National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 127,098 matching records.
Displaying matches 201 through 220.
Vuln ID Summary CVSS Severity
CVE-2019-19316

When using the Azure backend with a shared access signature (SAS), Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP.

Published: December 02, 2019; 04:15:16 PM -05:00
(not available)
CVE-2019-15689

Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege escalation. Possible whitelisting bypass some of the security products

Published: December 02, 2019; 04:15:16 PM -05:00
(not available)
CVE-2012-5562

rhn-proxy: may transmit credentials over clear-text when accessing RHN Satellite

Published: December 02, 2019; 02:15:11 PM -05:00
(not available)
CVE-2014-9356

Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile.

Published: December 02, 2019; 01:15:10 PM -05:00
(not available)
CVE-2013-4410

ReviewBoard: has an access-control problem in REST API

Published: December 02, 2019; 01:15:10 PM -05:00
(not available)
CVE-2012-4576

FreeBSD: Input Validation Flaw allows local users to gain elevated privileges

Published: December 02, 2019; 01:15:10 PM -05:00
(not available)
CVE-2012-4526

piwigo has XSS in password.php (incomplete fix for CVE-2012-4525)

Published: December 02, 2019; 01:15:09 PM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2012-4525

piwigo has XSS in password.php

Published: December 02, 2019; 01:15:09 PM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2012-4480

mom creates world-writable pid files in /var/run

Published: December 02, 2019; 01:15:09 PM -05:00
(not available)
CVE-2012-4428

openslp: SLPIntersectStringList()' Function has a DoS vulnerability

Published: December 02, 2019; 01:15:09 PM -05:00
(not available)
CVE-2019-19507

In jpv (aka Json Pattern Validator) before 2.1.1, compareCommon() can be bypassed because certain internal attributes can be overwritten via a conflicting name, as demonstrated by 'constructor': {'name':'Array'}. This affects validate(). Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result.

Published: December 02, 2019; 12:15:13 PM -05:00
(not available)
CVE-2019-19021

An issue was discovered in TitanHQ WebTitan before 5.18. It has a hidden support account (with a hard-coded password) in the web administration interface, with administrator privileges. Anybody can log in with this account.

Published: December 02, 2019; 12:15:13 PM -05:00
(not available)
CVE-2019-19020

An issue was discovered in TitanHQ WebTitan before 5.18. In the administration web interface it is possible to upload a crafted backup file that enables an attacker to execute arbitrary code by overwriting existing files or adding new PHP files under the web root. This requires the attacker to have access to a valid web interface account.

Published: December 02, 2019; 12:15:13 PM -05:00
(not available)
CVE-2019-19019

An issue was discovered in TitanHQ WebTitan before 5.18. It contains a Remote Code Execution issue through which an attacker can execute arbitrary code as root. The issue stems from the hotfix download mechanism, which downloads a shell script via HTTP, and then executes it as root. This is analogous to CVE-2019-6800 but for a different product.

Published: December 02, 2019; 12:15:13 PM -05:00
(not available)
CVE-2019-19018

An issue was discovered in TitanHQ WebTitan before 5.18. It exposes a database configuration file under /include/dbconfig.ini in the web administration interface, revealing what database the web application is using.

Published: December 02, 2019; 12:15:12 PM -05:00
(not available)
CVE-2019-19017

An issue was discovered in TitanHQ WebTitan before 5.18. The appliance has a hard-coded root password set during installation. An attacker could utilize this to gain root privileges on the system.

Published: December 02, 2019; 12:15:12 PM -05:00
(not available)
CVE-2019-19016

An issue was discovered in TitanHQ WebTitan before 5.18. Some functions, such as /history-x.php, of the administration interface are vulnerable to SQL Injection through the results parameter. This could be used by an attacker to extract sensitive information from the appliance database.

Published: December 02, 2019; 12:15:12 PM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-19015

An issue was discovered in TitanHQ WebTitan before 5.18. The proxy service (which is typically exposed to all users) allows connections to the internal PostgreSQL database of the appliance. By connecting to the database through the proxy (without password authentication), an attacker is able to fully control the appliance database. Through this, several different paths exist to gain further access, or execute code.

Published: December 02, 2019; 12:15:12 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2019-19014

An issue was discovered in TitanHQ WebTitan before 5.18. It has a sudoers file that enables low-privilege users to execute a vast number of commands as root, including mv, chown, and chmod. This can be trivially exploited to gain root privileges by an attacker with access.

Published: December 02, 2019; 12:15:12 PM -05:00
V3.1: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2019-12518

Anviz CrossChex access control management software 4.3.8.0 and 4.3.12 is vulnerable to a buffer overflow vulnerability.

Published: December 02, 2019; 12:15:12 PM -05:00
(not available)