National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 129,698 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2019-15278

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to bypass authorization and access sensitive information related to the device. The vulnerability exists because the software fails to sanitize URLs before it handles requests. An attacker could exploit this vulnerability by submitting a crafted URL. A successful exploit could allow the attacker to gain unauthorized access to sensitive information.

Published: January 26, 2020; 12:15:11 AM -05:00
(not available)
CVE-2019-15255

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access sensitive information related to the device. The vulnerability exists because the software fails to sanitize URLs before it handles requests. An attacker could exploit this vulnerability by submitting a crafted URL. A successful exploit could allow the attacker to gain unauthorized access to sensitive information.

Published: January 26, 2020; 12:15:11 AM -05:00
(not available)
CVE-2019-12629

A vulnerability in the WebUI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient input validation of data parameters for certain fields in the affected solution. An attacker could exploit this vulnerability by configuring a malicious username on the login page of the affected solution. A successful exploit could allow the attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system.

Published: January 26, 2020; 12:15:11 AM -05:00
(not available)
CVE-2019-12619

A vulnerability in the web interface for Cisco SD-WAN Solution vManage could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input that includes SQL statements to an affected system. A successful exploit could allow the attacker to modify entries in some database tables, affecting the integrity of the data.

Published: January 26, 2020; 12:15:10 AM -05:00
(not available)
CVE-2020-7981

sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection when within_bounding_box is used in conjunction with untrusted sw_lat, sw_lng, ne_lat, or ne_lng data.

Published: January 25, 2020; 03:15:09 PM -05:00
(not available)
CVE-2020-7980

Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed.

Published: January 25, 2020; 02:15:12 PM -05:00
(not available)
CVE-2020-7596

Codecov npm module before 3.6.2 allows remote attackers to execute arbitrary commands via the "gcov-args" argument.

Published: January 25, 2020; 02:15:12 PM -05:00
(not available)
CVE-2013-1744

IRIS citations management tool through 1.3 allows remote attackers to execute arbitrary commands.

Published: January 25, 2020; 02:15:11 PM -05:00
(not available)
CVE-2012-6613

D-Link DSR-250N devices with firmware 1.05B73_WW allow Persistent Root Access because of the admin password for the admin account.

Published: January 25, 2020; 02:15:11 PM -05:00
(not available)
CVE-2012-6494

Rapid7 Nexpose before 5.5.4 contains a session hijacking vulnerability which allows remote attackers to capture a user's session and gain unauthorized access.

Published: January 25, 2020; 02:15:10 PM -05:00
(not available)
CVE-2012-6345

Novell ZENworks Configuration Management before 11.2.4 allows obtaining sensitive trace information.

Published: January 25, 2020; 02:15:10 PM -05:00
(not available)
CVE-2012-6344

Novell ZENworks Configuration Management before 11.2.4 allows XSS.

Published: January 25, 2020; 02:15:10 PM -05:00
(not available)
CVE-2019-5183

An exploitable type confusion vulnerability exists in AMD ATIDXX64.DLL driver, versions 26.20.13031.10003, 26.20.13031.15006 and 26.20.13031.18002. A specially crafted pixel shader can cause a type confusion issue, leading to potential code execution. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.

Published: January 25, 2020; 01:15:12 PM -05:00
(not available)
CVE-2019-5147

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13003.1007. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.

Published: January 25, 2020; 01:15:12 PM -05:00
(not available)
CVE-2019-5146

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13025.10004. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.

Published: January 25, 2020; 01:15:12 PM -05:00
(not available)
CVE-2019-5124

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.50005. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.

Published: January 25, 2020; 01:15:12 PM -05:00
(not available)
CVE-2020-5226

Cross-site scripting in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script allows error reports to be submitted and sent to the system administrator. Starting with SimpleSAMLphp 1.18.0, a new SimpleSAML\Utils\EMail class was introduced to handle sending emails, implemented as a wrapper of an external dependency. This new wrapper allows us to use Twig templates in order to create the email sent with an error report. Since Twig provides automatic escaping of variables, manual escaping of the free-text field in www/errorreport.php was removed to avoid double escaping. However, for those not using the new user interface yet, an email template is hardcoded into the class itself in plain PHP. Since no escaping is provided in this template, it is then possible to inject HTML inside the template by manually crafting the contents of the free-text field.

Published: January 24, 2020; 05:15:23 PM -05:00
(not available)
CVE-2015-9541

Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.

Published: January 24, 2020; 05:15:12 PM -05:00
(not available)
CVE-2014-9630

The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation approach with a size determined by arbitrary input data, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted length value.

Published: January 24, 2020; 05:15:12 PM -05:00
(not available)
CVE-2014-9629

Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted length value.

Published: January 24, 2020; 05:15:12 PM -05:00
(not available)