National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 122,875 matching records.
Displaying matches 1601 through 1620.
Vuln ID Summary CVSS Severity
CVE-2019-4433

IBM InfoSphere Global Name Management 5.0 and 6.0 and IBM InfoSphere Identity Insight 8.1 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162890.

Published: August 20, 2019; 03:15:16 PM -04:00
V3.0: 8.2 HIGH
    V2: 6.4 MEDIUM
CVE-2019-4425

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow a user to obtain highly sensitive information from another user by inserting links that would be clicked on by unsuspecting users. IBM X-Force ID: 162771.

Published: August 20, 2019; 03:15:12 PM -04:00
V3.0: 5.7 MEDIUM
    V2: 3.5 LOW
CVE-2019-4420

IBM Intelligent Operations Center V5.1.0 through V5.2.0 could disclose detailed error messages, revealing sensitive information that could aid in further attacks against the system. IBM X-Force ID: 162738.

Published: August 20, 2019; 03:15:12 PM -04:00
V3.0: 6.2 MEDIUM
    V2: 2.1 LOW
CVE-2019-4419

IBM Intelligent Operations Center V5.1.0 through V5.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162737.

Published: August 20, 2019; 03:15:12 PM -04:00
V3.0: 8.2 HIGH
    V2: 6.4 MEDIUM
CVE-2019-4402

IBM API Connect 2018.1 through 2018.4.1.6 developer portal could allow an unauthorized user to cause a denial of service via an unprotected API. IBM X-Force ID: 162263.

Published: August 20, 2019; 03:15:11 PM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-4310

IBM Security Guardium Big Data Intelligence 4.0 (SonarG) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161036.

Published: August 20, 2019; 03:15:11 PM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-4308

IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034.

Published: August 20, 2019; 03:15:11 PM -04:00
V3.0: 4.3 MEDIUM
    V2: 4.0 MEDIUM
CVE-2019-4294

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. IBM X-Force ID: 16188.

Published: August 20, 2019; 03:15:11 PM -04:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2019-4253

IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local privileged Informix user to load a malicious shared library and gain root access privileges. IBM X-Force ID: 159941.

Published: August 20, 2019; 03:15:11 PM -04:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2019-4117

IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158116.

Published: August 20, 2019; 03:15:11 PM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-4049

IBM MQ 9.1.0.0, 9.1.0.1, 9.1.1, and 9.1.0.2 is vulnerable to a denial of service due to a local user being able to fill up the disk space of the underlying filesystem using the error logging service. IBM X-Force ID: 156398.

Published: August 20, 2019; 03:15:11 PM -04:00
V3.0: 5.5 MEDIUM
    V2: 2.1 LOW
CVE-2019-3968

In OpenEMR 5.0.1 and earlier, an authenticated attacker can execute arbitrary commands on the host system via the Scanned Forms interface when creating a new form.

Published: August 20, 2019; 03:15:11 PM -04:00
V3.0: 8.8 HIGH
    V2: 9.0 HIGH
CVE-2019-3753

Dell EMC PowerConnect 8024, 7000, M6348, M6220, M8024 and M8024-K running firmware versions prior to 5.1.15.2 contain a plain-text password storage vulnerability. TACACS\Radius credentials are stored in plain text in the system settings menu. An authenticated malicious user with access to the system settings menu may obtain the exposed password to use it in further attacks.

Published: August 20, 2019; 03:15:11 PM -04:00
V3.0: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2019-10745

assign-deep is vulnerable to Prototype Pollution in versions before 0.4.8 and version 1.0.0. The function assign-deep could be tricked into adding or modifying properties of Object.prototype using either a constructor or a _proto_ payload.

Published: August 20, 2019; 03:15:10 PM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2018-1796

IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user to load malicious libraries and gain root privileges. IBM X-Force ID: 149426.

Published: August 20, 2019; 03:15:10 PM -04:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2018-1636

Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. IBM X-Force ID: 144441.

Published: August 20, 2019; 03:15:10 PM -04:00
V3.0: 6.7 MEDIUM
    V2: 7.2 HIGH
CVE-2018-1635

Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. IBM X-Force ID: 144439.

Published: August 20, 2019; 03:15:10 PM -04:00
V3.0: 6.7 MEDIUM
    V2: 7.2 HIGH
CVE-2018-1634

IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in infos.DBSERVERNAME. IBM X-Force ID: 144437.

Published: August 20, 2019; 03:15:10 PM -04:00
V3.0: 6.7 MEDIUM
    V2: 7.2 HIGH
CVE-2018-1633

IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onsrvapd. IBM X-Force ID: 144434.

Published: August 20, 2019; 03:15:10 PM -04:00
V3.0: 6.7 MEDIUM
    V2: 7.2 HIGH
CVE-2018-1632

IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in .infxdirs. IBM X-Force ID: 144432.

Published: August 20, 2019; 03:15:10 PM -04:00
V3.0: 6.7 MEDIUM
    V2: 7.2 HIGH