National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 126,473 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2013-6880

Open redirect in proxy.php in FlashCanvas before 1.6 allows remote attackers to redirect users to arbitrary web sites and conduct cross-site scripting (XSS) attacks via the HTTP Referer header.

Published: November 22, 2019; 01:15:10 PM -05:00
(not available)
CVE-2013-6811

Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DSL-6740U gateway (Rev. H1) allow remote attackers to hijack the authentication of administrators for requests that change administrator credentials or enable remote management services to (1) Custom Services in Port Forwarding, (2) Port Triggering Entries, (3) URL Filters in Parental Control, (4) Print Server settings, (5) QoS Queue Setup, or (6) QoS Classification Entries.

Published: November 22, 2019; 01:15:10 PM -05:00
(not available)
CVE-2019-18976

An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940.

Published: November 22, 2019; 12:15:11 PM -05:00
(not available)
CVE-2019-18790

An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x, 16.x, and 17.x, and Certified Asterisk 13.21, because of an incomplete fix for CVE-2019-18351. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer's name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport.

Published: November 22, 2019; 12:15:11 PM -05:00
(not available)
CVE-2012-0877

PyXML: Hash table collisions CPU usage Denial of Service

Published: November 22, 2019; 12:15:11 PM -05:00
(not available)
CVE-2012-0812

PostfixAdmin 2.3.4 has multiple XSS vulnerabilities

Published: November 22, 2019; 12:15:11 PM -05:00
(not available)
CVE-2019-4570

IBM Tivoli Netcool Impact 7.1.0 through 7.1.0.16 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 166720.

Published: November 22, 2019; 11:15:12 AM -05:00
(not available)
CVE-2019-4569

IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.16 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 166719.

Published: November 22, 2019; 11:15:12 AM -05:00
(not available)
CVE-2019-4243

IBM SmartCloud Analytics 1.3.1 through 1.3.5 allows unauthorized disclosure of information like accessing solrconfig.xml and could allow an attacker to perform disruptive administrator tasks. IBM X-Force ID: 159517.

Published: November 22, 2019; 11:15:12 AM -05:00
(not available)
CVE-2019-4216

IBM SmartCloud Analytics 1.3.1 through 1.3.5 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM X-Force ID: 159187.

Published: November 22, 2019; 11:15:12 AM -05:00
(not available)
CVE-2019-4215

IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 159186.

Published: November 22, 2019; 11:15:12 AM -05:00
(not available)
CVE-2019-4214

IBM SmartCloud Analytics 1.3.1 through 1.3.5 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 159185.

Published: November 22, 2019; 11:15:12 AM -05:00
(not available)
CVE-2019-3428

The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a configuration error vulnerability. An attacker could directly access the management portal in HTTP, resulting in users? information leakage.

Published: November 22, 2019; 11:15:12 AM -05:00
(not available)
CVE-2019-3427

The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a code injection vulnerability. An attacker could exploit the vulnerability to inject malicious code into the management page, resulting in users? information leakage.

Published: November 22, 2019; 11:15:12 AM -05:00
(not available)
CVE-2019-19013

A CSRF vulnerability in Pagekit 1.0.17 allows an attacker to upload an arbitrary file by removing the CSRF token from a request.

Published: November 22, 2019; 11:15:12 AM -05:00
(not available)
CVE-2015-7810

libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files

Published: November 22, 2019; 10:15:11 AM -05:00
(not available)
CVE-2015-5694

Designate does not enforce the DNS protocol limit concerning record set sizes

Published: November 22, 2019; 10:15:11 AM -05:00
(not available)
CVE-2015-1780

oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center

Published: November 22, 2019; 10:15:10 AM -05:00
(not available)
CVE-2014-3585

redhat-upgrade-tool: Does not check GPG signatures when upgrading versions

Published: November 22, 2019; 10:15:10 AM -05:00
(not available)
CVE-2012-3407

plow has local buffer overflow vulnerability

Published: November 22, 2019; 10:15:10 AM -05:00
(not available)