National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 127,097 matching records.
Displaying matches 1601 through 1620.
Vuln ID Summary CVSS Severity
CVE-2019-16873

Portainer before 1.22.1 has XSS (issue 1 of 2).

Published: November 07, 2019; 10:15:10 AM -05:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2019-12331

PHPOffice PhpSpreadsheet before 1.8.0 has an XXE issue. The XmlScanner decodes the sheet1.xml from an .xlsx to utf-8 if something else than UTF-8 is declared in the header. This was a security measurement to prevent CVE-2018-19277 but the fix is not sufficient. By double-encoding the the xml payload to utf-7 it is possible to bypass the check for the string ?<!ENTITY? and thus allowing for an xml external entity processing (XXE) attack.

Published: November 07, 2019; 10:15:10 AM -05:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-18805

An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.

Published: November 07, 2019; 09:15:11 AM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2019-18804

DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp.

Published: November 07, 2019; 01:15:10 AM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-15004

The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability.

Published: November 06, 2019; 11:15:10 PM -05:00
V3.1: 7.5 HIGH
    V2: 4.3 MEDIUM
CVE-2019-15003

The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via authorization bypass. Note that when the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability.

Published: November 06, 2019; 11:15:10 PM -05:00
V3.1: 5.3 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-16401

Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G955USQU5CRG3, Baseband Vendor: Qualcomm Snapdragon 835, Baseband: G955USQU5CRG3), Samsung Galaxy S3 (Android version: 4.3, Build Number: JSS15J.I9300XXUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: I9300XXUGNA8), and Samsung Galaxy Note 2 (Android version: 4.3, Build Number: JSS15J.I9300XUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: N7100DDUFND1) devices allow injection of AT+CIMI and AT+CGSN over Bluetooth, leaking sensitive information such as IMSI, IMEI, call status, call setup stage, internet service status, signal strength, current roaming status, battery level, and call held status.

Published: November 06, 2019; 06:15:10 PM -05:00
V3.1: 6.5 MEDIUM
    V2: 3.3 LOW
CVE-2019-16400

Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G955USQU5CRG3, Baseband Vendor: Qualcomm Snapdragon 835, Baseband: G955USQU5CRG3), Samsung Galaxy S3 (Android version: 4.3, Build Number: JSS15J.I9300XXUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: I9300XXUGNA8), and Samsung Galaxy Note 2 (Android version: 4.3, Build Number: JSS15J.I9300XUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: N7100DDUFND1) devices allow attackers to send AT commands over Bluetooth, resulting in several Denial of Service (DoS) attacks.

Published: November 06, 2019; 06:15:10 PM -05:00
V3.1: 6.5 MEDIUM
    V2: 3.3 LOW
CVE-2019-18411

Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the users' profile information page. Users who are attacked with this vulnerability will be forced to modify their enrolled information, such as email and mobile phone, unintentionally. Attackers could use the reset password function and control the system to send the authentication code back to the channel that the attackers own.

Published: November 06, 2019; 05:15:10 PM -05:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-12419

Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service. There is a vulnerability in the access token services, where it does not validate that the authenticated principal is equal to that of the supplied clientId parameter in the request. If a malicious client was able to somehow steal an authorization code issued to another client, then they could exploit this vulnerability to obtain an access token for the other client.

Published: November 06, 2019; 04:15:11 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2019-12406

Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. This leaves open the possibility of a denial of service type attack, where a malicious user crafts a message containing a very large number of message attachments. From the 3.3.4 and 3.2.11 releases, a default limit of 50 message attachments is enforced. This is configurable via the message property "attachment-max-count".

Published: November 06, 2019; 04:15:11 PM -05:00
V3.1: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2014-9014

Directory traversal vulnerability in the ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin before 2.4.1 for WordPress allows remote authenticated users to download arbitrary files via a .. (dot dot) in the file parameter.

Published: November 06, 2019; 04:15:10 PM -05:00
V3.1: 4.3 MEDIUM
    V2: 4.0 MEDIUM
CVE-2014-9013

The ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin 2.4.0 for WordPress allows remote authenticated users to create arbitrary users and gain admin privileges via a request to wpmp_pp_ajax_call with an execution target of wp_insert_user.

Published: November 06, 2019; 04:15:10 PM -05:00
V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2011-2808

A stale layout root is set as an input element in WebKit in Google Chrome before Blink M13 when a child of a keygen with autofocus is accessed.

Published: November 06, 2019; 04:15:10 PM -05:00
V3.1: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-5125

An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20. A specially crafted J2K image file can cause an out of bounds write of a heap buffer, potentially resulting in code execution. An attack can specially craft a J2K image to trigger this vulnerability.

Published: November 06, 2019; 03:15:10 PM -05:00
V3.1: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-5100

An exploitable integer overflow vulnerability exists in the BMP header parsing functionality of LEADTOOLS 20. A specially crafted BMP image file can cause an integer overflow, potentially resulting in code execution. An attacker can specially craft a BMP image to trigger this vulnerability.

Published: November 06, 2019; 03:15:10 PM -05:00
V3.1: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-5099

An exploitable integer underflow vulnerability exists in the CMP-parsing functionality of LEADTOOLS 20. A specially crafted CMP image file can cause an integer underflow, potentially resulting in code execution. An attacker can specially craft a CMP image to trigger this vulnerability.

Published: November 06, 2019; 03:15:10 PM -05:00
V3.1: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-5084

An exploitable heap out-of-bounds write vulnerability exists in the TIF-parsing functionality of LEADTOOLS 20. A specially crafted TIF image can cause an offset beyond the bounds of a heap allocation to be written, potentially resulting in code execution. An attacker can specially craft a TIF image to trigger this vulnerability.

Published: November 06, 2019; 03:15:10 PM -05:00
V3.1: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2018-20853

An issue was discovered in the MailPoet Newsletters (aka wysija-newsletters) plugin before 2.8.2 for WordPress. The plugin is vulnerable to SPAM attacks.

Published: November 06, 2019; 03:15:09 PM -05:00
V3.1: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2014-3180

** DISPUTED ** In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting compat_sys_nanosleep. NOTE: this is disputed because the code path is unreachable.

Published: November 06, 2019; 03:15:09 PM -05:00
V3.1: 9.1 CRITICAL
    V2: 6.4 MEDIUM