National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 124,705 matching records.
Displaying matches 121 through 140.
Vuln ID Summary CVSS Severity
CVE-2019-17673

WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin header.

Published: October 17, 2019; 09:15:11 AM -04:00
(not available)
CVE-2019-17672

WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements.

Published: October 17, 2019; 09:15:11 AM -04:00
(not available)
CVE-2019-17671

In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled.

Published: October 17, 2019; 09:15:10 AM -04:00
(not available)
CVE-2019-17670

WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative URLs.

Published: October 17, 2019; 09:15:10 AM -04:00
(not available)
CVE-2019-17669

WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters.

Published: October 17, 2019; 09:15:10 AM -04:00
(not available)
CVE-2019-17668

Samsung Galaxy S10 and Note10 devices allow unlock operations via unregistered fingerprints in certain situations involving a third-party screen protector.

Published: October 17, 2019; 08:15:12 AM -04:00
(not available)
CVE-2019-17667

Comtech H8 Heights Remote Gateway 2.5.1 devices allow XSS and HTML injection via the Site Name (aka SiteName) field.

Published: October 17, 2019; 07:15:11 AM -04:00
(not available)
CVE-2019-17666

rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.

Published: October 16, 2019; 10:15:13 PM -04:00
(not available)
CVE-2019-17611

HongCMS 3.0.0 has XSS via the install/index.php tableprefix parameter.

Published: October 16, 2019; 06:15:10 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-17610

HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter.

Published: October 16, 2019; 06:15:10 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-17609

HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter.

Published: October 16, 2019; 06:15:10 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-17608

HongCMS 3.0.0 has XSS via the install/index.php dbname parameter.

Published: October 16, 2019; 06:15:10 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-17607

HongCMS 3.0.0 has XSS via the install/index.php servername parameter.

Published: October 16, 2019; 06:15:10 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-17665

NSA Ghidra before 9.0.2 is vulnerable to DLL hijacking because it loads jansi.dll from the current working directory.

Published: October 16, 2019; 04:15:11 PM -04:00
(not available)
CVE-2019-17664

NSA Ghidra through 9.0.4 uses a potentially untrusted search path. When executing Ghidra from a given path, the Java process working directory is set to this path. Then, when launching the Python interpreter via the "Ghidra Codebrowser > Window > Python" option, Ghidra will try to execute the cmd.exe program from this working directory.

Published: October 16, 2019; 04:15:11 PM -04:00
(not available)
CVE-2019-13116

The MuleSoft Mule runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections.

Published: October 16, 2019; 04:15:11 PM -04:00
(not available)
CVE-2019-17512

There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1.14WW routers. An attacker can clear the router's log file via act=clear&logtype=sysact to log_clear.php, which could be used to erase attack traces.

Published: October 16, 2019; 03:15:16 PM -04:00
(not available)
CVE-2019-17436

A Local Privilege Escalation vulnerability exists in GlobalProtect Agent for Linux and Mac OS X version 5.0.4 and earlier and version 4.1.12 and earlier, that can allow non-root users to overwrite root files on the file system.

Published: October 16, 2019; 03:15:16 PM -04:00
(not available)
CVE-2019-17435

A Local Privilege Escalation vulnerability exists in the GlobalProtect Agent for Windows 5.0.3 and earlier, and GlobalProtect Agent for Windows 4.1.12 and earlier, in which the auto-update feature can allow for modification of a GlobalProtect Agent MSI installer package on disk before installation.

Published: October 16, 2019; 03:15:16 PM -04:00
(not available)
CVE-2019-16700

The slub_events (aka SLUB: Event Registration) extension through 3.0.2 for TYPO3 allows uploading of arbitrary files to the webserver. For versions 1.2.2 and below, this results in Remote Code Execution. In versions later than 1.2.2, this can result in Denial of Service, since the web space can be filled up with arbitrary files.

Published: October 16, 2019; 03:15:15 PM -04:00
(not available)