National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 122,696 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2019-16170

An issue was discovered in GitLab Enterprise Edition 11.x and 12.x before 12.0.9, 12.1.x before 12.1.9, and 12.2.x before 12.2.5. It has Incorrect Access Control.

Published: September 16, 2019; 08:15:10 AM -04:00
(not available)
CVE-2019-16057

The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection.

Published: September 16, 2019; 08:15:10 AM -04:00
(not available)
CVE-2019-13474

TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt, and Imperial i600 TN81HH96-g102h-g102 devices have insufficient access control for the /set_dname, /mylogo, /LocalPlay, /irdevice.xml, /Sendkey, /setvol, /hotkeylist, /init, /playlogo.jpg, /stop, /exit, /back, and /playinfo commands.

Published: September 16, 2019; 08:15:10 AM -04:00
(not available)
CVE-2017-18634

The newspaper theme before 6.7.2 for WordPress has script injection via td_ads[header] to admin-ajax.php.

Published: September 16, 2019; 08:15:10 AM -04:00
(not available)
CVE-2016-10956

The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php.

Published: September 16, 2019; 08:15:10 AM -04:00
(not available)
CVE-2019-16335

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.

Published: September 15, 2019; 06:15:10 PM -04:00
(not available)
CVE-2019-16334

In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> Name field. NOTE: this may overlap CVE-2017-16636.

Published: September 15, 2019; 06:15:10 PM -04:00
(not available)
CVE-2019-16333

GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php.

Published: September 15, 2019; 06:15:10 PM -04:00
(not available)
CVE-2019-16332

In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS.

Published: September 15, 2019; 06:15:10 PM -04:00
(not available)
CVE-2019-14540

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.

Published: September 15, 2019; 06:15:10 PM -04:00
(not available)
CVE-2019-16321

ScadaBR 1.0CE, and 1.1.x through 1.1.0-RC, has XSS via a request for a nonexistent resource, as demonstrated by the dwr/test/ PATH_INFO.

Published: September 15, 2019; 12:15:13 PM -04:00
(not available)
CVE-2019-16320

Cobham Sea Tel v170 224521 through v194 225444 devices allow attackers to obtain potentially sensitive information, such as a vessel's latitude and longitude, via the public SNMP community.

Published: September 15, 2019; 12:15:13 PM -04:00
(not available)
CVE-2019-16319

In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero.

Published: September 15, 2019; 12:15:13 PM -04:00
(not available)
CVE-2019-16318

In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317.

Published: September 14, 2019; 02:15:11 PM -04:00
(not available)
CVE-2019-16317

In Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the phar://../../../../../../../../var/www/html/web/var/assets/ directory, a different vulnerability than CVE-2019-10867 and CVE-2019-16318.

Published: September 14, 2019; 02:15:11 PM -04:00
(not available)
CVE-2019-16307

A Reflected Cross-Site Scripting (XSS) vulnerability in the webEx module in webExMeetingLogin.jsp and deleteWebExMeetingCheck.jsp in Fuji Xerox DocuShare through 7.0.0.C1.609 allows remote attackers to inject arbitrary web script or HTML via the handle parameter (webExMeetingLogin.jsp) and meetingKey parameter (deleteWebExMeetingCheck.jsp).

Published: September 14, 2019; 01:15:10 PM -04:00
(not available)
CVE-2019-16314

Indexhibit 2.1.5 allows a product reinstallation, with resultant remote code execution, via /ndxzstudio/install.php?p=2.

Published: September 14, 2019; 12:15:10 PM -04:00
(not available)
CVE-2019-16313

ifw8 Router ROM v4.31 allows credential disclosure by reading the action/usermanager.htm HTML source code.

Published: September 14, 2019; 12:15:10 PM -04:00
(not available)
CVE-2019-16312

s-cms V3.0 has XSS in index.php?type=text via the S_id parameter.

Published: September 14, 2019; 12:15:10 PM -04:00
(not available)
CVE-2019-16311

NIUSHOP V1.11 has CSRF via search_info to index.php.

Published: September 14, 2019; 12:15:10 PM -04:00
(not available)