National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 122,833 matching records.
Displaying matches 721 through 740.
Vuln ID Summary CVSS Severity
CVE-2019-5480

A path traversal vulnerability in <= v0.9.7 of statichttpserver npm module allows attackers to list files in arbitrary folders.

Published: September 03, 2019; 04:15:11 PM -04:00
V3.0: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2019-5479

An unintended require vulnerability in <v0.5.5 larvitbase-api may allow an attacker to load arbitrary non-production code (JavaScript file).

Published: September 03, 2019; 04:15:11 PM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-5478

A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ devices. This could lead to an adversary being able to modify the control fields of the boot image leading to an incorrect secure boot behavior.

Published: September 03, 2019; 04:15:11 PM -04:00
V3.0: 5.5 MEDIUM
    V2: 2.1 LOW
CVE-2019-5475

The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability.

Published: September 03, 2019; 04:15:11 PM -04:00
V3.0: 8.8 HIGH
    V2: 9.0 HIGH
CVE-2019-6182

A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and Event Log data, that could result in crafted formulas stored in an exported CSV file. The crafted formula is not executed on LXCA itself.

Published: September 03, 2019; 03:15:10 PM -04:00
V3.0: 4.4 MEDIUM
    V2: 4.0 MEDIUM
CVE-2019-6181

A reflected cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow a crafted URL, if visited, to cause JavaScript code to be executed in the user's web browser. The JavaScript code is not executed on LXCA itself.

Published: September 03, 2019; 03:15:10 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-6180

A stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to cause JavaScript code to be stored in LXCA which may then be executed in the user's web browser. The JavaScript code is not executed on LXCA itself.

Published: September 03, 2019; 03:15:10 PM -04:00
V3.0: 4.8 MEDIUM
    V2: 3.5 LOW
CVE-2019-6179

An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter prior to version 6.1.0 that could allow information disclosure.

Published: September 03, 2019; 03:15:10 PM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-1125

An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071, CVE-2019-1073.

Published: September 03, 2019; 02:15:12 PM -04:00
V3.0: 5.5 MEDIUM
    V2: 2.1 LOW
CVE-2019-15889

The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter.

Published: September 03, 2019; 02:15:12 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-14261

An issue was discovered on ABUS Secvest FUAA50000 3.01.01 devices. Due to an insufficient implementation of jamming detection, an attacker is able to suppress correctly received RF messages sent between wireless peripheral components, e.g., wireless detectors or remote controls, and the ABUS Secvest alarm central. An attacker is able to perform a "reactive jamming" attack. The reactive jamming simply detects the start of a RF message sent by a component of the ABUS Secvest wireless alarm system, for instance a wireless motion detector (FUBW50000) or a remote control (FUBE50014 or FUBE50015), and overlays it with random data before the original RF message ends. Thereby, the receiver (alarm central) is not able to properly decode the original transmitted signal. This enables an attacker to suppress correctly received RF messages of the wireless alarm system in an unauthorized manner, for instance status messages sent by a detector indicating an intrusion.

Published: September 03, 2019; 02:15:12 PM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-3754

Dell EMC Unity Operating Environment versions prior to 5.0.0.0.5.116, Dell EMC UnityVSA versions prior to 5.0.0.0.5.116 and Dell EMC VNXe3200 versions prior to 3.1.10.9946299 contain a reflected cross-site scripting vulnerability on the cas/logout page. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or Java Script code to Unisphere, which is then reflected back to the victim and executed by the web browser.

Published: September 03, 2019; 01:15:11 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-3751

Dell EMC Enterprise Copy Data Management (eCDM) versions 1.0, 1.1, 2.0, 2.1, and 3.0 contain a certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim?s data in transit.

Published: September 03, 2019; 01:15:11 PM -04:00
V3.0: 7.4 HIGH
    V2: 5.8 MEDIUM
CVE-2019-14817

A flaw was found in, ghostscript versions prior to 9.28, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.

Published: September 03, 2019; 12:15:11 PM -04:00
V3.0: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-14811

A flaw was found in, ghostscript versions prior to 9.28, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.

Published: September 03, 2019; 12:15:11 PM -04:00
V3.0: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-13156

NDrive(1.2.2).sys in Naver Cloud Explorer has a stack-based buffer overflow, which allows attackers to cause a denial of service when reading data from IOCTL handle.

Published: September 03, 2019; 11:15:11 AM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-10197

A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share.

Published: September 03, 2019; 11:15:11 AM -04:00
V3.0: 9.1 CRITICAL
    V2: 6.4 MEDIUM
CVE-2019-15873

The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pm_template_preview&html=<?php substring followed by PHP code.

Published: September 03, 2019; 09:15:11 AM -04:00
V3.0: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2019-15872

The LoginPress plugin before 1.1.4 for WordPress has SQL injection via an import of settings.

Published: September 03, 2019; 09:15:11 AM -04:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2019-15871

The LoginPress plugin before 1.1.4 for WordPress has no capability check for updates to settings.

Published: September 03, 2019; 09:15:10 AM -04:00
V3.0: 4.3 MEDIUM
    V2: 4.0 MEDIUM