National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 129,385 matching records.
Displaying matches 1341 through 1360.
Vuln ID Summary CVSS Severity
CVE-2012-6111

gnome-keyring does not discard stored secrets when using gnome_keyring_lock_all_sync function

Published: December 20, 2019; 10:15:11 AM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2012-6094

cups (Common Unix Printing System) 'Listen localhost:631' option not honored correctly which could provide unauthorized access to the system

Published: December 20, 2019; 10:15:11 AM -05:00
V3.1: 9.8 CRITICAL
    V2: 6.8 MEDIUM
CVE-2016-1000229

swagger-ui has XSS in key names

Published: December 20, 2019; 09:15:11 AM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-8313

GnuTLS incorrectly validates the first byte of padding in CBC modes

Published: December 20, 2019; 09:15:11 AM -05:00
V3.1: 5.9 MEDIUM
    V2: 4.3 MEDIUM
CVE-2012-5639

LibreOffice and OpenOffice automatically open embedded content

Published: December 20, 2019; 09:15:11 AM -05:00
V3.1: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2012-3409

ecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,nodev which creates a possible privilege escalation

Published: December 20, 2019; 09:15:11 AM -05:00
V3.1: 7.8 HIGH
    V2: 4.6 MEDIUM
CVE-2019-19908

phpMyChat-Plus 1.98 is vulnerable to reflected XSS via JavaScript injection into the password reset URL. In the URL, the pmc_username parameter to pass_reset.php is vulnerable.

Published: December 20, 2019; 08:15:11 AM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-19789

3S-Smart CODESYS SP Realtime NT before V2.3.7.28, CODESYS Runtime Toolkit 32 bit full before V2.4.7.54, and CODESYS PLCWinNT before V2.4.7.54 allow a NULL pointer dereference.

Published: December 20, 2019; 08:15:11 AM -05:00
V3.1: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2019-19141

The Camera Upload functionality in Plex Media Server through 1.18.2.2029 allows remote authenticated users to write files anywhere the user account running the Plex Media Server has permissions. This allows remote code execution via a variety of methods, such as (on a default Ubuntu installation) creating a .ssh folder in the plex user's home directory via directory traversal, uploading an SSH authorized_keys file there, and logging into the host as the Plex user via SSH.

Published: December 19, 2019; 06:15:16 PM -05:00
V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2019-19915

The "301 Redirects - Easy Redirect Manager" plugin before 2.45 for WordPress allows users (with subscriber or greater access) to modify, delete, or inject redirect rules, and exploit XSS, with the /admin-ajax.php?action=eps_redirect_save and /admin-ajax.php?action=eps_redirect_delete actions. This could result in a loss of site availability, malicious redirects, and user infections. This could also be exploited via CSRF.

Published: December 19, 2019; 05:15:13 PM -05:00
V3.1: 9.0 CRITICAL
    V2: 6.0 MEDIUM
CVE-2019-19342

A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.4, when /websocket is requested and the password contains the '#' character. This request would cause a socket error in RabbitMQ when parsing the password and an HTTP error code 500 and partial password disclose will occur in plaintext. An attacker could easily guess some predictable passwords or brute force the password.

Published: December 19, 2019; 04:15:14 PM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-19341

A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where files in '/var/backup/tower' are left world-readable. These files include both the SECRET_KEY and the database backup. Any user with access to the Tower server, and knowledge of when a backup is run, could retrieve every credential stored in Tower. Access to data is the highest threat with this vulnerability.

Published: December 19, 2019; 04:15:14 PM -05:00
V3.1: 5.5 MEDIUM
    V2: 2.1 LOW
CVE-2019-19340

A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ management interface publicly, as expected. If the default admin user is still active, an attacker could guess the password and gain access to the system.

Published: December 19, 2019; 04:15:13 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 5.0 MEDIUM
CVE-2019-19234

In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the ! character in the shadow file instead of a password hash) is not considered, allowing an attacker (who has access to a Runas ALL sudoer account) to impersonate any blocked user.

Published: December 19, 2019; 04:15:13 PM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-19232

In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user.

Published: December 19, 2019; 04:15:13 PM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-17527

dataForDepandantField in models/custormfields.php in the JS JOBS FREE extension before 1.2.7 for Joomla! allows SQL Injection via the index.php?option=com_jsjobs&task=customfields.getfieldtitlebyfieldandfieldfo child parameter.

Published: December 19, 2019; 04:15:13 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2019-16871

Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stations, allow an attacker to achieve Remote Code Execution (as SYSTEM) via the Beckhoff ADS protocol.

Published: December 19, 2019; 04:15:13 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 9.3 HIGH
CVE-2019-8256

ColdFusion versions Update 6 and earlier have an insecure inherited permissions of default installation directory vulnerability. Successful exploitation could lead to privilege escalation.

Published: December 19, 2019; 03:15:12 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2019-8255

Brackets versions 1.14 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.

Published: December 19, 2019; 03:15:12 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2019-8254

Adobe Photoshop CC versions before 20.0.8 and 21.0.x before 21.0.2 have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

Published: December 19, 2019; 03:15:12 PM -05:00
V3.1: 7.8 HIGH
    V2: 9.3 HIGH