National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 126,250 matching records.
Displaying matches 461 through 480.
Vuln ID Summary CVSS Severity
CVE-2019-16949

An issue was discovered in Enghouse Web Chat 6.1.300.31 and 6.2.284.34. A user is allowed to send an archive of their chat log to an email address specified at the beginning of the chat (where the user enters in their name and e-mail address). This POST request can be modified to change the message as well as the end recipient of the message. The e-mail address will have the same domain name and user as the product allotted. This can be used in phishing campaigns against users on the same domain.

Published: November 13, 2019; 01:15:10 PM -05:00
V3.1: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2013-4657

Symlink Traversal vulnerability in NETGEAR WNR3500U and WNR3500L due to misconfiguration in the SMB service.

Published: November 13, 2019; 01:15:10 PM -05:00
(not available)
CVE-2010-4532

offlineimap before 6.3.2 does not check for SSL server certificate validation when "ssl = yes" option is specified which can allow man-in-the-middle attacks.

Published: November 13, 2019; 01:15:10 PM -05:00
V3.1: 5.9 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-5294

There is an out of bound read vulnerability in some Huawei products. A remote, unauthenticated attacker may send a corrupt or crafted message to the affected products. Due to a buffer read overflow error when parsing the message, successful exploit may cause some service to be abnormal.

Published: November 13, 2019; 12:15:14 PM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-5293

Some Huawei products have a memory leak vulnerability when handling some messages. A remote attacker with operation privilege could exploit the vulnerability by sending specific messages continuously. Successful exploit may cause some service to be abnormal.

Published: November 13, 2019; 12:15:14 PM -05:00
V3.1: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2019-5289

Gauss100 OLTP database in ManageOne with versions of 6.5.0 have an out-of-bounds read vulnerability due to the insufficient checks of the specific packet length. Attackers can construct invalid packets to attack the active and standby communication channels. Successful exploit of this vulnerability could allow the attacker to crash the database on the standby node.

Published: November 13, 2019; 12:15:14 PM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-16948

An SSRF issue was discovered in Enghouse Web Chat 6.1.300.31. In any POST request, one can replace the port number at WebServiceLocation=http://localhost:8085/UCWebServices/ with a range of ports to determine what is visible on the internal network (as opposed to what general web traffic would see on the product's host). The response from open ports is different than from closed ports. The product does not allow one to change the protocol: anything except http(s) will throw an error; however, it is the type of error that allows one to determine if a port is open or not.

Published: November 13, 2019; 12:15:13 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2014-8167

vdsm and vdsclient does not validate certficate hostname from another vdsm which could facilitate a man-in-the-middle attack

Published: November 13, 2019; 12:15:13 PM -05:00
V3.1: 5.9 MEDIUM
    V2: 4.3 MEDIUM
CVE-2012-4385

letodms 3.3.6 has CSRF via change password

Published: November 13, 2019; 12:15:13 PM -05:00
V3.1: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-5292

Honor 10 Lite, Honor 8A, Huawei Y6 mobile phones with the versions before 9.1.0.217(C00E215R3P1), the versions before 9.1.0.205(C00E97R1P9), the versions before 9.1.0.205(C00E97R2P2) have an information leak vulnerability. Due to improper function error records of some module, an attacker with the access permission may exploit the vulnerability to obtain some information.

Published: November 13, 2019; 11:15:11 AM -05:00
V3.1: 3.3 LOW
    V2: 2.1 LOW
CVE-2019-18931

Western Digital My Cloud EX2 Ultra firmware 2.31.195 allows a Buffer Overflow with Extended Instruction Pointer (EIP) control via crafted GET/POST parameters.

Published: November 13, 2019; 11:15:11 AM -05:00
V3.1: 8.8 HIGH
    V2: 9.0 HIGH
CVE-2019-18930

Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest account) to remotely execute arbitrary code via a stack-based buffer overflow. There is no size verification logic in one of functions in libscheddl.so, and download_mgr.cgi makes it possible to enter large-sized f_idx inputs.

Published: November 13, 2019; 11:15:11 AM -05:00
V3.1: 8.8 HIGH
    V2: 9.0 HIGH
CVE-2019-18929

Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest accounts) to remotely execute arbitrary code via a download_mgr.cgi stack-based buffer overflow.

Published: November 13, 2019; 11:15:11 AM -05:00
V3.1: 8.8 HIGH
    V2: 9.0 HIGH
CVE-2019-15948

Texas Instruments CC256x and WL18xx dual-mode Bluetooth controller devices, when LE scan mode is used, allow remote attackers to trigger a buffer overflow via a malformed Bluetooth Low Energy advertising packet, to cause a denial of service or potentially execute arbitrary code. This affects CC256xC-BT-SP 1.2, CC256xB-BT-SP 1.8, and WL18xx-BT-SP 4.4.

Published: November 13, 2019; 11:15:11 AM -05:00
(not available)
CVE-2014-3655

JBoss KeyCloak is vulnerable to soft token deletion via CSRF

Published: November 13, 2019; 11:15:10 AM -05:00
V3.1: 4.3 MEDIUM
    V2: 4.3 MEDIUM
CVE-2014-3592

OpenShift Origin: Improperly validated team names could allow stored XSS attacks

Published: November 13, 2019; 11:15:10 AM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2013-4655

Symlink Traversal vulnerability in Belkin N900 due to misconfiguration in the SMB service.

Published: November 13, 2019; 11:15:10 AM -05:00
V3.1: 7.5 HIGH
    V2: 7.8 HIGH
CVE-2013-4654

Symlink Traversal vulnerability in TP-LINK TL-WDR4300 and TL-1043ND..

Published: November 13, 2019; 11:15:10 AM -05:00
(not available)
CVE-2012-4384

letodms has multiple XSS issues: Reflected XSS in Login Page, Stored XSS in Document Owner/User name, Stored XSS in Calendar

Published: November 13, 2019; 11:15:10 AM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-5288

P30 smart phones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an integer overflow vulnerability due to insufficient check on specific parameters. An attacker tricks the user into installing a malicious application, obtains the root permission and constructs specific parameters to the camera program to exploit this vulnerability. Successful exploit could cause the program to break down or allow for arbitrary code execution.

Published: November 13, 2019; 10:15:10 AM -05:00
V3.1: 7.8 HIGH
    V2: 9.3 HIGH