National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 122,992 matching records.
Displaying matches 121 through 140.
Vuln ID Summary CVSS Severity
CVE-2019-3756

RSA Archer, versions prior to 6.6 P3 (6.6.0.3), contain an information disclosure vulnerability. Information relating to the backend database gets disclosed to low-privileged RSA Archer users' UI under certain error conditions.

Published: September 18, 2019; 07:15:11 PM -04:00
V3.1: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2019-3740

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.

Published: September 18, 2019; 07:15:11 PM -04:00
V3.1: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-3739

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys.

Published: September 18, 2019; 07:15:11 PM -04:00
V3.1: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-3738

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.

Published: September 18, 2019; 07:15:11 PM -04:00
V3.1: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-11778

If an MQTT v5 client connects to Eclipse Mosquitto versions 1.6.0 to 1.6.4 inclusive, sets a last will and testament, sets a will delay interval, sets a session expiry interval, and the will delay interval is set longer than the session expiry interval, then a use after free error occurs, which has the potential to cause a crash in some situations.

Published: September 18, 2019; 07:15:10 PM -04:00
V3.1: 5.4 MEDIUM
    V2: 5.5 MEDIUM
CVE-2019-11211

The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an authenticated user to trigger remote code execution in certain circumstances. When the affected component runs with the containerized TERR service on Linux the host can theoretically be tricked into running malicious code. This issue affects: TIBCO Enterprise Runtime for R - Server Edition version 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace 10.4.0; 10.5.0.

Published: September 18, 2019; 07:15:10 PM -04:00
V3.1: 9.9 CRITICAL
    V2: 9.0 HIGH
CVE-2019-11210

The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an unauthenticated user to bypass access controls and remotely execute code using the operating system account hosting the affected component. This issue affects: TIBCO Enterprise Runtime for R - Server Edition versions 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.4.0 and 10.5.0.

Published: September 18, 2019; 07:15:10 PM -04:00
V3.1: 10.0 CRITICAL
    V2: 10.0 HIGH
CVE-2019-5531

VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG) and VMware vCenter Server (6.7 prior to 6.7 U1b, 6.5 prior to 6.5 U2b, and 6.0 prior to 6.0 U3j) contain an information disclosure vulnerability in clients arising from insufficient session expiration. An attacker with physical access or an ability to mimic a websocket connection to a user?s browser may be able to obtain control of a VM Console after the user has logged out or their session has timed out.

Published: September 18, 2019; 06:15:11 PM -04:00
V3.1: 5.4 MEDIUM
    V2: 5.8 MEDIUM
CVE-2019-13558

In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, which may allow remote code execution, data exfiltration, or cause a system crash.

Published: September 18, 2019; 06:15:11 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 9.0 HIGH
CVE-2019-13556

In WebAccess versions 8.4.1 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.

Published: September 18, 2019; 06:15:11 PM -04:00
V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2019-11664

Clear text password in browser in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure.

Published: September 18, 2019; 06:15:11 PM -04:00
V3.1: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2019-11663

Clear text credentials are used to access managers app in Tomcat in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure.

Published: September 18, 2019; 06:15:11 PM -04:00
V3.1: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2019-11662

Class and method names in error message in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited in some special cases to allow information exposure through an error message.

Published: September 18, 2019; 06:15:10 PM -04:00
V3.1: 4.3 MEDIUM
    V2: 4.0 MEDIUM
CVE-2019-11661

Allow changes to some table by non-SysAdmin in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized access and modification of data.

Published: September 18, 2019; 06:15:10 PM -04:00
V3.1: 8.3 HIGH
    V2: 6.5 MEDIUM
CVE-2019-5534

VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability where Virtual Machines deployed from an OVF could expose login information via the virtual machine's vAppConfig properties. A malicious actor with access to query the vAppConfig properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF (typically the root account of the virtual machine).

Published: September 18, 2019; 05:15:13 PM -04:00
V3.1: 7.7 HIGH
    V2: 4.0 MEDIUM
CVE-2019-5532

VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability due to the logging of credentials in plain-text for virtual machines deployed through OVF. A malicious user with access to the log files containing vCenter OVF-properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF (typically the root account of the virtual machine).

Published: September 18, 2019; 05:15:13 PM -04:00
V3.1: 7.7 HIGH
    V2: 4.0 MEDIUM
CVE-2019-5067

An uninitialized memory access vulnerability exists in the way Aspose.PDF 19.2 for C++ handles invalid parent object pointers. A specially crafted PDF can cause a read and write from uninitialized memory, resulting in memory corruption and possibly arbitrary code execution. To trigger this vulnerability, a specifically crafted PDF document needs to be processed by the target application.

Published: September 18, 2019; 05:15:13 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2019-5066

An exploitable use-after-free vulnerability exists in the way LZW-compressed streams are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free condition. To trigger this vulnerability, a specifically crafted PDF document needs to be processed by the target application.

Published: September 18, 2019; 05:15:13 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2019-5042

An exploitable Use-After-Free vulnerability exists in the way FunctionType 0 PDF elements are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free. An attacker can send a malicious PDF to trigger this vulnerability.

Published: September 18, 2019; 05:15:13 PM -04:00
V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2019-15301

A SQL injection vulnerability in the method Terrasoft.Core.DB.Column.Const() in Terrasoft Bpm'online CRM-System SDK 7.13 allows attackers to execute arbitrary SQL commands via the value parameter.

Published: September 18, 2019; 05:15:13 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH