National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 126,146 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2016-5285

Null pointer dereference vulnerability exists in K11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime in NSS before 3.26, which causes the TLS/SSL server using NSS to crash.

Published: November 15, 2019; 11:15:10 AM -05:00
(not available)
CVE-2009-5047

Jetty 6.x before 6.1.22 suffers from an escape sequence injection vulnerability from two different vectors: 1) "Cookie Dump Servlet" and 2) Http Content-Length header. 1) A POST request to the form at "/test/cookie/" with the "Age" parameter set to a string throws a "java.lang.NumberFormatException" which reflects binary characters including ESC. These characters could be used to execute arbitrary commands or buffer dumps in the terminal. 2) The same attack in 1) can be exploited by requesting a page using an HTTP request "Content-Length" header set to a letteral string.

Published: November 15, 2019; 11:15:09 AM -05:00
(not available)
CVE-2014-0023

OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution

Published: November 15, 2019; 10:15:11 AM -05:00
(not available)
CVE-2014-0021

Chrony before 1.29.1 has traffic amplification in cmdmon protocol

Published: November 15, 2019; 10:15:11 AM -05:00
(not available)
CVE-2013-7089

ClamAV before 0.97.7: dbg_printhex possible information leak

Published: November 15, 2019; 10:15:11 AM -05:00
(not available)
CVE-2013-7088

ClamAV before 0.97.7 has buffer overflow in the libclamav component

Published: November 15, 2019; 10:15:11 AM -05:00
(not available)
CVE-2013-7087

ClamAV before 0.97.7 has WWPack corrupt heap memory

Published: November 15, 2019; 10:15:11 AM -05:00
(not available)
CVE-2013-4584

Perdition before 2.2 may have weak security when handling outbound connections, caused by an error in the STARTTLS IMAP and POP server. ssl_outgoing_ciphers not being applied to STARTTLS connections

Published: November 15, 2019; 10:15:11 AM -05:00
(not available)
CVE-2019-14345

TemaTres 3.0 allows remote unprivileged users to create an administrator account

Published: November 15, 2019; 09:15:10 AM -05:00
(not available)
CVE-2019-14343

TemaTres 3.0 has stored XSS via the value parameter to the vocab/admin.php?vocabulario_id=list URI.

Published: November 15, 2019; 08:15:10 AM -05:00
(not available)
CVE-2019-14869

A flaw was found in all versions of ghostscript 9.x before 9.28, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands.

Published: November 15, 2019; 07:15:10 AM -05:00
(not available)
CVE-2019-18987

An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Once a specific abuse filter has (accidentally or otherwise) been made public, its previous versions can be exposed, thus potentially disclosing private or sensitive information within the filter's definition.

Published: November 15, 2019; 01:15:10 AM -05:00
(not available)
CVE-2019-18986

Pimcore before 6.2.2 allow attackers to brute-force (guess) valid usernames by using the 'forgot password' functionality as it returns distinct messages for invalid password and non-existing users.

Published: November 15, 2019; 12:15:13 AM -05:00
(not available)
CVE-2019-18985

Pimcore before 6.2.2 lacks brute force protection for the 2FA token.

Published: November 15, 2019; 12:15:12 AM -05:00
(not available)
CVE-2019-18982

bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore before 6.3.0 allows script execution in the Email Log preview window because of the lack of a Content-Security-Policy header.

Published: November 15, 2019; 12:15:12 AM -05:00
(not available)
CVE-2019-18981

Pimcore before 6.2.2 lacks an Access Denied outcome for a certain scenario of an incorrect recipient ID of a notification.

Published: November 15, 2019; 12:15:12 AM -05:00
(not available)
CVE-2019-18928

Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection.

Published: November 14, 2019; 11:15:10 PM -05:00
(not available)
CVE-2019-11931

A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100.

Published: November 14, 2019; 06:15:10 PM -05:00
(not available)
CVE-2019-18980

On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022656 devices, an unprotected API lets remote users control the bulb's operation. Anyone can turn the bulb on or off, or change its color or brightness remotely. There is no authentication or encryption to use the control API. The only requirement is that the attacker have network access to the bulb.

Published: November 14, 2019; 05:15:11 PM -05:00
(not available)
CVE-2019-18978

An issue was discovered in the rack-cors (aka Rack CORS Middleware) gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.

Published: November 14, 2019; 04:15:12 PM -05:00
(not available)