National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 124,316 matching records.
Displaying matches 301 through 320.
Vuln ID Summary CVSS Severity
CVE-2019-17401

** DISPUTED ** libyal liblnk 20191006 has a heap-based buffer over-read in the network_share_name_offset>20 code block of liblnk_location_information_read_data in liblnk_location_information.c, a different issue than CVE-2019-17264. NOTE: the vendor has disputed this as described in the GitHub issue.

Published: October 09, 2019; 03:15:14 PM -04:00
V3.1: 3.3 LOW
    V2: 2.1 LOW
CVE-2019-17092

An XSS vulnerability in project list in OpenProject before 9.0.4 and 10.x before 10.0.2 allows remote attackers to inject arbitrary web script or HTML via the sortBy parameter because error messages are mishandled.

Published: October 09, 2019; 03:15:13 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-17399

The Shack Forms Pro extension before 4.0.32 for Joomla! allows path traversal via a file attachment.

Published: October 09, 2019; 02:15:09 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2019-17389

In RIOT 2019.07, the MQTT-SN implementation (asymcute) mishandles errors occurring during a read operation on a UDP socket. The receive loop ends. This allows an attacker (via a large packet) to prevent a RIOT MQTT-SN client from working until the device is restarted.

Published: October 09, 2019; 01:15:10 PM -04:00
(not available)
CVE-2019-6471

A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Versions affected: BIND 9.11.0 -> 9.11.7, 9.12.0 -> 9.12.4-P1, 9.14.0 -> 9.14.2. Also all releases of the BIND 9.13 development branch and version 9.15.0 of the BIND 9.15 development branch and BIND Supported Preview Edition versions 9.11.3-S1 -> 9.11.7-S1.

Published: October 09, 2019; 12:15:17 PM -04:00
(not available)
CVE-2019-6469

An error in the EDNS Client Subnet (ECS) feature for recursive resolvers can cause BIND to exit with an assertion failure when processing a response that has malformed RRSIGs. Versions affected: BIND 9.10.5-S1 -> 9.11.6-S1 of BIND 9 Supported Preview Edition.

Published: October 09, 2019; 12:15:17 PM -04:00
(not available)
CVE-2019-6468

In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can occur in versions which support EDNS Client Subnet (ECS) features. In those versions which have ECS support, enabling nxdomain-redirect is likely to lead to BIND exiting due to assertion failure. Versions affected: BIND Supported Preview Edition version 9.10.5-S1 -> 9.11.5-S5. ONLY BIND Supported Preview Edition releases are affected.

Published: October 09, 2019; 12:15:16 PM -04:00
(not available)
CVE-2019-6467

A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAIN redirection for recursive clients, is also serving a local copy of the root zone or using mirroring to provide the root zone, although other configurations are also possible. Versions affected: BIND 9.12.0-> 9.12.4, 9.14.0. Also affects all releases in the 9.13 development branch.

Published: October 09, 2019; 12:15:16 PM -04:00
(not available)
CVE-2019-6465

Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465.

Published: October 09, 2019; 12:15:16 PM -04:00
(not available)
CVE-2019-4558

A security vulnerability has been identified in all levels of IBM Spectrum Scale V5.0.0.0 through V5.0.3.2 and IBM Spectrum Scale V4.2.0.0 through V4.2.3.17 that could allow a local attacker to obtain root privilege by injecting parameters into setuid files.

Published: October 09, 2019; 12:15:16 PM -04:00
V3.1: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2019-4512

IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554.

Published: October 09, 2019; 12:15:16 PM -04:00
V3.1: 4.3 MEDIUM
    V2: 4.0 MEDIUM
CVE-2019-3653

Improper access control vulnerability in Configuration tool in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to gain access to security configuration via unauthorized use of the configuration tool.

Published: October 09, 2019; 12:15:16 PM -04:00
(not available)
CVE-2019-3652

Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to get their malicious code installed by the ENS installer via code injection into EPSetup.exe by an attacker with access to the installer.

Published: October 09, 2019; 12:15:16 PM -04:00
(not available)
CVE-2019-17385

The animate-it plugin before 2.3.5 for WordPress has XSS.

Published: October 09, 2019; 12:15:15 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-17384

The animate-it plugin before 2.3.4 for WordPress has XSS.

Published: October 09, 2019; 12:15:15 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-17383

The netaddr gem before 2.0.4 for Ruby has misconfigured file permissions, such that a gem install may result in 0777 permissions in the target filesystem.

Published: October 09, 2019; 12:15:15 PM -04:00
(not available)
CVE-2019-17380

cPanel before 82.0.15 allows self XSS in the WHM Update Preferences interface (SEC-528).

Published: October 09, 2019; 12:15:15 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-17379

cPanel before 82.0.15 allows self stored XSS in the WHM SSL Storage Manager interface (SEC-527).

Published: October 09, 2019; 12:15:15 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-17378

cPanel before 82.0.15 allows self XSS in the SSL Key Delete interface (SEC-526).

Published: October 09, 2019; 12:15:15 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-17377

cPanel before 82.0.15 allows self XSS in LiveAPI example scripts (SEC-524).

Published: October 09, 2019; 12:15:15 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM