National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 125,880 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2019-18957

Microstrategy Library in MicroStrategy before 2019 before 11.1.3 has reflected XSS.

Published: November 14, 2019; 09:15:11 AM -05:00
(not available)
CVE-2019-18895

Scanguard through 2019-11-12 on Windows has Insecure Permissions for the installation directory, leading to privilege escalation via a Trojan horse executable file.

Published: November 14, 2019; 09:15:11 AM -05:00
(not available)
CVE-2019-18885

fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verify_dev_extents NULL pointer dereference via a crafted btrfs image because fs_devices->devices is mishandled within find_device, aka CID-09ba3bc9dd15.

Published: November 14, 2019; 09:15:11 AM -05:00
(not available)
CVE-2019-18949

SnowHaze before 2.6.6 is sometimes too late to honor a per-site JavaScript blocking setting, which leads to unintended JavaScript execution via a chain of webpage redirections targeted to the user's browser configuration.

Published: November 13, 2019; 10:15:11 PM -05:00
(not available)
CVE-2019-16863

STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL.

Published: November 13, 2019; 10:15:11 PM -05:00
(not available)
CVE-2011-1930

In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. This may allow a remote attacker to send a specially crafted DHCP reply which could execute arbitrary code with the privileges of any process which sources DHCP options.

Published: November 13, 2019; 10:15:10 PM -05:00
(not available)
CVE-2011-1588

Thunar 1.2 through 1.2.1 could crash when copy and pasting a file name with % format characters due to a format string error.

Published: November 13, 2019; 09:15:10 PM -05:00
(not available)
CVE-2011-1490

A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset

Published: November 13, 2019; 09:15:10 PM -05:00
(not available)
CVE-2011-1489

A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset.

Published: November 13, 2019; 09:15:10 PM -05:00
(not available)
CVE-2011-1488

A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when $RepeatedMsgReduction was enabled. A local attacker could use this flaw to cause a denial of the rsyslogd daemon service by crashing the service via a sequence of repeated log messages sent within short periods of time.

Published: November 13, 2019; 09:15:10 PM -05:00
(not available)
CVE-2011-1145

The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string.

Published: November 13, 2019; 09:15:10 PM -05:00
(not available)
CVE-2011-1136

In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user file by guessing the PID and creating a link to the user's file.

Published: November 13, 2019; 08:15:10 PM -05:00
(not available)
CVE-2011-1070

v86d before 0.1.10 do not verify if received netlink messages are sent by the kernel. This could allow unprivileged users to manipulate the video mode and potentially other consequences.

Published: November 13, 2019; 08:15:10 PM -05:00
(not available)
CVE-2019-3663

Unprotected Storage of Credentials vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows local attacker to gain access to the root password via accessing sensitive files on the system.

Published: November 13, 2019; 07:15:11 PM -05:00
(not available)
CVE-2019-3662

Path Traversal: '/absolute/pathname/here' vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to gain unintended access to files on the system via carefully constructed HTTP requests.

Published: November 13, 2019; 07:15:11 PM -05:00
(not available)
CVE-2019-3661

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute database commands via carefully constructed time based payloads.

Published: November 13, 2019; 07:15:11 PM -05:00
(not available)
CVE-2019-3640

Unprotected Transport of Credentials in ePO extension in McAfee Data Loss Prevention 11.x prior to 11.4.0 allows remote attackers with access to the network to collect login details to the LDAP server via the ePO extension not using a secure connection when testing LDAP connectivity.

Published: November 13, 2019; 07:15:11 PM -05:00
(not available)
CVE-2019-18954

Pomelo v2.2.5 allows external control of critical state data. A malicious user input can corrupt arbitrary methods and attributes in template/game-server/app/servers/connector/handler/entryHandler.js because certain internal attributes can be overwritten via a conflicting name. Hence, a malicious attacker can manipulate internal attributes by adding additional attributes to user input.

Published: November 13, 2019; 07:15:11 PM -05:00
(not available)
CVE-2011-0544

phpbb 3.0.x-3.0.6 has an XSS vulnerability via the [flash] BB tag.

Published: November 13, 2019; 07:15:10 PM -05:00
(not available)
CVE-2019-5029

An exploitable command injection vulnerability exists in the Config editor of the Exhibitor Web UI versions 1.0.9 to 1.7.1. Arbitrary shell commands surrounded by backticks or $() can be inserted into the editor and will be executed by the Exhibitor process when it launches ZooKeeper. An attacker can execute any command as the user running the Exhibitor process.

Published: November 13, 2019; 06:15:12 PM -05:00
(not available)