National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 127,151 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2019-4663

IBM WebSphere Application Server - Liberty is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171245.

Published: December 10, 2019; 11:15:13 AM -05:00
(not available)
CVE-2019-4521

Platform System Manager in IBM Cloud Pak System 2.3 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 165179.

Published: December 10, 2019; 11:15:13 AM -05:00
(not available)
CVE-2019-4244

IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote attacker to gain unauthorized information and unrestricted control over Zookeeper installations due to missing authentication. IBM X-Force ID: 159518.

Published: December 10, 2019; 11:15:13 AM -05:00
(not available)
CVE-2019-4095

IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158015.

Published: December 10, 2019; 11:15:13 AM -05:00
(not available)
CVE-2019-19251

The Last.fm desktop app (Last.fm Scrobbler) through 2.1.39 on macOS makes HTTP requests that include an API key without the use of SSL/TLS. Although there is an Enable SSL option, it is disabled by default, and cleartext requests are made as soon as the app starts.

Published: December 10, 2019; 10:15:12 AM -05:00
(not available)
CVE-2016-1000108

yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.

Published: December 10, 2019; 10:15:11 AM -05:00
(not available)
CVE-2013-4184

Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks

Published: December 10, 2019; 10:15:11 AM -05:00
(not available)
CVE-2013-4133

kde-workspace before 4.10.5 has a memory leak in plasma desktop

Published: December 10, 2019; 10:15:11 AM -05:00
(not available)
CVE-2013-4120

Katello has a Denial of Service vulnerability in API OAuth authentication

Published: December 10, 2019; 10:15:11 AM -05:00
(not available)
CVE-2013-2183

Monkey HTTP Daemon has local security bypass

Published: December 10, 2019; 10:15:11 AM -05:00
(not available)
CVE-2013-2167

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass

Published: December 10, 2019; 10:15:11 AM -05:00
(not available)
CVE-2013-2166

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass

Published: December 10, 2019; 10:15:11 AM -05:00
(not available)
CVE-2013-2159

Monkey HTTP Daemon: broken user name authentication

Published: December 10, 2019; 10:15:11 AM -05:00
(not available)
CVE-2014-3656

JBoss KeyCloak: XSS in login-status-iframe.html

Published: December 10, 2019; 09:15:11 AM -05:00
(not available)
CVE-2013-2095

rubygem-openshift-origin-controller: API can be used to create applications via cartridge_cache.rb URI.prase() to perform command injection

Published: December 10, 2019; 09:15:10 AM -05:00
(not available)
CVE-2013-1793

openstack-utils openstack-db has insecure password creation

Published: December 10, 2019; 09:15:10 AM -05:00
(not available)
CVE-2013-0293

oVirt Node: Lock screen accepts F2 to drop to shell causing privilege escalation

Published: December 10, 2019; 09:15:10 AM -05:00
(not available)
CVE-2019-19698

marc-q libwav through 2017-04-20 has a NULL pointer dereference in wav_content_read() at libwav.c.

Published: December 10, 2019; 02:15:11 AM -05:00
(not available)
CVE-2019-4621

IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2018.4.1.5 have a default administrator account that is enabled if the IPMI LAN channel is enabled. A remote attacker could use this account to gain unauthorised access to the BMC. IBM X-Force ID: 168883.

Published: December 09, 2019; 06:15:11 PM -05:00
(not available)
CVE-2019-4612

IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 168523.

Published: December 09, 2019; 06:15:11 PM -05:00
(not available)