National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 126,323 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2019-5541

VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an out-of-bounds write vulnerability in the e1000e virtual network adapter. Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition on their own VM.

Published: November 20, 2019; 11:15:13 AM -05:00
(not available)
CVE-2019-5540

VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an information disclosure vulnerability in vmnetdhcp. Successful exploitation of this issue may allow an attacker on a guest VM to disclose sensitive information by leaking memory from the host process.

Published: November 20, 2019; 11:15:12 AM -05:00
(not available)
CVE-2019-10765

iobroker.admin before 3.6.12 allows attacker to include file contents from outside the `/log/file1/` directory.

Published: November 20, 2019; 11:15:12 AM -05:00
(not available)
CVE-2011-0529

Weborf before 0.12.5 is affected by a Denial of Service (DOS) due to malformed fields in HTTP.

Published: November 20, 2019; 11:15:12 AM -05:00
(not available)
CVE-2010-4660

Unspecified vulnerability in statusnet through 2010 due to the way addslashes are used in SQL string escapes..

Published: November 20, 2019; 11:15:12 AM -05:00
(not available)
CVE-2016-9652

Unspecified vulnerabilities in Google Chrome before 55.0.2883.75.

Published: November 20, 2019; 10:15:11 AM -05:00
(not available)
CVE-2016-5194

Unspecified vulnerabilities in Google Chrome before 54.0.2840.59.

Published: November 20, 2019; 10:15:11 AM -05:00
(not available)
CVE-2013-0195

Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0194.

Published: November 20, 2019; 10:15:11 AM -05:00
(not available)
CVE-2013-0194

Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0195.

Published: November 20, 2019; 10:15:11 AM -05:00
(not available)
CVE-2013-0193

Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0194 and CVE-2013-0195.

Published: November 20, 2019; 10:15:11 AM -05:00
(not available)
CVE-2012-6136

tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes.

Published: November 20, 2019; 10:15:11 AM -05:00
(not available)
CVE-2011-1028

The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file.

Published: November 20, 2019; 10:15:11 AM -05:00
(not available)
CVE-2019-16200

GNU Serveez through 0.2.2 has an Information Leak. An attacker may send an HTTP POST request to the /cgi-bin/reader URI. The attacker must include a Content-length header with a large positive value that, when represented in 32 bit binary, evaluates to a negative number. The problem exists in the http_cgi_write function under http-cgi.c; however, exploitation might show svz_envblock_add in libserveez/passthrough.c as the location of the heap-based buffer over-read.

Published: November 20, 2019; 08:15:11 AM -05:00
(not available)
CVE-2019-15073

An Open Redirect vulnerability for all browsers in MAIL2000 through version 6.0 and 7.0, which will redirect to a malicious site without authentication. This vulnerability affects many mail system of governments, organizations, companies and universities.

Published: November 20, 2019; 12:15:13 AM -05:00
(not available)
CVE-2019-15072

The login feature in "/cgi-bin/portal" in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via any parameter. This vulnerability affects many mail system of governments, organizations, companies and universities.

Published: November 20, 2019; 12:15:12 AM -05:00
(not available)
CVE-2019-15071

The "/cgi-bin/go" page in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via ACTION parameter without authentication. The code can executed for any user accessing the page. This vulnerability affects many mail system of governments, organizations, companies and universities.

Published: November 19, 2019; 11:15:10 PM -05:00
(not available)
CVE-2019-6191

A potential vulnerability in the discontinued LenovoPaper software version 1.0.0.22 may allow local privilege escalation.

Published: November 19, 2019; 09:15:10 PM -05:00
(not available)
CVE-2019-6189

A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an administrative user to load an unsigned DLL.

Published: November 19, 2019; 09:15:10 PM -05:00
(not available)
CVE-2019-6187

A stored CSV Injection vulnerability was reported in Lenovo XClarity Controller (XCC) that could allow an administrative or other appropriately permissioned user to store malformed data in certain XCC server informational fields, that could result in crafted formulas being stored in an exported CSV file. The crafted formula is not executed on XCC itself and has no effect on the server.

Published: November 19, 2019; 09:15:10 PM -05:00
(not available)
CVE-2019-6186

A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an authenticated user to execute code as another user.

Published: November 19, 2019; 09:15:10 PM -05:00
(not available)