National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 126,429 matching records.
Displaying matches 161 through 180.
Vuln ID Summary CVSS Severity
CVE-2011-2922

ktsuss versions 1.4 and prior spawns the GTK interface to run as root. This can allow a local attacker to escalate privileges to root and use the "GTK_MODULES" environment variable to possibly execute arbitrary code.

Published: November 19, 2019; 02:15:14 PM -05:00
V3.1: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2019-18934

Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in the configuration.

Published: November 19, 2019; 01:15:10 PM -05:00
(not available)
CVE-2016-1000236

Node-cookie-signature before 1.0.6 is affected by a timing attack due to the type of comparison used.

Published: November 19, 2019; 12:15:11 PM -05:00
V3.1: 4.4 MEDIUM
    V2: 3.5 LOW
CVE-2012-6135

RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process.

Published: November 19, 2019; 12:15:11 PM -05:00
V3.1: 7.5 HIGH
    V2: 6.4 MEDIUM
CVE-2012-6071

nuSOAP before 0.7.3-5 does not properly check the hostname of a cert.

Published: November 19, 2019; 12:15:11 PM -05:00
(not available)
CVE-2012-6070

Falconpl before 0.9.6.9-git20120606 misuses the libcurl API which may allow remote attackers to interfere with security checks.

Published: November 19, 2019; 12:15:11 PM -05:00
(not available)
CVE-2011-2921

ktsuss versions 1.4 and prior has the uid set to root and does not drop privileges prior to executing user specified commands, which can result in command execution with root privileges.

Published: November 19, 2019; 12:15:10 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2014-5439

sniffit 0.3.7 and prior: A configuration file can be leveraged to execute code as root

Published: November 19, 2019; 11:15:11 AM -05:00
(not available)
CVE-2012-0843

uzbl: Information disclosure via world-readable cookies storage file

Published: November 19, 2019; 11:15:11 AM -05:00
(not available)
CVE-2012-0824

gnusound 0.7.5 has format string issue

Published: November 19, 2019; 11:15:11 AM -05:00
(not available)
CVE-2011-4968

nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)

Published: November 19, 2019; 11:15:11 AM -05:00
(not available)
CVE-2011-4967

tog-Pegasus has a package hash collision DoS vulnerability

Published: November 19, 2019; 11:15:10 AM -05:00
(not available)
CVE-2011-4954

cobbler has local privilege escalation via the use of insecure location for PYTHON_EGG_CACHE

Published: November 19, 2019; 11:15:10 AM -05:00
V3.1: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2011-4952

cobbler: Web interface lacks CSRF protection when using Django framework

Published: November 19, 2019; 11:15:10 AM -05:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2011-4919

mpack 1.6 has information disclosure via eavesdropping on mails sent by other users

Published: November 19, 2019; 11:15:10 AM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2016-1000006

hhvm before 3.12.11 has a use-after-free in the serialize_memoize_param() and ResourceBundle::__construct() functions.

Published: November 19, 2019; 10:15:11 AM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2012-0842

surf: cookie jar has read access from other local user

Published: November 19, 2019; 10:15:10 AM -05:00
V3.1: 5.5 MEDIUM
    V2: 2.1 LOW
CVE-2019-16861

Code42 server through 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local server could create or modify a dynamic-link library (DLL). The Code42 service could then load it at runtime, and potentially execute arbitrary code at an elevated privilege on the local server.

Published: November 19, 2019; 08:15:11 AM -05:00
V3.1: 7.3 HIGH
    V2: 6.9 MEDIUM
CVE-2019-16860

Code42 app through version 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local machine could create or modify a dynamic-link library (DLL). The Code42 service could then load it at runtime, and potentially execute arbitrary code at an elevated privilege on the local machine.

Published: November 19, 2019; 08:15:11 AM -05:00
V3.1: 7.3 HIGH
    V2: 6.9 MEDIUM
CVE-2019-12422

Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack.

Published: November 18, 2019; 06:15:11 PM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM