National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 127,108 matching records.
Displaying matches 201 through 220.
Vuln ID Summary CVSS Severity
CVE-2013-4486

Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging

Published: December 03, 2019; 10:15:12 AM -05:00
V3.1: 9.8 CRITICAL
    V2: 6.8 MEDIUM
CVE-2013-4411

Review Board: URL processing gives unauthorized users access to review lists

Published: December 03, 2019; 10:15:11 AM -05:00
(not available)
CVE-2013-4235

shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees

Published: December 03, 2019; 10:15:10 AM -05:00
(not available)
CVE-2013-2228

SaltStack RSA Key Generation allows remote users to decrypt communications

Published: December 03, 2019; 09:15:10 AM -05:00
(not available)
CVE-2013-2106

webauth before 4.6.1 has authentication credential disclosure

Published: December 03, 2019; 09:15:10 AM -05:00
(not available)
CVE-2013-2103

OpenShift cartridge allows remote URL retrieval

Published: December 03, 2019; 09:15:09 AM -05:00
(not available)
CVE-2013-2101

Katello has multiple XSS issues in various entities

Published: December 03, 2019; 09:15:09 AM -05:00
(not available)
CVE-2019-3666

API Abuse/Misuse vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to navigate to restricted websites via a carefully crafted web site.

Published: December 03, 2019; 06:15:11 AM -05:00
(not available)
CVE-2019-3665

Code Injection vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to render a website which Web Advisor would normally have blocked via a carefully crafted web site.

Published: December 03, 2019; 06:15:10 AM -05:00
(not available)
CVE-2019-19516

Intelbras WRN 150 1.0.18 devices allow CSRF via GO=system_password.asp to the goform/SysToolChangePwd URI to change a password.

Published: December 02, 2019; 06:15:11 PM -05:00
(not available)
CVE-2019-19316

When using the Azure backend with a shared access signature (SAS), Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP.

Published: December 02, 2019; 04:15:16 PM -05:00
(not available)
CVE-2019-15689

Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege escalation. Possible whitelisting bypass some of the security products

Published: December 02, 2019; 04:15:16 PM -05:00
(not available)
CVE-2012-5562

rhn-proxy: may transmit credentials over clear-text when accessing RHN Satellite

Published: December 02, 2019; 02:15:11 PM -05:00
(not available)
CVE-2014-9356

Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile.

Published: December 02, 2019; 01:15:10 PM -05:00
(not available)
CVE-2013-4410

ReviewBoard: has an access-control problem in REST API

Published: December 02, 2019; 01:15:10 PM -05:00
(not available)
CVE-2012-4576

FreeBSD: Input Validation Flaw allows local users to gain elevated privileges

Published: December 02, 2019; 01:15:10 PM -05:00
(not available)
CVE-2012-4526

piwigo has XSS in password.php (incomplete fix for CVE-2012-4525)

Published: December 02, 2019; 01:15:09 PM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2012-4525

piwigo has XSS in password.php

Published: December 02, 2019; 01:15:09 PM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2012-4480

mom creates world-writable pid files in /var/run

Published: December 02, 2019; 01:15:09 PM -05:00
(not available)
CVE-2012-4428

openslp: SLPIntersectStringList()' Function has a DoS vulnerability

Published: December 02, 2019; 01:15:09 PM -05:00
(not available)