National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 125,780 matching records.
Displaying matches 781 through 800.
Vuln ID Summary CVSS Severity
CVE-2019-4546

After installing the IBM Maximo Health- Safety and Environment Manager 7.6.1, a user is granted additional privileges that they are not normally allowed to access. IBM X-Force ID: 165948.

Published: October 28, 2019; 08:15:11 PM -04:00
V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2019-4339

IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 161418.

Published: October 28, 2019; 08:15:11 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-4330

IBM Security Guardium Big Data Intelligence (SonarG) 4.0 does not set the secure attribute for cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session. IBM X-Force ID: 161210.

Published: October 28, 2019; 08:15:11 PM -04:00
V3.1: 4.3 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-4329

IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 161209.

Published: October 28, 2019; 08:15:11 PM -04:00
V3.1: 4.3 MEDIUM
    V2: 4.0 MEDIUM
CVE-2019-4314

IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores sensitive information in cleartext within a resource that might be accessible to another control sphere. IBM X-Force ID: 1610141.

Published: October 28, 2019; 08:15:11 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-4311

IBM Security Guardium Big Data Intelligence (SonarG) 4.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 161037.

Published: October 28, 2019; 08:15:11 PM -04:00
V3.1: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2019-4309

IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses hard coded credentials which could allow a local user to obtain highly sensitive information. IBM X-Force ID: 161035.

Published: October 28, 2019; 08:15:11 PM -04:00
V3.1: 5.5 MEDIUM
    V2: 2.1 LOW
CVE-2019-4307

IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 160987.

Published: October 28, 2019; 08:15:11 PM -04:00
V3.1: 7.8 HIGH
    V2: 2.1 LOW
CVE-2019-4306

IBM Security Guardium Big Data Intelligence (SonarG) 4.0 specifies permissions for a security-critical resource which could lead to the exposure of sensitive information or the modification of that resource by unintended parties. IBM X-Force ID: 160986.

Published: October 28, 2019; 08:15:10 PM -04:00
V3.1: 6.5 MEDIUM
    V2: 6.4 MEDIUM
CVE-2019-18189

A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not require authentication.

Published: October 28, 2019; 04:15:11 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2019-18188

Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to the IUSR account, which has restricted permission and is unable to make major system changes. An attempted attack requires user authentication.

Published: October 28, 2019; 04:15:11 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-18187

Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to a web service account, which depending on the web platform used may have restricted permissions. An attempted attack requires user authentication.

Published: October 28, 2019; 04:15:11 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2017-15725

An XML External Entity Injection vulnerability exists in Dzone AnswerHub.

Published: October 28, 2019; 03:15:10 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-17181

A remote SEH buffer overflow has been discovered in IntraSrv 1.0 (2007-06-03). An attacker may send a crafted HTTP GET or HEAD request that can result in a compromise of the hosting system.

Published: October 28, 2019; 01:15:19 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2019-14450

A directory traversal vulnerability was discovered in RepetierServer.exe in Repetier-Server 0.8 through 0.91 that allows for the creation of a user controlled XML file at an unintended location. When this is combined with CVE-2019-14451, an attacker can upload an "external command" configuration as a printer configuration, and achieve remote code execution. After exploitation, loading of the external command configuration is dependent on a system reboot or service restart.

Published: October 28, 2019; 01:15:19 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2012-5577

Python keyring lib before 0.10 created keyring files with world-readable permissions.

Published: October 28, 2019; 01:15:19 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-5538

Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over SCP. A malicious actor with man-in-the-middle positioning between vCenter Server Appliance and a backup target may be able to intercept sensitive data in transit during File-Based Backup and Restore operations.

Published: October 28, 2019; 12:15:14 PM -04:00
V3.1: 5.9 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-5537

Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over FTPS and HTTPS. A malicious actor with man-in-the-middle positioning between vCenter Server Appliance and a backup target may be able to intercept sensitive data in transit during File-Based Backup and Restore operations.

Published: October 28, 2019; 12:15:14 PM -04:00
V3.1: 5.9 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-5536

VMware ESXi (6.7 before ESXi670-201908101-SG and 6.5 before ESXi650-201910401-SG), Workstation (15.x before 15.5.0) and Fusion (11.x before 11.5.0) contain a denial-of-service vulnerability in the shader functionality. Successful exploitation of this issue may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. Exploitation of this issue require an attacker to have access to a virtual machine with 3D graphics enabled. It is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.

Published: October 28, 2019; 12:15:14 PM -04:00
V3.1: 6.5 MEDIUM
    V2: 3.5 LOW
CVE-2019-3636

A File Masquerade vulnerability in McAfee Total Protection (MTP) version 16.0.R21 and earlier in Windows client allowed an attacker to read the plaintext list of AV-Scan exclusion files from the Windows registry, and to possibly replace excluded files with potential malware without being detected.

Published: October 28, 2019; 11:15:21 AM -04:00
V3.1: 7.8 HIGH
    V2: 4.6 MEDIUM