National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 129,492 matching records.
Displaying matches 1301 through 1320.
Vuln ID Summary CVSS Severity
CVE-2019-6024

Rakuma App for Android version 7.15.0 and earlier, and for iOS version 7.16.4 and earlier allows an attacker to bypass authentication and obtain the user's authentication information via a malicious application created by the third party.

Published: December 26, 2019; 11:15:12 AM -05:00
V3.1: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-6023

Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to bypass access restriction which may result in obtaining data without access privileges via the application 'Address'.

Published: December 26, 2019; 11:15:12 AM -05:00
V3.1: 4.3 MEDIUM
    V2: 4.0 MEDIUM
CVE-2019-6022

Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to alter arbitrary files via the 'Customapp' function.

Published: December 26, 2019; 11:15:11 AM -05:00
V3.1: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2019-6021

Open redirect vulnerability in Library Information Management System LIMEDIO all versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.

Published: December 26, 2019; 11:15:11 AM -05:00
V3.1: 6.1 MEDIUM
    V2: 5.8 MEDIUM
CVE-2019-6020

Open redirect vulnerability in PowerCMS 5.12 and earlier (PowerCMS 5.x), 4.42 and earlier (PowerCMS 4.x), and 3.293 and earlier (PowerCMS 3.x) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.

Published: December 26, 2019; 11:15:11 AM -05:00
V3.1: 6.1 MEDIUM
    V2: 5.8 MEDIUM
CVE-2019-6019

Untrusted search path vulnerability in STAMP Workbench installer all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Published: December 26, 2019; 11:15:11 AM -05:00
V3.1: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-6018

Cross-site scripting vulnerability in NetCommons 3.2.2 and earlier (NetCommons3.x) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: December 26, 2019; 11:15:11 AM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-6017

REMISE Payment Module (2.11, 2.12 and 2.13) version 3.0.12 and earlier allow remote attackers to [Disclosed_Information_type] via unspecified vectors.

Published: December 26, 2019; 11:15:11 AM -05:00
V3.1: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2019-6016

Cross-site scripting vulnerability in REMISE Payment Module (2.11, 2.12 and 2.13) version 3.0.12 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: December 26, 2019; 11:15:11 AM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-6014

DBA-1510P firmware 1.70b009 and earlier allows an attacker to execute arbitrary OS commands via Web User Interface.

Published: December 26, 2019; 11:15:11 AM -05:00
V3.1: 8.8 HIGH
    V2: 8.3 HIGH
CVE-2019-6013

DBA-1510P firmware 1.70b009 and earlier allows authenticated attackers to execute arbitrary OS commands via Command Line Interface (CLI).

Published: December 26, 2019; 11:15:11 AM -05:00
V3.1: 6.6 MEDIUM
    V2: 6.8 MEDIUM
CVE-2019-6012

SQL injection vulnerability in the wpDataTables Lite Version 2.0.11 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.

Published: December 26, 2019; 11:15:11 AM -05:00
V3.1: 7.2 HIGH
    V2: 6.5 MEDIUM
CVE-2019-6011

Cross-site scripting vulnerability in wpDataTables Lite Version 2.0.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: December 26, 2019; 11:15:11 AM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-6008

An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)) allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges.

Published: December 26, 2019; 11:15:10 AM -05:00
V3.1: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-19681

** DISPUTED ** Pandora FMS 7.x suffers from remote code execution vulnerability. With an authenticated user who can modify the alert system, it is possible to define and execute commands as root/Administrator. NOTE: The product vendor states that the vulnerability as it is described is not in fact an actual vulnerability. They state that to be able to create alert commands, you need to have admin rights. They also state that the extended ACL system can disable access to specific sections of the configuration, such as defining new alert commands.

Published: December 26, 2019; 11:15:10 AM -05:00
V3.1: 8.8 HIGH
    V2: 9.0 HIGH
CVE-2019-15695

TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can choose offset from start of the buffer to start writing his values, exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.

Published: December 26, 2019; 11:15:10 AM -05:00
V3.1: 7.2 HIGH
    V2: 6.5 MEDIUM
CVE-2019-19542

The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Good For field on the new listing submit page.

Published: December 26, 2019; 10:15:11 AM -05:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2019-19541

The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Best Day/Night field on the new listing submit page.

Published: December 26, 2019; 10:15:11 AM -05:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2019-19540

The ListingPro theme before v2.0.14.2 for WordPress has Reflected XSS via the What field on the homepage.

Published: December 26, 2019; 10:15:11 AM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-15694

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.

Published: December 26, 2019; 10:15:11 AM -05:00
V3.1: 7.2 HIGH
    V2: 6.5 MEDIUM