National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 127,348 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2019-19248

Electronic Arts Origin through 10.5.x allows Elevation of Privilege (issue 2 of 2).

Published: December 12, 2019; 09:15:16 AM -05:00
(not available)
CVE-2019-19247

Electronic Arts Origin through 10.5.x allows Elevation of Privilege (issue 1 of 2).

Published: December 12, 2019; 09:15:16 AM -05:00
(not available)
CVE-2019-19198

The Scoutnet Kalender plugin 1.1.0 for WordPress allows XSS.

Published: December 12, 2019; 09:15:16 AM -05:00
(not available)
CVE-2019-18345

A reflected XSS issue was discovered in DAViCal through 1.1.8. It echoes the action parameter without encoding. If a user visits an attacker-supplied link, the attacker can view all data the attacked user can view, as well as perform all actions in the name of the user. If the user is an administrator, the attacker can for example add a new admin user to gain full access to the application.

Published: December 12, 2019; 09:15:16 AM -05:00
(not available)
CVE-2019-17428

An issue was discovered in Intesync Solismed 3.3sp1. An flaw in the encryption implementation exists, allowing for all encrypted data stored within the database to be decrypted.

Published: December 12, 2019; 09:15:16 AM -05:00
(not available)
CVE-2019-17358

Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP module.

Published: December 12, 2019; 09:15:16 AM -05:00
(not available)
CVE-2019-16246

Intesync Solismed 3.3sp1 allows Local File Inclusion (LFI), a different vulnerability than CVE-2019-15931. This leads to unauthenticated code execution.

Published: December 12, 2019; 09:15:16 AM -05:00
(not available)
CVE-2019-15936

Intesync Solismed 3.3sp allows Insecure File Upload.

Published: December 12, 2019; 09:15:15 AM -05:00
(not available)
CVE-2019-15935

Intesync Solismed 3.3sp has XSS.

Published: December 12, 2019; 09:15:15 AM -05:00
(not available)
CVE-2019-15934

Intesync Solismed 3.3sp has CSRF.

Published: December 12, 2019; 09:15:15 AM -05:00
(not available)
CVE-2019-15933

Intesync Solismed 3.3sp has SQL Injection.

Published: December 12, 2019; 09:15:15 AM -05:00
(not available)
CVE-2019-15932

Intesync Solismed 3.3sp has Incorrect Access Control.

Published: December 12, 2019; 09:15:15 AM -05:00
(not available)
CVE-2019-15931

Intesync Solismed 3.3sp allows Directory Traversal, a different vulnerability than CVE-2019-16246.

Published: December 12, 2019; 09:15:15 AM -05:00
(not available)
CVE-2019-15930

Intesync Solismed 3.3sp allows Clickjacking.

Published: December 12, 2019; 09:15:15 AM -05:00
(not available)
CVE-2019-14849

A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the user session cookie. An attacker could use this to conduct cross site scripting attacks and gain access to unauthorized information.

Published: December 12, 2019; 09:15:15 AM -05:00
(not available)
CVE-2019-13945

A vulnerability has been identified in S7-1200 CPU (All versions). There is an access mode used during manufacturing of S7-1200 CPUs that allows additional diagnostic functionality. The security vulnerability could be exploited by an attacker with physical access to the UART interface during boot process. At the time of advisory publication no public exploitation of this security vulnerability was known.

Published: December 12, 2019; 09:15:15 AM -05:00
(not available)
CVE-2019-13927

A vulnerability has been identified in Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D with Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 (All firmware versions < V6.00.320), Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U with Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 (All firmware versions < V6.00.320), Desigo PX automation controllers PXC22.1-E.D, PXC36-E.D, PXC36.1-E.D with activated web server (All firmware versions < V6.00.320). The device contains a vulnerability that could allow an attacker to cause a denial of service condition on the device's web server by sending a specially crafted HTTP message to the web server port (tcp/80). The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device's web service. While the device itself stays operational, the web server responds with HTTP status code 404 (Not found) to any further request. A reboot is required to recover the web interface. At the time of advisory publication no public exploitation of this security vulnerability was known.

Published: December 12, 2019; 09:15:14 AM -05:00
(not available)
CVE-2019-2338

Crafted image that has a valid signature from a non-QC entity can be loaded which can read/write memory that belongs to the secure world in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, MSM8998, QCS404, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SM6150, SM7150, SM8150, SXR1130, SXR2130

Published: December 12, 2019; 04:15:13 AM -05:00
(not available)
CVE-2019-2337

While Skipping unknown IES, EMM is reading the buffer even if the no of bytes to read are more than message length which may cause device to shutdown in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130

Published: December 12, 2019; 04:15:13 AM -05:00
(not available)
CVE-2019-2321

Incorrect length used while validating the qsee log buffer sent from HLOS which could then lead to remap conflict in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, IPQ4019, IPQ8074, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA8081, QCS404, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SM6150, SM7150, SM8150, Snapdragon_High_Med_2016, SXR1130, SXR2130

Published: December 12, 2019; 04:15:13 AM -05:00
(not available)