Search Results (Refine Search)
- Results Type: Overview
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2019-19998 |
Xiuno BBS 4.0 allows XXE via plugin/xn_wechat_public/route/token.php. Published: December 25, 2019; 11:15:10 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-19985 |
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed unauthenticated file download with user information disclosure. Published: December 25, 2019; 10:15:11 PM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2019-19984 |
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed users with edit_post capabilities to manage plugin settings and email campaigns. Published: December 25, 2019; 10:15:11 PM -0500 |
V4.0:(not available) V3.1: 6.3 MEDIUM V2.0: 6.5 MEDIUM |
CVE-2019-19983 |
In the WordPress plugin, Fast Velocity Minify before 2.7.7, the full web root path to the running WordPress application can be discovered. In order to exploit this vulnerability, FVM Debug Mode needs to be enabled and an admin-ajax request needs to call the fastvelocity_min_files action. Published: December 25, 2019; 10:15:11 PM -0500 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0: 3.5 LOW |
CVE-2019-19982 |
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed for unauthenticated option creation. In order to exploit this vulnerability, an attacker would need to send a /wp-admin/admin-post.php?es_skip=1&option_name= request. Published: December 25, 2019; 10:15:11 PM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2019-19981 |
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed for CSRF to be exploited on all plugin settings. Published: December 25, 2019; 10:15:11 PM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-19980 |
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a privilege bypass flaw that allowed authenticated users (Subscriber or greater access) to send test emails from the administrative dashboard on behalf of an administrator. This occurs because the plugin registers a wp_ajax function to send_test_email. Published: December 25, 2019; 10:15:11 PM -0500 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2019-19979 |
A flaw in the WordPress plugin, WP Maintenance before 5.0.6, allowed attackers to enable a vulnerable site's maintenance mode and inject malicious code affecting site visitors. There was CSRF with resultant XSS. Published: December 25, 2019; 10:15:11 PM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-19977 |
libESMTP through 1.0.6 mishandles domain copying into a fixed-size buffer in ntlm_build_type_2 in ntlm/ntlmstruct.c, as demonstrated by a stack-based buffer over-read. Published: December 25, 2019; 8:15:10 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-18288 |
CrushFTP through 8.3.0 is vulnerable to credentials theft via URL redirection. Published: December 25, 2019; 8:15:10 PM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 5.8 MEDIUM |
CVE-2019-19967 |
The Administration page on Connect Box EuroDOCSIS 3.0 Voice Gateway CH7465LG-NCIP-6.12.18.25-2p6-NOSH devices accepts a cleartext password in a POST request on port 80, as demonstrated by the Password field to the xml/setter.xml URI. Published: December 25, 2019; 5:15:11 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-19966 |
In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655. Published: December 24, 2019; 11:15:12 PM -0500 |
V4.0:(not available) V3.1: 4.6 MEDIUM V2.0: 2.1 LOW |
CVE-2019-19965 |
In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5. Published: December 24, 2019; 11:15:12 PM -0500 |
V4.0:(not available) V3.1: 4.7 MEDIUM V2.0: 1.9 LOW |
CVE-2019-19963 |
An issue was discovered in wolfSSL before 4.3.0 in a non-default configuration where DSA is enabled. DSA signing uses the BEEA algorithm during modular inversion of the nonce, leading to a side-channel attack against the nonce. Published: December 24, 2019; 7:15:10 PM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-19962 |
wolfSSL before 4.3.0 mishandles calls to wc_SignatureGenerateHash, leading to fault injection in RSA cryptography. Published: December 24, 2019; 7:15:10 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-19960 |
In wolfSSL before 4.3.0, wc_ecc_mulmod_ex does not properly resist side-channel attacks. Published: December 24, 2019; 7:15:10 PM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-5702 |
NVIDIA GeForce Experience, all versions prior to 3.20.2, contains a vulnerability when GameStream is enabled in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges. Published: December 24, 2019; 5:15:11 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 4.4 MEDIUM |
CVE-2019-19958 |
In libIEC61850 1.4.0, StringUtils_createStringFromBuffer in common/string_utilities.c has an integer signedness issue that could lead to an attempted excessive memory allocation and denial of service. Published: December 24, 2019; 5:15:11 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-19957 |
In libIEC61850 1.4.0, getNumberOfElements in mms/iso_mms/server/mms_access_result.c has an out-of-bounds read vulnerability, related to bufPos and elementLength. Published: December 24, 2019; 5:15:11 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-10758 |
mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. A misuse of the `vm` dependency to perform `exec` commands in a non-safe environment. Published: December 24, 2019; 5:15:11 PM -0500 |
V4.0:(not available) V3.1: 9.9 CRITICAL V2.0: 9.0 HIGH |