution.

Published: November 12, 2019; 06:15:10 PM -05:00
(not available)
CVE-2019-5228

Certain detection module of P30, P30 Pro, Honor V20 smartphone whith Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12), Versions earlier than Princeton-AL10B 9.1.0.233(C00E233R4P3) have a race condition vulnerability. The system does not lock certain function properly, when the function is called by multiple processes could cause out of bound write. An attacker tricks the user into installing a malicious application, successful exploit could cause malicious code execution.

Published: November 12, 2019; 06:15:10 PM -05:00
(not available)
CVE-2019-5213

Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8) have an insufficient authentication vulnerability. The system has a logic judge error under certain scenario. Successful exploit could allow the attacker to modify the alarm clock settings after a serious of uncommon operations without unlock the screen lock.

Published: November 12, 2019; 06:15:10 PM -05:00
(not available)
CVE-2010-4177

mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+openSUSE-2.3 exposes the password of a user connected to the MySQL server in clear text form via the list of running processes.

Published: November 12, 2019; 06:15:10 PM -05:00
(not available)
CVE-2010-3857

JBoss BRMS before 5.1.0 has a XSS vulnerability via asset=UUID parameter.

Published: November 12, 2019; 06:15:09 PM -05:00
(not available)
CVE-2017-17224

Some Huawei smart phones with versions earlier than Harry-AL00C 9.1.0.206(C00E205R3P1) have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone abnormal.

Published: November 12, 2019; 05:15:10 PM -05:00
(not available)
CVE-2011-1803

An issue exists in third_party/WebKit/Source/WebCore/svg/animation/SVGSMILElement.h in WebKit in Google Chrome before Blink M11 and M12 when trying to access a removed smil element.

Published: November 12, 2019; 05:15:10 PM -05:00
(not available)
CVE-2011-1802

WebKit in Google Chrome before Blink M11 and M12 does not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption).

Published: November 12, 2019; 05:15:10 PM -05:00
(not available)
CVE-2010-3844

An unchecked sscanf() call in ettercap 0.7.3 allows an insecure temporary settings file to overflow a static-sized buffer on the stack.

Published: November 12, 2019; 05:15:10 PM -05:00
(not available)
CVE-2010-3440

babiloo 2.0.9 before 2.0.11 creates temporary files with predictable names when downloading and unpacking dictionary files, allowing a local attacker to overwrite arbitrary files.

Published: November 12, 2019; 05:15:10 PM -05:00
(not available)
CVE-2010-3305

Cross-site request forgery (CSRF) vulnerability in pixelpost 1.7.3 could allow remote attackers to change the admin password.

Published: November 12, 2019; 05:15:10 PM -05:00
(not available)
CVE-2019-6188

The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T460p, BIOS versions up to R07ET90W, and T470p, BIOS versions up to R0FET50W, which may allow for unauthorized access.

Published: November 12, 2019; 04:15:12 PM -05:00
(not available)
CVE-2019-6172

A potential vulnerability in the SMI callback function in some Lenovo ThinkPad models may allow arbitrary code execution

Published: November 12, 2019; 04:15:12 PM -05:00
(not available)
CVE-2019-6170

A potential vulnerability in some Lenovo ThinkPads may allow an attacker to execute arbitrary code under SMM under certain circumstances.

Published: November 12, 2019; 04:15:12 PM -05:00
(not available)
CVE-2019-5695

NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution.

Published: November 12, 2019; 04:15:12 PM -05:00
(not available)