National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 122,691 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2019-16335

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.

Published: September 15, 2019; 06:15:10 PM -04:00
(not available)
CVE-2019-16334

In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> Name field. NOTE: this may overlap CVE-2017-16636.

Published: September 15, 2019; 06:15:10 PM -04:00
(not available)
CVE-2019-16333

GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php.

Published: September 15, 2019; 06:15:10 PM -04:00
(not available)
CVE-2019-16332

In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS.

Published: September 15, 2019; 06:15:10 PM -04:00
(not available)
CVE-2019-14540

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.

Published: September 15, 2019; 06:15:10 PM -04:00
(not available)
CVE-2019-16321

ScadaBR 1.0CE, and 1.1.x through 1.1.0-RC, has XSS via a request for a nonexistent resource, as demonstrated by the dwr/test/ PATH_INFO.

Published: September 15, 2019; 12:15:13 PM -04:00
(not available)
CVE-2019-16320

Cobham Sea Tel v170 224521 through v194 225444 devices allow attackers to obtain potentially sensitive information, such as a vessel's latitude and longitude, via the public SNMP community.

Published: September 15, 2019; 12:15:13 PM -04:00
(not available)
CVE-2019-16319

In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero.

Published: September 15, 2019; 12:15:13 PM -04:00
(not available)
CVE-2019-16318

In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317.

Published: September 14, 2019; 02:15:11 PM -04:00
(not available)
CVE-2019-16317

In Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the phar://../../../../../../../../var/www/html/web/var/assets/ directory, a different vulnerability than CVE-2019-10867 and CVE-2019-16318.

Published: September 14, 2019; 02:15:11 PM -04:00
(not available)
CVE-2019-16307

A Reflected Cross-Site Scripting (XSS) vulnerability in the webEx module in webExMeetingLogin.jsp and deleteWebExMeetingCheck.jsp in Fuji Xerox DocuShare through 7.0.0.C1.609 allows remote attackers to inject arbitrary web script or HTML via the handle parameter (webExMeetingLogin.jsp) and meetingKey parameter (deleteWebExMeetingCheck.jsp).

Published: September 14, 2019; 01:15:10 PM -04:00
(not available)
CVE-2019-16314

Indexhibit 2.1.5 allows a product reinstallation, with resultant remote code execution, via /ndxzstudio/install.php?p=2.

Published: September 14, 2019; 12:15:10 PM -04:00
(not available)
CVE-2019-16313

ifw8 Router ROM v4.31 allows credential disclosure by reading the action/usermanager.htm HTML source code.

Published: September 14, 2019; 12:15:10 PM -04:00
(not available)
CVE-2019-16312

s-cms V3.0 has XSS in index.php?type=text via the S_id parameter.

Published: September 14, 2019; 12:15:10 PM -04:00
(not available)
CVE-2019-16311

NIUSHOP V1.11 has CSRF via search_info to index.php.

Published: September 14, 2019; 12:15:10 PM -04:00
(not available)
CVE-2019-16310

NIUSHOP V1.11 has XSS via the index.php?s=/admin URI.

Published: September 14, 2019; 12:15:10 PM -04:00
(not available)
CVE-2019-16309

FlameCMS 3.3.5 has SQL injection in account/login.php via accountName.

Published: September 14, 2019; 12:15:10 PM -04:00
(not available)
CVE-2019-16294

SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file.

Published: September 14, 2019; 12:15:10 PM -04:00
(not available)
CVE-2019-16305

In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. A crafted link can trigger a popup asking whether the user wants to run MobaXterm to handle the link. If accepted, another popup appears asking for further confirmation. If this is also accepted, command execution is achieved, as demonstrated by the MobaXterm://`calc` URI.

Published: September 14, 2019; 11:15:10 AM -04:00
(not available)
CVE-2019-16303

A class generated by the Generator in JHipster before 6.3.0 and JHipster Kotlin through 1.1.0 produces code that uses an insecure source of randomness (apache.commons.lang3 RandomStringUtils). This allows an attacker (if able to obtain their own password reset URL) to compute the value for all other password resets for other accounts, thus allowing privilege escalation or account takeover.

Published: September 13, 2019; 08:15:10 PM -04:00
(not available)