National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 126,447 matching records.
Displaying matches 821 through 840.
Vuln ID Summary CVSS Severity
CVE-2011-2897

gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw

Published: November 12, 2019; 09:15:10 AM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2019-18882

WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled.

Published: November 11, 2019; 10:15:10 PM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-18881

WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile.

Published: November 11, 2019; 10:15:10 PM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-18874

psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.

Published: November 11, 2019; 09:15:10 PM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-18873

FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. The problem is in admsession.php and admuser.php.

Published: November 11, 2019; 09:15:10 PM -05:00
V3.1: 9.0 CRITICAL
    V2: 8.5 HIGH
CVE-2019-18862

maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.

Published: November 11, 2019; 11:15:12 AM -05:00
V3.1: 7.8 HIGH
    V2: 4.6 MEDIUM
CVE-2019-18857

darylldoyle svg-sanitizer before 0.12.0 mishandles script and data values in attributes, as demonstrated by unexpected whitespace such as in the javascript	:alert substring.

Published: November 11, 2019; 10:15:12 AM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-18856

A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled.

Published: November 11, 2019; 10:15:12 AM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-18855

A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to potentially unwanted elements or attributes.

Published: November 11, 2019; 10:15:12 AM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-18854

A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '<use ... xlink:href="#identifier">' substring.

Published: November 11, 2019; 10:15:12 AM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-18853

ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2.

Published: November 11, 2019; 10:15:12 AM -05:00
V3.1: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-18852

Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/image_sign or /etc/alpha_config/image_sign. This affects DIR-600 B1 V2.01 for WW, DIR-890L A1 v1.03, DIR-615 J1 v100 (for DCN), DIR-645 A1 v1.03, DIR-815 A1 v1.01, DIR-823 A1 v1.01, and DIR-842 C1 v3.00.

Published: November 11, 2019; 09:15:10 AM -05:00
V3.1: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2019-18849

In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup.

Published: November 10, 2019; 11:15:10 PM -05:00
V3.1: 5.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-18841

Chartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem before 3.3.0 for Ruby, allows prototype pollution.

Published: November 10, 2019; 08:15:10 PM -05:00
V3.1: 7.3 HIGH
    V2: 7.5 HIGH
CVE-2019-18836

Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection being able to keep a worker thread in an infinite busy loop when continue_on_listener_filters_timeout is used."

Published: November 10, 2019; 08:15:10 PM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-18845

The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1 allow local users (including low integrity processes) to read and write to arbitrary memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, by mapping \Device\PhysicalMemory into the calling process via ZwOpenSection and ZwMapViewOfSection.

Published: November 09, 2019; 01:15:10 PM -05:00
V3.1: 7.1 HIGH
    V2: 3.6 LOW
CVE-2019-18840

In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer overflow inside the DecodedCert structure in GetName in wolfcrypt/src/asn.c because the domain name location index is mishandled. Because a pointer is overwritten, there is an invalid free.

Published: November 09, 2019; 08:15:10 AM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2009-5004

qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use .

Published: November 08, 2019; 11:15:10 PM -05:00
V3.1: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2009-4011

dtc-xen 0.5.x before 0.5.4 suffers from a race condition where an attacker could potentially get a bash access as xenXX user on the dom0, and then access a potentially reuse an already opened VPS console.

Published: November 08, 2019; 10:15:10 PM -05:00
V3.1: 8.1 HIGH
    V2: 6.8 MEDIUM
CVE-2009-3614

liboping 1.3.2 allows users reading arbitrary files upon the local system.

Published: November 08, 2019; 10:15:10 PM -05:00
V3.1: 3.3 LOW
    V2: 2.1 LOW