National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 127,051 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2019-7193

This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. To fix the vulnerability, QNAP recommend updating QTS to their latest versions.

Published: December 05, 2019; 12:15:13 PM -05:00
(not available)
CVE-2019-7192

This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions.

Published: December 05, 2019; 12:15:12 PM -05:00
(not available)
CVE-2019-7185

This cross-site scripting (XSS) vulnerability in Music Station allows remote attackers to inject and execute scripts on the administrator´┐Żs management console. To fix this vulnerability, QNAP recommend updating Music Station to their latest versions.

Published: December 05, 2019; 12:15:12 PM -05:00
(not available)
CVE-2019-7184

This cross-site scripting (XSS) vulnerability in Video Station allows remote attackers to inject and execute scripts on the administrator´┐Żs management console. To fix this vulnerability, QNAP recommend updating Video Station to their latest versions.

Published: December 05, 2019; 12:15:12 PM -05:00
(not available)
CVE-2019-7183

This improper link resolution vulnerability allows remote attackers to access system files. To fix this vulnerability, QNAP recommend updating QTS to their latest versions.

Published: December 05, 2019; 12:15:12 PM -05:00
(not available)
CVE-2019-19466

SCEditor 2.1.3 allows XSS.

Published: December 05, 2019; 12:15:12 PM -05:00
(not available)
CVE-2013-0326

OpenStack nova base images permissions are world readable

Published: December 05, 2019; 12:15:11 PM -05:00
(not available)
CVE-2013-0283

Katello: Username in Notification page has cross site scripting

Published: December 05, 2019; 12:15:11 PM -05:00
(not available)
CVE-2019-3690

The chkstat tool in the permissions package followed symlinks before commit a9e1d26cd49ef9ee0c2060c859321128a6dd4230 (please also check the additional hardenings after this fix). This allowed local attackers with control over a path that is traversed by chkstat to escalate privileges.

Published: December 05, 2019; 11:15:11 AM -05:00
(not available)
CVE-2019-19595

reset/modules/advanced_form_maker_edit/multiupload/upload.php in the RESET.PRO Adobe Stock API integration 4.8 for PrestaShop allows remote attackers to execute arbitrary code by uploading a .php file.

Published: December 05, 2019; 11:15:11 AM -05:00
(not available)
CVE-2019-19594

reset/modules/fotoliaFoto/multi_upload.php in the RESET.PRO Adobe Stock API Integration for PrestaShop 1.6 and 1.7 allows remote attackers to execute arbitrary code by uploading a .php file.

Published: December 05, 2019; 11:15:11 AM -05:00
(not available)
CVE-2019-19007

Intelbras IWR 3000N 1.8.7 devices allow disclosure of the administrator login name and password because v1/system/user is mishandled, a related issue to CVE-2019-17600.

Published: December 05, 2019; 11:15:10 AM -05:00
(not available)
CVE-2019-15897

beegfs-ctl in ThinkParQ BeeGFS through 7.1.3 allows Authentication Bypass via communication with a BeeGFS metadata server (which is typically not exposed to external networks).

Published: December 05, 2019; 11:15:10 AM -05:00
(not available)
CVE-2019-11255

Improper input validation in Kubernetes CSI sidecar containers for external-provisioner (<v0.4.3, <v1.0.2, v1.1, <v1.2.2, <v1.3.1), external-snapshotter (<v0.4.2, <v1.0.2, v1.1, <1.2.2), and external-resizer (v0.1, v0.2) could result in unauthorized PersistentVolume data access or volume mutation during snapshot, restore from snapshot, cloning and resizing operations.

Published: December 05, 2019; 11:15:10 AM -05:00
(not available)
CVE-2018-1002102

Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificate credentials for authenticating to the Kubelet.

Published: December 05, 2019; 11:15:10 AM -05:00
(not available)
CVE-2013-0243

haskell-tls-extra before 0.6.1 has Basic Constraints attribute vulnerability may lead to Man in the Middle attacks on TLS connections

Published: December 05, 2019; 11:15:10 AM -05:00
(not available)
CVE-2019-18180

Improper Check for filenames with overly long extensions in PostMaster (sending in email) or uploading files (e.g. attaching files to mails) of ((OTRS)) Community Edition and OTRS allows an remote attacker to cause an endless loop. This issue affects: OTRS AG: ((OTRS)) Community Edition 5.0.x version 5.0.38 and prior versions; 6.0.x version 6.0.23 and prior versions. OTRS AG: OTRS 7.0.x version 7.0.12 and prior versions.

Published: December 05, 2019; 10:15:11 AM -05:00
(not available)
CVE-2019-17437

An improper authentication check in Palo Alto Networks PAN-OS may allow an authenticated low privileged non-superuser custom role user to elevate privileges and become superuser. This issue affects PAN-OS 7.1 versions prior to 7.1.25; 8.0 versions prior to 8.0.20; 8.1 versions prior to 8.1.11; 9.0 versions prior to 9.0.5. PAN-OS version 7.0 and prior EOL versions have not been evaluated for this issue.

Published: December 05, 2019; 10:15:11 AM -05:00
(not available)
CVE-2019-14910

A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server (ldaps), in this case user authentication succeeds even if invalid password has entered.

Published: December 05, 2019; 10:15:11 AM -05:00
(not available)
CVE-2013-0163

OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS

Published: December 05, 2019; 10:15:11 AM -05:00
(not available)