National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 124,288 matching records.
Displaying matches 101 through 120.
Vuln ID Summary CVSS Severity
CVE-2019-11526

An issue was discovered in Softing uaGate SI 1.60.01. A maintenance script, that is executable via sudo, is vulnerable to file path injection. This enables the Attacker to write files with superuser privileges in specific locations.

Published: October 10, 2019; 03:15:10 PM -04:00
(not available)
CVE-2019-17455

Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request.

Published: October 10, 2019; 02:15:11 PM -04:00
(not available)
CVE-2019-5535

VMware Workstation and Fusion contain a network denial-of-service vulnerability due to improper handling of certain IPv6 packets. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.7.

Published: October 10, 2019; 01:15:18 PM -04:00
(not available)
CVE-2019-5527

ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5.

Published: October 10, 2019; 01:15:18 PM -04:00
(not available)
CVE-2019-17454

Bento4 1.5.1.0 has a NULL pointer dereference in AP4_Descriptor::GetTag in Core/Ap4Descriptor.h, related to AP4_StsdAtom::GetSampleDescription in Core/Ap4StsdAtom.cpp, as demonstrated by mp4info.

Published: October 10, 2019; 01:15:17 PM -04:00
V3.1: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-17453

Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorListWriter::Action in Core/Ap4Descriptor.h, related to AP4_IodsAtom::WriteFields in Core/Ap4IodsAtom.cpp, as demonstrated by mp4encrypt or mp4compact.

Published: October 10, 2019; 01:15:17 PM -04:00
V3.1: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-17452

Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorListInspector::Action in Core/Ap4Descriptor.h, related to AP4_IodsAtom::InspectFields in Core/Ap4IodsAtom.cpp, as demonstrated by mp4dump.

Published: October 10, 2019; 01:15:17 PM -04:00
V3.1: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-17451

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm.

Published: October 10, 2019; 01:15:17 PM -04:00
(not available)
CVE-2019-17450

find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.

Published: October 10, 2019; 01:15:17 PM -04:00
(not available)
CVE-2015-9480

The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter.

Published: October 10, 2019; 01:15:16 PM -04:00
(not available)
CVE-2015-9479

The ACF-Frontend-Display plugin through 2015-07-03 for WordPress has arbitrary file upload via an action=upload request to js/blueimp-jQuery-File-Upload-d45deb1/server/php/index.php.

Published: October 10, 2019; 01:15:16 PM -04:00
(not available)
CVE-2015-9478

prettyPhoto before 3.1.6 has js/jquery.prettyPhoto.js XSS.

Published: October 10, 2019; 01:15:16 PM -04:00
(not available)
CVE-2015-9477

The Vernissage theme 1.2.8 for WordPress has insufficient restrictions on option updates.

Published: October 10, 2019; 01:15:15 PM -04:00
(not available)
CVE-2015-9476

The Teardrop theme 1.8.1 for WordPress has insufficient restrictions on option updates.

Published: October 10, 2019; 01:15:15 PM -04:00
(not available)
CVE-2015-9475

The Pont theme 1.5 for WordPress has insufficient restrictions on option updates.

Published: October 10, 2019; 01:15:15 PM -04:00
(not available)
CVE-2015-9474

The Simpolio theme 1.3.2 for WordPress has insufficient restrictions on option updates.

Published: October 10, 2019; 01:15:15 PM -04:00
(not available)
CVE-2015-9473

The estrutura-basica theme through 2015-09-13 for WordPress has directory traversal via the scripts/download.php arquivo parameter.

Published: October 10, 2019; 01:15:15 PM -04:00
(not available)
CVE-2015-9472

The incoming-links plugin before 0.9.10b for WordPress has referrers.php XSS via the Referer HTTP header.

Published: October 10, 2019; 01:15:15 PM -04:00
(not available)
CVE-2015-9471

The dzs-zoomsounds plugin through 2.0 for WordPress has admin/upload.php arbitrary file upload.

Published: October 10, 2019; 01:15:15 PM -04:00
(not available)
CVE-2015-9470

The history-collection plugin through 1.1.1 for WordPress has directory traversal via the download.php var parameter.

Published: October 10, 2019; 01:15:15 PM -04:00
(not available)