National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 125,780 matching records.
Displaying matches 701 through 720.
Vuln ID Summary CVSS Severity
CVE-2010-0206

xpdf allows remote attackers to cause a denial of service (NULL pointer dereference and crash) in the way it processes JBIG2 PDF stream objects.

Published: October 30, 2019; 05:15:11 PM -04:00
V3.1: 5.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-18207

In Zucchetti InfoBusiness before and including 4.4.1, an authenticated user can inject client-side code due to improper validation of the Title field in the InfoBusiness Web Component. The payload will be triggered every time a user browses the reports page.

Published: October 30, 2019; 03:15:11 PM -04:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2019-18206

A cross-site request forgery (CSRF) vulnerability in Zucchetti InfoBusiness before and including 4.4.1 allows arbitrary file upload.

Published: October 30, 2019; 03:15:10 PM -04:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-18205

Multiple Reflected Cross-site Scripting (XSS) vulnerabilities exist in Zucchetti InfoBusiness before and including 4.4.1. The browsing component did not properly sanitize user input (encoded in base64). This also applies to the search functionality for the searchKey parameter.

Published: October 30, 2019; 03:15:10 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-18204

Zucchetti InfoBusiness before and including 4.4.1 allows any authenticated user to upload .php files in order to achieve code execution.

Published: October 30, 2019; 03:15:10 PM -04:00
V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2018-18678

GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board group extra contents" parameter, aka the adm/boardgroup_form_update.php gr_1~10 parameter.

Published: October 30, 2019; 02:15:12 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2018-16417

Aruba Instant 4.x prior to 6.4.4.8-4.2.4.12, 6.5.x prior to 6.5.4.11, 8.3.x prior to 8.3.0.6, and 8.4.x prior to 8.4.0.1 allows Command injection.

Published: October 30, 2019; 01:15:11 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-15682

RDesktop version 1.8.4 contains multiple out-of-bound access read vulnerabilities in its code, which results in a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. These issues have been fixed in version 1.8.5

Published: October 30, 2019; 12:15:15 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-7620

Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. An unauthenticated user who is able to connect to the port the Logstash beats input could send a specially crafted network packet that would cause Logstash to stop responding.

Published: October 30, 2019; 10:15:11 AM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-7619

Elasticsearch versions 7.0.0-7.3.2 and 6.7.0-6.8.3 contain a username disclosure flaw was found in the API Key service. An unauthenticated attacker could send a specially crafted request and determine if a username exists in the Elasticsearch native realm.

Published: October 30, 2019; 10:15:11 AM -04:00
V3.1: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2018-5742

While backporting a feature for a newer branch of BIND9, RedHat introduced a path leading to an assertion failure in buffer.c:420. Affects RedHat versions bind-9.9.4-65.el7 -> bind-9.9.4-72.el7. No ISC releases are affected. Other packages from other distributions who made the same error may also be affected.

Published: October 30, 2019; 10:15:11 AM -04:00
V3.1: 7.5 HIGH
    V2: 4.3 MEDIUM
CVE-2018-5735

The Debian backport of the fix for CVE-2017-3137 leads to assertion failure in validator.c:1858; Affects Debian versions 9.9.5.dfsg-9+deb8u15; 9.9.5.dfsg-9+deb8u18; 9.10.3.dfsg.P4-12.3+deb9u5; 9.11.5.P4+dfsg-5.1 No ISC releases are affected. Other packages from other distributions who did similar backports for the fix for 2017-3137 may also be affected.

Published: October 30, 2019; 10:15:11 AM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-8235

An insecure direct object reference (IDOR) vulnerability exists in Magento 2.3 prior to 2.3.1, 2.2 prior to 2.2.8, and 2.1 prior to 2.1.17 versions. An authenticated user may be able to view personally identifiable shipping details of another user due to insufficient validation of user controlled input.

Published: October 29, 2019; 08:15:12 PM -04:00
V3.1: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2010-2064

rpcbind 0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr.

Published: October 29, 2019; 06:15:10 PM -04:00
V3.1: 7.1 HIGH
    V2: 3.6 LOW
CVE-2010-2061

rpcbind 0.2.0 does not properly validate (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr, which can be created by an attacker before the daemon is started.

Published: October 29, 2019; 06:15:10 PM -04:00
V3.1: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2012-0694

SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code.

Published: October 29, 2019; 05:15:10 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2010-1678

Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol index values during Mapfile parsing.

Published: October 29, 2019; 05:15:10 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2018-19151

qtum through 0.16 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM.

Published: October 29, 2019; 04:15:10 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2018-18931

An issue was discovered in the Tightrope Media Carousel digital signage product 7.0.4.104. Due to insecure default permissions on the C:\TRMS\Services directory, an attacker who has gained access to the system can elevate their privileges from a restricted account to full SYSTEM by replacing the Carousel.Service.exe file with a custom malicious executable. This service is independent of the associated IIS web site, which means that this service can be manipulated by an attacker without losing access to vulnerabilities in the web interface (which would potentially be used in conjunction with this attack, to control the service). Once the attacker has replaced Carousel.Service.exe, the server can be restarted using the command "shutdown -r -t 0" from a web shell, causing the system to reboot and launching the malicious Carousel.Service.exe as SYSTEM on startup. If this malicious Carousel.Service.exe is configured to launch a reverse shell back to the attacker, then upon reboot the attacker will have a fully privileged remote command-line environment to manipulate the system further.

Published: October 29, 2019; 04:15:10 PM -04:00
V3.1: 8.8 HIGH
    V2: 9.0 HIGH
CVE-2018-18930

The Tightrope Media Carousel digital signage product 7.0.4.104 contains an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. An authenticated attacker can upload a crafted ZIP file (based on an exported backup of existing "Bulletins") containing a malicious file. When uploaded, the system only checks for the presence of the needed files within the ZIP and, as long as the malicious file is named properly, will extract all contained files to a new directory on the system, named with a random GUID. The attacker can determine this GUID by previewing an image from the uploaded Bulletin within the web UI. Once the GUID is determined, the attacker can navigate to the malicious file and execute it. In testing, an ASPX web shell was uploaded, allowing for remote-code execution in the context of a restricted IIS user.

Published: October 29, 2019; 04:15:10 PM -04:00
V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM