National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 121,214 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2019-15291

An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver.

Published: August 20, 2019; 10:15:11 AM -04:00
(not available)
CVE-2019-15290

An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the ath6kl_usb_alloc_urb_from_pipe function in the drivers/net/wireless/ath/ath6kl/usb.c driver.

Published: August 20, 2019; 10:15:11 AM -04:00
(not available)
CVE-2019-15233

The Live:Text Box macro in the Old Street Live Input Macros app before 2.11 for Confluence has XSS, leading to theft of the Administrator Session Cookie.

Published: August 20, 2019; 10:15:11 AM -04:00
(not available)
CVE-2019-15082

The 360-product-rotation plugin before 1.4.8 for WordPress has reflected XSS.

Published: August 20, 2019; 10:15:11 AM -04:00
(not available)
CVE-2019-14687

A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. This process is very similar, yet not identical to CVE-2019-14684.

Published: August 20, 2019; 10:15:11 AM -04:00
(not available)
CVE-2019-14684

A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. This process is very similar, yet not identical to CVE-2019-14687.

Published: August 20, 2019; 10:15:11 AM -04:00
(not available)
CVE-2019-14430

plugin/Audit/Objects/AuditTable.php in YouPHPTube through 7.2 allows SQL Injection.

Published: August 20, 2019; 10:15:10 AM -04:00
(not available)
CVE-2019-11806

OX App Suite 7.10.1 and earlier has Insecure Permissions.

Published: August 20, 2019; 09:15:11 AM -04:00
(not available)
CVE-2019-11522

OX App Suite 7.10.0 to 7.10.2 allows XSS.

Published: August 20, 2019; 09:15:11 AM -04:00
(not available)
CVE-2019-11521

OX App Suite 7.10.1 allows Content Spoofing.

Published: August 20, 2019; 09:15:11 AM -04:00
(not available)
CVE-2018-20975

Fat Free CRM before 0.18.1 has XSS in the tags_helper in app/helpers/tags_helper.rb.

Published: August 20, 2019; 09:15:11 AM -04:00
(not available)
CVE-2019-12889

An unauthenticated privilege escalation exists in SailPoint Desktop Password Reset 7.2. A user with local access to only the Windows logon screen can escalate their privileges to NT AUTHORITY\System. An attacker would need local access to the machine for a successful exploit. The attacker must disconnect the computer from the local network / WAN and connect it to an internet facing access point / network. At that point, the attacker can execute the password-reset functionality, which will expose a web browser. Browsing to a site that calls local Windows system functions (e.g., file upload) will expose the local file system. From there an attacker can launch a privileged command shell.

Published: August 20, 2019; 08:15:10 AM -04:00
(not available)
CVE-2019-15239

In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to be fixed by backporting. Specifically, by adding to a write queue between disconnection and re-connection, a local attacker can trigger multiple use-after-free conditions. This can result in a kernel crash, or potentially in privilege escalation. NOTE: this affects (for example) Linux distributions that use 4.9.x longterm kernels before 4.9.190 or 4.14.x longterm kernels before 4.14.139.

Published: August 20, 2019; 04:15:11 AM -04:00
(not available)
CVE-2019-15227

FlightPath 4.8.3 has XSS in the Content, Edit urgent message, and Users sections of the Admin Console. This could lead to cookie stealing and other malicious actions.

Published: August 20, 2019; 01:15:10 AM -04:00
(not available)
CVE-2019-15237

Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks.

Published: August 19, 2019; 09:15:09 PM -04:00
(not available)
CVE-2019-15232

Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors.

Published: August 19, 2019; 08:15:10 PM -04:00
(not available)
CVE-2019-15231

Webmin 1.890, in a default installation, contains a backdoor that allows an unauthenticated attacker to remotely execute commands. This is different from CVE-2019-15107. NOTE: as of 2019-08-19, the vendor reports that "at some point" malicious code was inserted into their build infrastructure, but was not inserted into any GitHub repository.

Published: August 19, 2019; 08:15:10 PM -04:00
(not available)
CVE-2019-15229

FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page.

Published: August 19, 2019; 08:15:10 PM -04:00
(not available)
CVE-2019-15228

FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account but can also impact unauthenticated visitors.

Published: August 19, 2019; 08:15:10 PM -04:00
(not available)
CVE-2019-15225

In Envoy through 1.11.1, users may configure a route to match incoming path headers via the libstdc++ regular expression implementation. A remote attacker may send a request with a very long URI to result in a denial of service (memory consumption). This is a related issue to CVE-2019-14993.

Published: August 19, 2019; 07:15:10 PM -04:00
(not available)