National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 133,234 matching records.
Displaying matches 701 through 720.
Vuln ID Summary CVSS Severity
CVE-2019-19351

An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/jenkins-slave-base-rhel7-containera as shipped in Openshift 4 and 3.11.

Published: March 18, 2020; 01:15:11 PM -04:00
V3.1: 7.0 HIGH
    V2: 4.4 MEDIUM
CVE-2019-19335

During installation of an OpenShift 4 cluster, the `openshift-install` command line tool creates an `auth` directory, with `kubeconfig` and `kubeadmin-password` files. Both files contain credentials used to authenticate to the OpenShift API server, and are incorrectly assigned word-readable permissions. ose-installer as shipped in Openshift 4.2 is vulnerable.

Published: March 18, 2020; 12:15:11 PM -04:00
V3.1: 4.4 MEDIUM
    V2: 2.1 LOW
CVE-2019-14871

The REENT_CHECK macro (see newlib/libc/include/sys/reent.h) as used by REENT_CHECK_TM, REENT_CHECK_MISC, REENT_CHECK_MP and other newlib macros in versions prior to 3.3.0, does not check for memory allocation problems when the DEBUG flag is unset (as is the case in production firmware builds).

Published: March 18, 2020; 12:15:11 PM -04:00
V3.1: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2019-10178

It was found that the Token Processing Service (TPS) did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting (XSS) vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would execute arbitrary JavaScript code when viewed in a browser. All versions of pki-core are believed to be vulnerable.

Published: March 18, 2020; 12:15:11 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2020-9326

BeyondTrust Privilege Management for Windows and Mac (aka PMWM; formerly Avecto Defendpoint) 5.1 through 5.5 before 5.5 SR1 mishandles command-line arguments with PowerShell .ps1 file extensions present, leading to a DefendpointService.exe crash.

Published: March 18, 2020; 11:15:12 AM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-11689

An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl fail to properly validate server responses and pass unsanitized text to the system shell, resulting in code execution as root.

Published: March 18, 2020; 11:15:11 AM -04:00
V3.1: 8.1 HIGH
    V2: 9.3 HIGH
CVE-2019-11688

An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl accept any certificate for asustornasapi.asustor.com. In other words, there is Missing SSL Certificate Validation.

Published: March 18, 2020; 11:15:11 AM -04:00
V3.1: 7.4 HIGH
    V2: 8.8 HIGH
CVE-2019-10682

django-nopassword before 5.0.0 stores cleartext secrets in the database.

Published: March 18, 2020; 11:15:11 AM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-10146

A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x versions module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that will be executed on the victim's browser.

Published: March 18, 2020; 11:15:11 AM -04:00
V3.1: 4.7 MEDIUM
    V2: 2.6 LOW
CVE-2020-9325

Aquaforest TIFF Server 4.0 allows Unauthenticated Arbitrary File Download.

Published: March 18, 2020; 10:15:17 AM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2020-9324

Aquaforest TIFF Server 4.0 allows Unauthenticated SMB Hash Capture via UNC.

Published: March 18, 2020; 10:15:17 AM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2020-9323

Aquaforest TIFF Server 4.0 allows Unauthenticated File and Directory Enumeration via tiffserver/tssp.aspx.

Published: March 18, 2020; 10:15:16 AM -04:00
V3.1: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2020-6976

Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. An out-of-bounds read overflow can be exploited when a valid user opens a specially crafted, malicious input file due to the lack of validation.

Published: March 18, 2020; 10:15:16 AM -04:00
V3.1: 5.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2020-4199

IBM Tivoli Netcool/OMNIbus 8.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 174910.

Published: March 18, 2020; 10:15:16 AM -04:00
V3.1: 4.3 MEDIUM
    V2: 4.3 MEDIUM
CVE-2020-9443

Zulip Desktop before 4.0.3 loaded untrusted content in an Electron webview with web security disabled, which can be exploited for XSS in a number of ways. This especially affects Zulip Desktop 2.3.82.

Published: March 18, 2020; 09:15:12 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2020-7002

Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. Multiple stack-based buffer overflows can be exploited when a valid user opens a specially crafted, malicious input file.

Published: March 18, 2020; 09:15:12 AM -04:00
V3.1: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-14884

A vulnerability was found in Moodle 3.7 before 3.73, 3.6 before 3.6.7 and 3.5 before 3.5.9, where a reflected XSS possible from some fatal error messages.

Published: March 18, 2020; 09:15:12 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-14883

A vulnerability was found in Moodle 3.6 before 3.6.7 and 3.7 before 3.7.3, where tokens used to fetch inline atachments in email notifications were not disabled when a user's account was no longer active. Note: to access files, a user would need to know the file path, and their token.

Published: March 18, 2020; 09:15:12 AM -04:00
V3.1: 5.3 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-14882

A vulnerability was found in Moodle 3.7 to 3.7.3, 3.6 to 3.6.7, 3.5 to 3.5.9 and earlier where an open redirect existed in the Lesson edit page.

Published: March 18, 2020; 09:15:11 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 5.8 MEDIUM
CVE-2019-14881

A vulnerability was found in moodle 3.7 to 3.7.2 and before 3.7.3, where there is blind XSS reflected in some locations where user email is displayed.

Published: March 18, 2020; 09:15:11 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM