National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 127,106 matching records.
Displaying matches 241 through 260.
Vuln ID Summary CVSS Severity
CVE-2019-19496

Alfresco Enterprise before 5.2.5 allows stored XSS via an uploaded HTML document.

Published: December 01, 2019; 11:15:10 PM -05:00
(not available)
CVE-2019-19493

Kentico before 12.0.50 allows file uploads in which the Content-Type header is inconsistent with the file extension, leading to XSS.

Published: December 01, 2019; 10:15:11 PM -05:00
(not available)
CVE-2019-19362

An issue was discovered in the Chat functionality of the TeamViewer desktop application 14.3.4730 on Windows. (The vendor states that it was later fixed.) Upon login, every communication is saved within Windows main memory. When a user logs out or deletes conversation history (but does not exit the application), this data is not wiped from main memory, and therefore could be read by a local user with the same or greater privileges.

Published: December 01, 2019; 10:15:11 PM -05:00
(not available)
CVE-2019-19492

FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml.

Published: December 01, 2019; 09:15:13 PM -05:00
(not available)
CVE-2019-19491

TestLink 1.9.19 has XSS via the lib/testcases/archiveData.php edit parameter, the index.php reqURI parameter, or the URI in a lib/testcases/tcEdit.php?doAction=doDeleteStep request.

Published: December 01, 2019; 09:15:13 PM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-19490

LiteManager 4.5.0 has weak permissions (Everyone: Full Control) in the "LiteManagerFree - Server" folder, as demonstrated by ROMFUSClient.exe.

Published: December 01, 2019; 09:15:13 PM -05:00
(not available)
CVE-2019-19489

SMPlayer 19.5.0 has a buffer overflow via a long .m3u file.

Published: December 01, 2019; 09:15:13 PM -05:00
(not available)
CVE-2019-15631

Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code.

Published: December 01, 2019; 09:15:10 PM -05:00
(not available)
CVE-2019-19481

An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates.

Published: December 01, 2019; 06:15:10 PM -05:00
(not available)
CVE-2019-19480

An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry.

Published: December 01, 2019; 06:15:10 PM -05:00
(not available)
CVE-2019-19479

An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute.

Published: December 01, 2019; 06:15:10 PM -05:00
(not available)
CVE-2019-18609

An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that leads to a smaller target_size value than needed. This condition is then carried on to a memcpy function that copies too much data into a heap buffer.

Published: December 01, 2019; 05:15:10 PM -05:00
(not available)
CVE-2019-19469

In Zmanda Management Console 3.3.9, ZMC_Admin_Advanced?form=adminTasks&action=Apply&command= allows CSRF, as demonstrated by command injection with shell metacharacters. This may depend on weak default credentials.

Published: December 01, 2019; 09:15:10 AM -05:00
(not available)
CVE-2019-19269

An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup.

Published: November 30, 2019; 06:15:18 PM -05:00
(not available)
CVE-2019-19468

Free Photo Viewer 1.3 allows remote attackers to execute arbitrary code via a crafted BMP and/or TIFF file that triggers a malformed SEH, as demonstrated by a 0012ECB4 FreePhot.00425642 42200008 corrupt entry.

Published: November 30, 2019; 02:15:11 PM -05:00
(not available)
CVE-2019-19464

The CBC Gem application before 9.24.1 for Android and before 9.26.0 for iOS has Unencrypted Analytics.

Published: November 29, 2019; 09:15:10 PM -05:00
(not available)
CVE-2019-19463

The Anhui Huami Mi Fit application before 4.0.11 for Android has an Unencrypted Update Check.

Published: November 29, 2019; 09:15:10 PM -05:00
(not available)
CVE-2013-7484

Zabbix before 5.0 represents passwords in the users table with unsalted MD5.

Published: November 29, 2019; 09:15:10 PM -05:00
(not available)
CVE-2019-19462

relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result.

Published: November 29, 2019; 08:15:10 PM -05:00
(not available)
CVE-2019-19451

When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system's logging facility (potentially with elevated privileges), thus filling up the disk and eventually rendering the system unusable. (The filename can be for a nonexistent file.) NOTE: this does not affect an upstream release, but affects certain Linux distribution packages with version numbers such as 0.97.3.

Published: November 29, 2019; 06:15:10 PM -05:00
(not available)