National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 127,096 matching records.
Displaying matches 1501 through 1520.
Vuln ID Summary CVSS Severity
CVE-2019-5691

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which a NULL pointer is dereferenced, which may lead to denial of service or escalation of privileges.

Published: November 08, 2019; 09:15:11 PM -05:00
V3.1: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2019-5690

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the size of an input buffer is not validated, which may lead to denial of service or escalation of privileges.

Published: November 08, 2019; 09:15:11 PM -05:00
V3.1: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2019-5689

NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability in the Downloader component in which a user with local system access can craft input that may allow malicious files to be downloaded and saved. This behavior may lead to code execution, denial of service, or information disclosure.

Published: November 08, 2019; 09:15:11 PM -05:00
V3.1: 7.8 HIGH
    V2: 4.6 MEDIUM
CVE-2019-4645

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170881.

Published: November 08, 2019; 09:15:11 PM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-4581

IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 167239.

Published: November 08, 2019; 09:15:11 PM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-4556

IBM QRadar Advisor 1.0.0 through 2.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 166205.

Published: November 08, 2019; 09:15:11 PM -05:00
V3.1: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2019-4509

IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to incorrect authorization in some components which could allow an authenticated user to obtain sensitive information. IBM X-Force ID: 164430.

Published: November 08, 2019; 09:15:11 PM -05:00
V3.1: 4.3 MEDIUM
    V2: 4.0 MEDIUM
CVE-2019-4470

IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163779.

Published: November 08, 2019; 09:15:11 PM -05:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2019-4454

IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163618.

Published: November 08, 2019; 09:15:11 PM -05:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2019-4450

IBM i 7.2, 7.3, and 7.4 for i is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163492.

Published: November 08, 2019; 09:15:10 PM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-4412

IBM Cognos Controller stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162659.

Published: November 08, 2019; 09:15:10 PM -05:00
V3.1: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2019-4411

IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 could allow an authenticated user to obtain sensitive information due to easy to guess session identifier names. IBM X-Force ID: 162658.

Published: November 08, 2019; 09:15:10 PM -05:00
V3.1: 4.3 MEDIUM
    V2: 4.0 MEDIUM
CVE-2019-4334

IBM Cognos Analytics 11.0 and 11.1 could reveal sensitive information to an authenticated user that could be used in future attacks against the system. IBM X-Force ID: 161271.

Published: November 08, 2019; 09:15:10 PM -05:00
V3.1: 4.3 MEDIUM
    V2: 4.0 MEDIUM
CVE-2018-1721

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or cause the web server to make HTTP requests to arbitrary domains. IBM X-Force ID: 147369.

Published: November 08, 2019; 09:15:10 PM -05:00
V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2019-13543

Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device.

Published: November 08, 2019; 03:15:10 PM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-13539

Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based logons are disabled, and attackers can use the other vulnerabilities within this report to obtain local shell access and access these hashes.

Published: November 08, 2019; 03:15:10 PM -05:00
V3.1: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2019-13535

In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN?not available in the United States) version 1.20.2 and lower, the RFID security mechanism does not apply read protection, allowing for full read access of the RFID security mechanism data.

Published: November 08, 2019; 03:15:10 PM -05:00
V3.1: 4.6 MEDIUM
    V2: 2.1 LOW
CVE-2019-13531

In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN?not available in the United States) version 1.20.2 and lower, the RFID security mechanism used for authentication between the FT10/LS10 Energy Platform and instruments can be bypassed, allowing for inauthentic instruments to connect to the generator.

Published: November 08, 2019; 03:15:10 PM -05:00
V3.1: 4.6 MEDIUM
    V2: 2.1 LOW
CVE-2019-3426

The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by the input validation vulnerability. An attacker could exploit this vulnerability for unauthorized operations.

Published: November 08, 2019; 02:15:10 PM -05:00
V3.1: 8.8 HIGH
    V2: 7.5 HIGH
CVE-2019-3425

The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by vulnerability of permission and access control. An attacker could exploit this vulnerability to directly reset or change passwords of other accounts.

Published: November 08, 2019; 02:15:10 PM -05:00
V3.1: 8.8 HIGH
    V2: 7.5 HIGH