National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 127,097 matching records.
Displaying matches 221 through 240.
Vuln ID Summary CVSS Severity
CVE-2019-12394

Anviz access control devices allow unverified password change which allows remote attackers to change the administrator password without prior authentication.

Published: December 02, 2019; 12:15:12 PM -05:00
(not available)
CVE-2019-12393

Anviz access control devices are vulnerable to replay attacks which could allow attackers to intercept and replay open door requests.

Published: December 02, 2019; 12:15:11 PM -05:00
(not available)
CVE-2019-12392

Anviz access control devices allow remote attackers to issue commands without a password.

Published: December 02, 2019; 12:15:11 PM -05:00
(not available)
CVE-2019-12391

The Anviz Management System for access control has insufficient logging for device events such as door open requests.

Published: December 02, 2019; 12:15:11 PM -05:00
(not available)
CVE-2019-12390

Anviz access control devices expose private Information (pin code and name) by allowing remote attackers to query this information without credentials via port tcp/5010.

Published: December 02, 2019; 12:15:11 PM -05:00
(not available)
CVE-2019-12389

Anviz access control devices expose credentials (names and passwords) by allowing remote attackers to query this information without credentials via port tcp/5010.

Published: December 02, 2019; 12:15:11 PM -05:00
(not available)
CVE-2019-12388

Anviz access control devices perform cleartext transmission of sensitive information (passwords/pins and names) when replying to query on port tcp/5010.

Published: December 02, 2019; 12:15:11 PM -05:00
(not available)
CVE-2019-19502

pluginconfig.php in the Image Uploader and Browser plugin before 4.1.9 for CKEditor mishandles certain characters in pathnames.

Published: December 02, 2019; 11:15:12 AM -05:00
(not available)
CVE-2019-15628

Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) is affected by a DLL hijacking vulnerability that could allow an attacker to use a specific service as an execution and/or persistence mechanism which could execute a malicious program each time the service is started.

Published: December 02, 2019; 11:15:12 AM -05:00
(not available)
CVE-2019-19245

NAPC Xinet Elegant 6 Asset Library 6.1.655 allows Pre-Authentication SQL Injection via the /elegant6/login LoginForm[username] field when double quotes are used.

Published: December 02, 2019; 09:15:10 AM -05:00
(not available)
CVE-2019-19118

Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests, for updating the inline model. Directly editing the view-only parent model was not possible, but the parent model's save() method was called, triggering potential side effects, and causing pre and post-save signal handlers to be invoked. (To resolve this, the Django admin is adjusted to require edit permissions on the parent model in order for inline models to be editable.)

Published: December 02, 2019; 09:15:10 AM -05:00
(not available)
CVE-2019-19496

Alfresco Enterprise before 5.2.5 allows stored XSS via an uploaded HTML document.

Published: December 01, 2019; 11:15:10 PM -05:00
(not available)
CVE-2019-19493

Kentico before 12.0.50 allows file uploads in which the Content-Type header is inconsistent with the file extension, leading to XSS.

Published: December 01, 2019; 10:15:11 PM -05:00
(not available)
CVE-2019-19362

An issue was discovered in the Chat functionality of the TeamViewer desktop application 14.3.4730 on Windows. (The vendor states that it was later fixed.) Upon login, every communication is saved within Windows main memory. When a user logs out or deletes conversation history (but does not exit the application), this data is not wiped from main memory, and therefore could be read by a local user with the same or greater privileges.

Published: December 01, 2019; 10:15:11 PM -05:00
(not available)
CVE-2019-19492

FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml.

Published: December 01, 2019; 09:15:13 PM -05:00
(not available)
CVE-2019-19491

TestLink 1.9.19 has XSS via the lib/testcases/archiveData.php edit parameter, the index.php reqURI parameter, or the URI in a lib/testcases/tcEdit.php?doAction=doDeleteStep request.

Published: December 01, 2019; 09:15:13 PM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-19490

LiteManager 4.5.0 has weak permissions (Everyone: Full Control) in the "LiteManagerFree - Server" folder, as demonstrated by ROMFUSClient.exe.

Published: December 01, 2019; 09:15:13 PM -05:00
(not available)
CVE-2019-19489

SMPlayer 19.5.0 has a buffer overflow via a long .m3u file.

Published: December 01, 2019; 09:15:13 PM -05:00
(not available)
CVE-2019-15631

Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code.

Published: December 01, 2019; 09:15:10 PM -05:00
(not available)
CVE-2019-19481

An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates.

Published: December 01, 2019; 06:15:10 PM -05:00
(not available)