National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 124,690 matching records.
Displaying matches 101 through 120.
Vuln ID Summary CVSS Severity
CVE-2019-14424

A Local File Inclusion (LFI) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to read sensitive files via a simple HTTP Request.

Published: October 17, 2019; 10:15:10 AM -04:00
(not available)
CVE-2019-14423

A Remote Code Execution (RCE) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to execute system commands as root remotely via a simple HTTP request.

Published: October 17, 2019; 10:15:10 AM -04:00
(not available)
CVE-2019-17676

app/system/admin/admin/index.class.php in MetInfo 7.0.0beta allows a CSRF attack to add a user account via a doSaveSetup action to admin/index.php, as demonstrated by an admin/?n=admin&c=index&a=doSaveSetup URI.

Published: October 17, 2019; 09:15:11 AM -04:00
(not available)
CVE-2019-17675

WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF.

Published: October 17, 2019; 09:15:11 AM -04:00
(not available)
CVE-2019-17674

WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripting) via the Customizer.

Published: October 17, 2019; 09:15:11 AM -04:00
(not available)
CVE-2019-17673

WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin header.

Published: October 17, 2019; 09:15:11 AM -04:00
(not available)
CVE-2019-17672

WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements.

Published: October 17, 2019; 09:15:11 AM -04:00
(not available)
CVE-2019-17671

In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled.

Published: October 17, 2019; 09:15:10 AM -04:00
(not available)
CVE-2019-17670

WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative URLs.

Published: October 17, 2019; 09:15:10 AM -04:00
(not available)
CVE-2019-17669

WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters.

Published: October 17, 2019; 09:15:10 AM -04:00
(not available)
CVE-2019-17668

Samsung Galaxy S10 and Note10 devices allow unlock operations via unregistered fingerprints in certain situations involving a third-party screen protector.

Published: October 17, 2019; 08:15:12 AM -04:00
(not available)
CVE-2019-17667

Comtech H8 Heights Remote Gateway 2.5.1 devices allow XSS and HTML injection via the Site Name (aka SiteName) field.

Published: October 17, 2019; 07:15:11 AM -04:00
(not available)
CVE-2019-17666

rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.

Published: October 16, 2019; 10:15:13 PM -04:00
(not available)
CVE-2019-17611

HongCMS 3.0.0 has XSS via the install/index.php tableprefix parameter.

Published: October 16, 2019; 06:15:10 PM -04:00
(not available)
CVE-2019-17610

HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter.

Published: October 16, 2019; 06:15:10 PM -04:00
(not available)
CVE-2019-17609

HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter.

Published: October 16, 2019; 06:15:10 PM -04:00
(not available)
CVE-2019-17608

HongCMS 3.0.0 has XSS via the install/index.php dbname parameter.

Published: October 16, 2019; 06:15:10 PM -04:00
(not available)
CVE-2019-17607

HongCMS 3.0.0 has XSS via the install/index.php servername parameter.

Published: October 16, 2019; 06:15:10 PM -04:00
(not available)
CVE-2019-17665

NSA Ghidra before 9.0.2 is vulnerable to DLL hijacking because it loads jansi.dll from the current working directory.

Published: October 16, 2019; 04:15:11 PM -04:00
(not available)
CVE-2019-17664

NSA Ghidra through 9.0.4 uses a potentially untrusted search path. When executing Ghidra from a given path, the Java process working directory is set to this path. Then, when launching the Python interpreter via the "Ghidra Codebrowser > Window > Python" option, Ghidra will try to execute the cmd.exe program from this working directory.

Published: October 16, 2019; 04:15:11 PM -04:00
(not available)