Search Results (Refine Search)
- Results Type: Overview
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2019-6468 |
In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can occur in versions which support EDNS Client Subnet (ECS) features. In those versions which have ECS support, enabling nxdomain-redirect is likely to lead to BIND exiting due to assertion failure. Versions affected: BIND Supported Preview Edition version 9.10.5-S1 -> 9.11.5-S5. ONLY BIND Supported Preview Edition releases are affected. Published: October 09, 2019; 12:15:16 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-6467 |
A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAIN redirection for recursive clients, is also serving a local copy of the root zone or using mirroring to provide the root zone, although other configurations are also possible. Versions affected: BIND 9.12.0-> 9.12.4, 9.14.0. Also affects all releases in the 9.13 development branch. Published: October 09, 2019; 12:15:16 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-6465 |
Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465. Published: October 09, 2019; 12:15:16 PM -0400 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-4558 |
A security vulnerability has been identified in all levels of IBM Spectrum Scale V5.0.0.0 through V5.0.3.2 and IBM Spectrum Scale V4.2.0.0 through V4.2.3.17 that could allow a local attacker to obtain root privilege by injecting parameters into setuid files. Published: October 09, 2019; 12:15:16 PM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2019-4512 |
IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554. Published: October 09, 2019; 12:15:16 PM -0400 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2019-3653 |
Improper access control vulnerability in Configuration tool in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to gain access to security configuration via unauthorized use of the configuration tool. Published: October 09, 2019; 12:15:16 PM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2019-3652 |
Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to get their malicious code installed by the ENS installer via code injection into EPSetup.exe by an attacker with access to the installer. Published: October 09, 2019; 12:15:16 PM -0400 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 4.6 MEDIUM |
CVE-2019-17385 |
The animate-it plugin before 2.3.5 for WordPress has XSS. Published: October 09, 2019; 12:15:15 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-17384 |
The animate-it plugin before 2.3.4 for WordPress has XSS. Published: October 09, 2019; 12:15:15 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-17383 |
The netaddr gem before 2.0.4 for Ruby has misconfigured file permissions, such that a gem install may result in 0777 permissions in the target filesystem. Published: October 09, 2019; 12:15:15 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2019-17380 |
cPanel before 82.0.15 allows self XSS in the WHM Update Preferences interface (SEC-528). Published: October 09, 2019; 12:15:15 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-17379 |
cPanel before 82.0.15 allows self stored XSS in the WHM SSL Storage Manager interface (SEC-527). Published: October 09, 2019; 12:15:15 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-17378 |
cPanel before 82.0.15 allows self XSS in the SSL Key Delete interface (SEC-526). Published: October 09, 2019; 12:15:15 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-17377 |
cPanel before 82.0.15 allows self XSS in LiveAPI example scripts (SEC-524). Published: October 09, 2019; 12:15:15 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-17376 |
cPanel before 82.0.15 allows self XSS in the SSL Certificate Upload interface (SEC-521). Published: October 09, 2019; 12:15:15 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-17375 |
cPanel before 82.0.15 allows API token credentials to persist after an account has been renamed or terminated (SEC-517). Published: October 09, 2019; 12:15:15 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2019-17128 |
Netreo OmniCenter through 12.1.1 allows unauthenticated SQL Injection (Boolean Based Blind) in the redirect parameters and parameter name of the login page through a GET request. The injection allows an attacker to read sensitive information from the database used by the application. Published: October 09, 2019; 12:15:15 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-17124 |
Kramer VIAware 2.5.0719.1034 has Incorrect Access Control. Published: October 09, 2019; 12:15:15 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2019-15859 |
Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 allows a remote attacker to get full access to a device via the /password.jsn URI. Published: October 09, 2019; 12:15:14 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2019-15226 |
Upon receiving each incoming request header data, Envoy will iterate over existing request headers to verify that the total size of the headers stays below a maximum limit. The implementation in versions 1.10.0 through 1.11.1 for HTTP/1.x traffic and all versions of Envoy for HTTP/2 traffic had O(n^2) performance characteristics. A remote attacker may craft a request that stays below the maximum request header size but consists of many thousands of small headers to consume CPU and result in a denial-of-service attack. Published: October 09, 2019; 12:15:14 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 7.8 HIGH |