National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 127,108 matching records.
Displaying matches 61 through 80.
Vuln ID Summary CVSS Severity
CVE-2019-19616

An Insecure Direct Object Reference (IDOR) vulnerability in the Xtivia Web Time and Expense (WebTE) interface used for Microsoft Dynamics NAV before 2017 allows an attacker to download arbitrary files by specifying arbitrary values for the recId and filename parameters of the /Home/GetAttachment function.

Published: December 05, 2019; 10:15:10 PM -05:00
(not available)
CVE-2012-1592

A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files.

Published: December 05, 2019; 04:15:11 PM -05:00
(not available)
CVE-2012-1115

A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php.

Published: December 05, 2019; 04:15:11 PM -05:00
(not available)
CVE-2012-1114

A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php.

Published: December 05, 2019; 04:15:11 PM -05:00
(not available)
CVE-2019-19609

The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function.

Published: December 05, 2019; 03:15:10 PM -05:00
(not available)
CVE-2019-16770

In Puma before version 4.3.2, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough.

Published: December 05, 2019; 03:15:10 PM -05:00
(not available)
CVE-2019-16768

In affected versions of Sylius, exception messages from internal exceptions (like database exception) are wrapped by \Symfony\Component\Security\Core\Exception\AuthenticationServiceException and propagated through the system to UI. Therefore, some internal system information may leak and be visible to the customer. A validation message with the exception details will be presented to the user when one will try to log into the shop. This has been patched in versions 1.3.14, 1.4.10, 1.5.7, and 1.6.3.

Published: December 05, 2019; 03:15:09 PM -05:00
(not available)
CVE-2019-16769

The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability.

Published: December 05, 2019; 02:15:15 PM -05:00
(not available)
CVE-2012-1105

An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner.

Published: December 05, 2019; 02:15:15 PM -05:00
(not available)
CVE-2019-5098

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. A specially crafted pixel shader can cause out-of-bounds memory read. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.

Published: December 05, 2019; 01:15:14 PM -05:00
(not available)
CVE-2019-19546

Norton Password Manager, prior to 6.6.2.5, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.

Published: December 05, 2019; 01:15:12 PM -05:00
(not available)
CVE-2019-19545

Norton Password Manager, prior to 6.6.2.5, may be susceptible to a cross origin resource sharing (CORS) vulnerability, which is a type of issue that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served.

Published: December 05, 2019; 01:15:12 PM -05:00
(not available)
CVE-2019-18381

Norton Password Manager, prior to 6.6.2.5, may be susceptible to a cross origin resource sharing (CORS) vulnerability, which is a type of issue that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served.

Published: December 05, 2019; 01:15:12 PM -05:00
(not available)
CVE-2019-17388

Weak file permissions applied to the Aviatrix VPN Client through 2.2.10 installation directory on Windows and Linux allow a local attacker to execute arbitrary code by gaining elevated privileges through file modifications.

Published: December 05, 2019; 01:15:12 PM -05:00
(not available)
CVE-2019-17387

An authentication flaw in the AVPNC_RP service in Aviatrix VPN Client through 2.2.10 allows an attacker to gain elevated privileges through arbitrary code execution on Windows, Linux, and macOS.

Published: December 05, 2019; 01:15:12 PM -05:00
(not available)
CVE-2012-1104

A Security Bypass vulnerability exists in the phpCAS 1.2.2 library from the jasig project due to the way proxying of services are managed.

Published: December 05, 2019; 01:15:12 PM -05:00
(not available)
CVE-2019-7195

This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.

Published: December 05, 2019; 12:15:13 PM -05:00
(not available)
CVE-2019-7194

This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.

Published: December 05, 2019; 12:15:13 PM -05:00
(not available)
CVE-2019-7193

This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. To fix the vulnerability, QNAP recommend updating QTS to their latest versions.

Published: December 05, 2019; 12:15:13 PM -05:00
(not available)
CVE-2019-7192

This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions.

Published: December 05, 2019; 12:15:12 PM -05:00
(not available)