National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 127,156 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2012-1577

lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0.

Published: December 10, 2019; 02:15:14 PM -05:00
(not available)
CVE-2019-6192

A potential vulnerability has been reported in Lenovo Power Management Driver versions prior to 1.67.17.48 leading to a buffer overflow which could cause a denial of service.

Published: December 10, 2019; 01:15:09 PM -05:00
(not available)
CVE-2019-6183

A denial of service vulnerability has been reported in Lenovo Energy Management Driver for Windows 10 versions prior to 15.11.29.7 that could cause systems to experience a blue screen error. Lenovo Energy Management is a client utility. Lenovo XClarity Energy Manager is not affected.

Published: December 10, 2019; 01:15:09 PM -05:00
(not available)
CVE-2016-1000107

inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.

Published: December 10, 2019; 01:15:09 PM -05:00
(not available)
CVE-2013-1689

Mozilla Firefox 20.0a1 and earlier allows remote attackers to cause a denial of service (crash), related to event handling with frames.

Published: December 10, 2019; 01:15:09 PM -05:00
(not available)
CVE-2019-4663

IBM WebSphere Application Server - Liberty is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171245.

Published: December 10, 2019; 11:15:13 AM -05:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2019-4521

Platform System Manager in IBM Cloud Pak System 2.3 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 165179.

Published: December 10, 2019; 11:15:13 AM -05:00
(not available)
CVE-2019-4244

IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote attacker to gain unauthorized information and unrestricted control over Zookeeper installations due to missing authentication. IBM X-Force ID: 159518.

Published: December 10, 2019; 11:15:13 AM -05:00
(not available)
CVE-2019-4095

IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158015.

Published: December 10, 2019; 11:15:13 AM -05:00
(not available)
CVE-2019-19251

The Last.fm desktop app (Last.fm Scrobbler) through 2.1.39 on macOS makes HTTP requests that include an API key without the use of SSL/TLS. Although there is an Enable SSL option, it is disabled by default, and cleartext requests are made as soon as the app starts.

Published: December 10, 2019; 10:15:12 AM -05:00
(not available)
CVE-2016-1000108

yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.

Published: December 10, 2019; 10:15:11 AM -05:00
(not available)
CVE-2013-4184

Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks

Published: December 10, 2019; 10:15:11 AM -05:00
(not available)
CVE-2013-4133

kde-workspace before 4.10.5 has a memory leak in plasma desktop

Published: December 10, 2019; 10:15:11 AM -05:00
(not available)
CVE-2013-4120

Katello has a Denial of Service vulnerability in API OAuth authentication

Published: December 10, 2019; 10:15:11 AM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2013-2183

Monkey HTTP Daemon has local security bypass

Published: December 10, 2019; 10:15:11 AM -05:00
(not available)
CVE-2013-2167

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass

Published: December 10, 2019; 10:15:11 AM -05:00
(not available)
CVE-2013-2166

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass

Published: December 10, 2019; 10:15:11 AM -05:00
(not available)
CVE-2013-2159

Monkey HTTP Daemon: broken user name authentication

Published: December 10, 2019; 10:15:11 AM -05:00
(not available)
CVE-2014-3656

JBoss KeyCloak: XSS in login-status-iframe.html

Published: December 10, 2019; 09:15:11 AM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2013-2095

rubygem-openshift-origin-controller: API can be used to create applications via cartridge_cache.rb URI.prase() to perform command injection

Published: December 10, 2019; 09:15:10 AM -05:00
(not available)