National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 127,229 matching records.
Displaying matches 61 through 80.
Vuln ID Summary CVSS Severity
CVE-2019-13732

Use-after-free in WebAudio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: December 10, 2019; 05:15:13 PM -05:00
(not available)
CVE-2019-13730

Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: December 10, 2019; 05:15:13 PM -05:00
(not available)
CVE-2019-13729

Use-after-free in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: December 10, 2019; 05:15:13 PM -05:00
(not available)
CVE-2019-13728

Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: December 10, 2019; 05:15:12 PM -05:00
(not available)
CVE-2019-13727

Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

Published: December 10, 2019; 05:15:12 PM -05:00
(not available)
CVE-2019-13726

Buffer overflow in password manager in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

Published: December 10, 2019; 05:15:12 PM -05:00
(not available)
CVE-2019-13725

Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

Published: December 10, 2019; 05:15:12 PM -05:00
(not available)
CVE-2019-5843

Out of bounds memory access in JavaScript in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: December 10, 2019; 04:15:16 PM -05:00
(not available)
CVE-2019-5841

Out of bounds memory access in JavaScript in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: December 10, 2019; 04:15:16 PM -05:00
(not available)
CVE-2019-17270

Yachtcontrol through 2019-10-06: It's possible to perform direct Operating System commands as an unauthenticated user via the "/pages/systemcall.php?command={COMMAND}" page and parameter, where {COMMAND} will be executed and returning the results to the client. Affects Yachtcontrol webservers disclosed via Dutch GPRS/4G mobile IP-ranges. IP addresses vary due to DHCP client leasing of telco's.

Published: December 10, 2019; 04:15:15 PM -05:00
(not available)
CVE-2019-13672

Incorrect security UI in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page on iOS.

Published: December 10, 2019; 04:15:14 PM -05:00
(not available)
CVE-2019-19703

In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location.

Published: December 10, 2019; 03:15:17 PM -05:00
(not available)
CVE-2019-19702

The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this to perform a denial of service against the DMARC reporting functionality, such as by referencing the /dev/random file within XML documents that are emailed to the address in the rua field of the DMARC records of a domain.

Published: December 10, 2019; 03:15:17 PM -05:00
(not available)
CVE-2012-1577

lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0.

Published: December 10, 2019; 02:15:14 PM -05:00
(not available)
CVE-2019-6192

A potential vulnerability has been reported in Lenovo Power Management Driver versions prior to 1.67.17.48 leading to a buffer overflow which could cause a denial of service.

Published: December 10, 2019; 01:15:09 PM -05:00
(not available)
CVE-2019-6183

A denial of service vulnerability has been reported in Lenovo Energy Management Driver for Windows 10 versions prior to 15.11.29.7 that could cause systems to experience a blue screen error. Lenovo Energy Management is a client utility. Lenovo XClarity Energy Manager is not affected.

Published: December 10, 2019; 01:15:09 PM -05:00
(not available)
CVE-2016-1000107

inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.

Published: December 10, 2019; 01:15:09 PM -05:00
(not available)
CVE-2013-1689

Mozilla Firefox 20.0a1 and earlier allows remote attackers to cause a denial of service (crash), related to event handling with frames.

Published: December 10, 2019; 01:15:09 PM -05:00
(not available)
CVE-2019-4663

IBM WebSphere Application Server - Liberty is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171245.

Published: December 10, 2019; 11:15:13 AM -05:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2019-4521

Platform System Manager in IBM Cloud Pak System 2.3 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 165179.

Published: December 10, 2019; 11:15:13 AM -05:00
(not available)