National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 131,372 matching records.
Displaying matches 1221 through 1240.
Vuln ID Summary CVSS Severity
CVE-2019-4541

IBM Security Directory Server 6.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 165814.

Published: February 04, 2020; 12:15:12 PM -05:00
V3.1: 7.2 HIGH
    V2: 6.5 MEDIUM
CVE-2019-4540

IBM Security Directory Server 6.4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 165813.

Published: February 04, 2020; 12:15:12 PM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-4451

IBM Security Identity Manager 6.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163493.

Published: February 04, 2020; 12:15:12 PM -05:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2019-19273

On Samsung mobile devices with O(8.0) and P(9.0) software and an Exynos 8895 chipset, RKP (aka the Samsung Hypervisor EL2 implementation) allows arbitrary memory write operations. The Samsung ID is SVE-2019-16265.

Published: February 04, 2020; 11:15:12 AM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2019-9674

Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.

Published: February 04, 2020; 10:15:11 AM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-19968

PandoraFMS 742 suffers from multiple XSS vulnerabilities, affecting the Agent Management, Report Builder, and Graph Builder components. An authenticated user can inject dangerous content into a data store that is later read and included in dynamic content.

Published: February 04, 2020; 10:15:11 AM -05:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2013-2678

Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain sensitive information or execute arbitrary code by sending a crafted URL request to the apply.cgi script using the submit_type parameter.

Published: February 04, 2020; 10:15:11 AM -05:00
V3.1: 8.1 HIGH
    V2: 6.8 MEDIUM
CVE-2013-2676

Brother MFC-9970CDW 1.10 firmware L devices contain an information disclosure vulnerability which allows remote attackers to view private IP addresses and other sensitive information.

Published: February 04, 2020; 10:15:11 AM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2013-7055

D-Link DIR-100 4.03B07 has PPTP and poe information disclosure

Published: February 04, 2020; 09:15:12 AM -05:00
V3.1: 9.8 CRITICAL
    V2: 5.0 MEDIUM
CVE-2013-7054

D-Link DIR-100 4.03B07: cli.cgi XSS

Published: February 04, 2020; 09:15:12 AM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2013-7053

D-Link DIR-100 4.03B07: cli.cgi CSRF

Published: February 04, 2020; 09:15:11 AM -05:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2013-7052

D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script

Published: February 04, 2020; 09:15:11 AM -05:00
V3.1: 9.8 CRITICAL
    V2: 5.0 MEDIUM
CVE-2013-7051

D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters

Published: February 04, 2020; 09:15:11 AM -05:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2013-1422

webcalendar before 1.2.7 shows the reason for a failed login (e.g., "no such user").

Published: February 04, 2020; 09:15:11 AM -05:00
V3.1: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2012-5686

ZPanel 10.0.1 has insufficient entropy for its password reset process.

Published: February 04, 2020; 09:15:11 AM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2012-5618

Ushahidi before 2.6.1 has insufficient entropy for forgot-password tokens.

Published: February 04, 2020; 09:15:11 AM -05:00
V3.1: 9.8 CRITICAL
    V2: 5.0 MEDIUM
CVE-2011-4912

Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass.

Published: February 04, 2020; 09:15:11 AM -05:00
V3.1: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2011-4937

Joomla! 1.7.1 has core information disclosure due to inadequate error checking.

Published: February 04, 2020; 08:15:11 AM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2011-3629

Joomla! core 1.7.1 allows information disclosure due to weak encryption

Published: February 04, 2020; 08:15:10 AM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2020-3939

SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Cross-Site Scripting(XSS), personal information may be leaked to attackers via the vulnerability.

Published: February 04, 2020; 12:15:12 AM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM