National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 127,459 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2019-4426

The Case Builder component shipped with 18.0.0.1 through 19.0.0.2 and IBM Case Manager 5.1.1 through 5.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162772.

Published: December 13, 2019; 11:15:11 AM -05:00
(not available)
CVE-2019-19787

ATasm 1.06 has a stack-based buffer overflow in the get_signed_expression() function in setparse.c via a crafted .m65 file.

Published: December 13, 2019; 11:15:11 AM -05:00
(not available)
CVE-2019-19786

ATasm 1.06 has a stack-based buffer overflow in the parse_expr() function in setparse.c via a crafted .m65 file.

Published: December 13, 2019; 11:15:11 AM -05:00
(not available)
CVE-2019-19785

ATasm 1.06 has a stack-based buffer overflow in the to_comma() function in asm.c via a crafted .m65 file.

Published: December 13, 2019; 11:15:11 AM -05:00
(not available)
CVE-2019-14344

TemaTres 3.0 has reflected XSS via the replace_string or search_string parameter to the vocab/admin.php?doAdmin=bulkReplace URI.

Published: December 13, 2019; 11:15:11 AM -05:00
(not available)
CVE-2019-5291

Some Huawei products have an insufficient verification of data authenticity vulnerability. A remote, unauthenticated attacker has to intercept specific packets between two devices, modify the packets, and send the modified packets to the peer device. Due to insufficient verification of some fields in the packets, an attacker may exploit the vulnerability to cause the target device to be abnormal.

Published: December 13, 2019; 10:15:11 AM -05:00
(not available)
CVE-2019-5290

Huawei S5700 and S6700 have a DoS security vulnerability. Attackers with certain permissions perform specific operations on affected devices. Because the pointer in the program is not processed properly, the vulnerability can be exploited to cause the device to be abnormal.

Published: December 13, 2019; 10:15:11 AM -05:00
(not available)
CVE-2019-5251

There is a path traversal vulnerability in several Huawei smartphones. The system does not sufficiently validate certain pathnames from the application. An attacker could trick the user into installing, backing up and restoring a malicious application. Successful exploit could cause information disclosure.

Published: December 13, 2019; 10:15:11 AM -05:00
(not available)
CVE-2019-5250

Mate 20 Pro smartphones with versions earlier than 9.1.0.135(C00E133R3P1) have an improper authorization vulnerability. The software does not properly restrict certain operation of certain privilege, the attacker could trick the user into installing a malicious application before the user turns on student mode function. Successful exploit could allow the attacker to bypass the limit of student mode function.

Published: December 13, 2019; 10:15:11 AM -05:00
(not available)
CVE-2019-5248

CloudEngine 12800 has a DoS vulnerability. An attacker of a neighboring device sends a large number of specific packets. As a result, a memory leak occurs after the device uses the specific packet. As a result, the attacker can exploit this vulnerability to cause DoS attacks on the target device.

Published: December 13, 2019; 10:15:11 AM -05:00
(not available)
CVE-2019-19397

There is a weak algorithm vulnerability in some Huawei products. The affected products use weak algorithms by default. Attackers may exploit the vulnerability to cause information leaks.

Published: December 13, 2019; 10:15:11 AM -05:00
(not available)
CVE-2019-17599

The quiz-master-next (aka Quiz And Survey Master) plugin before 6.3.5 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the from or till parameter (and/or the quiz_id parameter). The component is: admin/quiz-options-page.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL.

Published: December 13, 2019; 09:15:12 AM -05:00
(not available)
CVE-2014-3495

duplicity 0.6.24 has improper verification of SSL certificates

Published: December 13, 2019; 09:15:12 AM -05:00
(not available)
CVE-2014-2387

Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities

Published: December 13, 2019; 09:15:11 AM -05:00
(not available)
CVE-2014-1867

suPHP before 0.7.2 source-highlighting feature allows security bypass which could lead to arbitrary code execution

Published: December 13, 2019; 09:15:11 AM -05:00
(not available)
CVE-2019-19501

VeraCrypt 1.24 allows Local Privilege Escalation during execution of VeraCryptExpander.exe.

Published: December 13, 2019; 08:15:11 AM -05:00
(not available)
CVE-2019-18838

An issue was discovered in Envoy 1.12.0. Upon receipt of a malformed HTTP request without a Host header, it sends an internally generated "Invalid request" response. This internally generated response is dispatched through the configured encoder filter chain before being sent to the client. An encoder filter that invokes route manager APIs that access a request's Host header causes a NULL pointer dereference, resulting in abnormal termination of the Envoy process.

Published: December 13, 2019; 08:15:11 AM -05:00
(not available)
CVE-2019-18802

An issue was discovered in Envoy 1.12.0. An untrusted remote client may send an HTTP header (such as Host) with whitespace after the header content. Envoy will treat "header-value " as a different string from "header-value" so for example with the Host header "example.com " one could bypass "example.com" matchers.

Published: December 13, 2019; 08:15:11 AM -05:00
(not available)
CVE-2019-18801

An issue was discovered in Envoy 1.12.0. An untrusted remote client may send HTTP/2 requests that write to the heap outside of the request buffers when the upstream is HTTP/1. This may be used to corrupt nearby heap contents (leading to a query-of-death scenario) or may be used to bypass Envoy's access control mechanisms such as path based routing. An attacker can also modify requests from other users that happen to be proximal temporally and spatially.

Published: December 13, 2019; 08:15:11 AM -05:00
(not available)
CVE-2019-13347

An issue was discovered in the SAML Single Sign On (SSO) plugin for several Atlassian products affecting versions 3.1.0 through 3.2.2 for Jira and Confluence, versions 2.4.0 through 3.0.3 for Bitbucket, and versions 2.4.0 through 2.5.2 for Bamboo. It allows locally disabled users to reactivate their accounts just by browsing the affected Jira/Confluence/Bitbucket/Bamboo instance, even when the applicable configuration option of the plugin has been disabled ("Reactivate inactive users"). Exploiting this vulnerability requires an attacker to be authorized by the identity provider and requires that the plugin's configuration option "User Update Method" have the "Update from SAML Attributes" value.

Published: December 13, 2019; 08:15:11 AM -05:00
(not available)