National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 122,761 matching records.
Displaying matches 681 through 700.
Vuln ID Summary CVSS Severity
CVE-2015-9382

FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation.

Published: September 03, 2019; 01:15:10 AM -04:00
V3.0: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-9381

FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c.

Published: September 03, 2019; 01:15:10 AM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-15847

The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.

Published: September 02, 2019; 07:15:10 PM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-15842

The easy-pdf-restaurant-menu-upload plugin before 1.1.2 for WordPress has XSS.

Published: August 30, 2019; 01:15:12 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-15841

The facebook-for-woocommerce plugin before 1.9.15 for WordPress has CSRF via ajax_woo_infobanner_post_click, ajax_woo_infobanner_post_xout, or ajax_fb_toggle_visibility.

Published: August 30, 2019; 01:15:12 PM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-15840

The facebook-for-woocommerce plugin before 1.9.14 for WordPress has CSRF.

Published: August 30, 2019; 01:15:12 PM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-15839

The sina-extension-for-elementor plugin before 2.2.1 for WordPress has local file inclusion.

Published: August 30, 2019; 01:15:12 PM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-15838

The custom-404-pro plugin before 3.2.8 for WordPress has reflected XSS, a different vulnerability than CVE-2019-14789.

Published: August 30, 2019; 01:15:12 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-15837

The webp-express plugin before 0.14.8 for WordPress has stored XSS.

Published: August 30, 2019; 01:15:12 PM -04:00
V3.0: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2019-15836

The wp-ultimate-recipe plugin before 3.12.7 for WordPress has stored XSS.

Published: August 30, 2019; 01:15:12 PM -04:00
V3.0: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2019-15835

The wp-better-permalinks plugin before 3.0.5 for WordPress has CSRF.

Published: August 30, 2019; 01:15:12 PM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-15834

The webp-converter-for-media plugin before 1.0.3 for WordPress has CSRF.

Published: August 30, 2019; 01:15:12 PM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-15630

Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow remote attackers to read files accessible to the Mule process.

Published: August 30, 2019; 01:15:11 PM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-12810

A memory corruption vulnerability exists in the .PSD parsing functionality of ALSee v5.3 ~ v8.39. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in code execution. By persuading a victim to open a specially-crafted .PSD file, an attacker could execute arbitrary code.

Published: August 30, 2019; 01:15:11 PM -04:00
V3.0: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-2390

An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server versions less than 4.0.11, 3.6.14, and 3.4.22 to run attacker defined code as the user running the utility.

Published: August 30, 2019; 11:15:11 AM -04:00
V3.0: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-2389

Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.11; v3.6 versions prior to 3.6.14; v3.4 versions prior to 3.4.22.

Published: August 30, 2019; 11:15:10 AM -04:00
V3.0: 6.3 MEDIUM
    V2: 3.3 LOW
CVE-2019-15026

memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c.

Published: August 30, 2019; 11:15:10 AM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-15833

The simple-mail-address-encoder plugin before 1.7 for WordPress has reflected XSS.

Published: August 30, 2019; 10:15:11 AM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-15832

The visitors-traffic-real-time-statistics plugin before 1.13 for WordPress has CSRF.

Published: August 30, 2019; 10:15:10 AM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-15831

The visitors-traffic-real-time-statistics plugin before 1.12 for WordPress has CSRF in the settings page.

Published: August 30, 2019; 10:15:10 AM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM