National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 126,325 matching records.
Displaying matches 101 through 120.
Vuln ID Summary CVSS Severity
CVE-2011-5331

Distributed Ruby (aka DRuby) 1.8 mishandles instance_eval.

Published: November 18, 2019; 01:15:09 PM -05:00
(not available)
CVE-2011-5330

Distributed Ruby (aka DRuby) 1.8 mishandles the sending of syscalls.

Published: November 18, 2019; 01:15:09 PM -05:00
(not available)
CVE-2019-19113

main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall (aka New Bee) before 2019-10-23 allows search?goodsCategoryId=&keyword= SQL Injection.

Published: November 18, 2019; 12:15:11 PM -05:00
(not available)
CVE-2019-10172

A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes.

Published: November 18, 2019; 12:15:11 PM -05:00
(not available)
CVE-2018-21031

Plex Media Server 1.18.2.2029-36236cc4c allows remote attackers to bypass intended access control because X-Plex-Token is mishandled, and can be retrieved from Tautulli.

Published: November 18, 2019; 12:15:10 PM -05:00
(not available)
CVE-2019-19085

A persistent cross-site scripting (XSS) vulnerability in Octopus Server 3.4.0 through 2019.10.5 allows remote authenticated attackers to inject arbitrary web script or HTML.

Published: November 18, 2019; 11:15:12 AM -05:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2019-19084

In Octopus Deploy 3.3.0 through 2019.10.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted package, triggering an exception that exposes underlying operating system details.

Published: November 18, 2019; 11:15:12 AM -05:00
V3.1: 4.3 MEDIUM
    V2: 4.0 MEDIUM
CVE-2019-17058

Footy Tipping Software AFL Web Edition 2019 allows arbitrary file upload and resultant remote code execution because a whitelist can be bypassed by an Administrator who uploads a crafted upload.dat file.

Published: November 18, 2019; 11:15:11 AM -05:00
V3.1: 9.1 CRITICAL
    V2: 6.5 MEDIUM
CVE-2019-17057

Footy Tipping Software AFL Web Edition 2019 allows XSS.

Published: November 18, 2019; 11:15:11 AM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-14467

The Social Photo Gallery plugin 1.0 for WordPress allows Remote Code Execution by creating an album and attaching a malicious PHP file in the cover photo album, because the file extension is not checked.

Published: November 18, 2019; 11:15:11 AM -05:00
(not available)
CVE-2018-13257

The bb-auth-provider-cas authentication module within Blackboard Learn 2018-07-02 is susceptible to HTTP host header spoofing during Central Authentication Service (CAS) service ticket validation, enabling a phishing attack from the CAS server login page.

Published: November 18, 2019; 11:15:11 AM -05:00
(not available)
CVE-2019-19083

Memory leaks in *clock_source_create() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption). This affects the dce112_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c, the dce100_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c, the dcn10_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c, the dcn20_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c, the dce120_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c, the dce110_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c, and the dce80_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce80/dce80_resource.c, aka CID-055e547478a1.

Published: November 18, 2019; 01:15:13 AM -05:00
V3.1: 7.5 HIGH
    V2: 7.8 HIGH
CVE-2019-19082

Memory leaks in *create_resource_pool() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption). This affects the dce120_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c, the dce110_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c, the dce100_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c, the dcn10_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c, and the dce112_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c, aka CID-104c307147ad.

Published: November 18, 2019; 01:15:13 AM -05:00
V3.1: 7.5 HIGH
    V2: 7.8 HIGH
CVE-2019-19081

A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allows attackers to cause a denial of service (memory consumption), aka CID-8ce39eb5a67a.

Published: November 18, 2019; 01:15:13 AM -05:00
V3.1: 7.5 HIGH
    V2: 7.8 HIGH
CVE-2019-19080

Four memory leaks in the nfp_flower_spawn_phy_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allow attackers to cause a denial of service (memory consumption), aka CID-8572cea1461a.

Published: November 18, 2019; 01:15:13 AM -05:00
V3.1: 7.5 HIGH
    V2: 7.8 HIGH
CVE-2019-19079

A memory leak in the qrtr_tun_write_iter() function in net/qrtr/tun.c in the Linux kernel before 5.3 allows attackers to cause a denial of service (memory consumption), aka CID-a21b7f0cff19.

Published: November 18, 2019; 01:15:13 AM -05:00
V3.1: 7.5 HIGH
    V2: 7.8 HIGH
CVE-2019-19078

A memory leak in the ath10k_usb_hif_tx_sg() function in drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-b8d17e7d93d2.

Published: November 18, 2019; 01:15:13 AM -05:00
V3.1: 7.5 HIGH
    V2: 7.8 HIGH
CVE-2019-19077

A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy to udata failures, aka CID-4a9d46a9fe14.

Published: November 18, 2019; 01:15:13 AM -05:00
V3.1: 7.5 HIGH
    V2: 7.8 HIGH
CVE-2019-19076

A memory leak in the nfp_abm_u32_knode_replace() function in drivers/net/ethernet/netronome/nfp/abm/cls.c in the Linux kernel before 5.3.6 allows attackers to cause a denial of service (memory consumption), aka CID-78beef629fd9.

Published: November 18, 2019; 01:15:13 AM -05:00
V3.1: 7.5 HIGH
    V2: 7.8 HIGH
CVE-2019-19075

A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures, aka CID-6402939ec86e.

Published: November 18, 2019; 01:15:13 AM -05:00
V3.1: 7.5 HIGH
    V2: 7.8 HIGH