National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 4 min 7 sec ago

CVE-2018-2028

Wed, 06/05/2019 - 21:29
IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554.
Categories: Security News

CVE-2019-4048

Wed, 06/05/2019 - 21:29
IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311.
Categories: Security News

CVE-2019-4056

Wed, 06/05/2019 - 21:29
IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565.
Categories: Security News

CVE-2019-4185 (infosphere_information_server, infosphere_information_server_on_cloud)

Wed, 06/05/2019 - 21:29
IBM InfoSphere Information Server 11.7.1 containers are vulnerable to privilege escalation due to an insecurely configured component. IBM X-Force ID: 158975.
Categories: Security News

CVE-2019-4201 (jazz_for_service_management)

Wed, 06/05/2019 - 21:29
IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 159122.
Categories: Security News

CVE-2019-4220 (infosphere_information_server_on_cloud, watson_knowledge_catalog)

Wed, 06/05/2019 - 21:29
IBM InfoSphere Information Server 11.7.1.0 stores a common hard coded encryption key that could be used to decrypt sensitive information. IBM X-Force ID: 159229.
Categories: Security News

CVE-2018-10171

Wed, 06/05/2019 - 18:29
Kromtech MacKeeper 3.20.4 suffers from a root privilege escalation vulnerability through its `com.mackeeper.AdwareAnalyzer.AdwareAnalyzerPrivilegedHelper` component. The AdwareAnalzyerPrivilegedHelper tool implements an XPC service that allows an unprivileged application to connect and execute shell scripts as the root user.
Categories: Security News

CVE-2019-12494

Wed, 06/05/2019 - 15:29
In Gardener before 0.20.0, incorrect access control in seed clusters allows information disclosure by sending HTTP GET requests from one's own shoot clusters to foreign shoot clusters. This occurs because traffic from shoot to seed via the VPN endpoint is not blocked.
Categories: Security News

CVE-2019-6800

Wed, 06/05/2019 - 15:29
In TitanHQ SpamTitan through 7.03, a vulnerability exists in the spam rule update function. Updates are downloaded over HTTP, including scripts which are subsequently executed with root permissions. An attacker with a privileged network position is trivially able to inject arbitrary commands.
Categories: Security News

CVE-2019-7671

Wed, 06/05/2019 - 15:29
Prima Systems FlexAir devices allow Authenticated Stored XSS.
Categories: Security News

CVE-2019-7672

Wed, 06/05/2019 - 15:29
Prima Systems FlexAir devices have Hard-coded Credentials.
Categories: Security News

CVE-2019-8385

Wed, 06/05/2019 - 15:29
An issue was discovered in Thomson Reuters Desktop Extensions 1.9.0.358. An unauthenticated directory traversal and local file inclusion vulnerability in the ThomsonReuters.Desktop.Service.exe and ThomsonReuters.Desktop.exe allows a remote attacker to list or enumerate sensitive contents of files via a \.. to port 6677. Additionally, this could allow for privilege escalation by dumping the affected machine's SAM and SYSTEM database files, as well as remote code execution.
Categories: Security News

CVE-2019-9156

Wed, 06/05/2019 - 15:29
Gemalto DS3 Authentication Server 2.6.1-SP01 allows OS Command Injection.
Categories: Security News

CVE-2019-9157

Wed, 06/05/2019 - 15:29
Gemalto DS3 Authentication Server 2.6.1-SP01 allows Local File Disclosure.
Categories: Security News

CVE-2019-9158

Wed, 06/05/2019 - 15:29
Gemalto DS3 Authentication Server 2.6.1-SP01 has Broken Access Control.
Categories: Security News

CVE-2019-11988 (smart_update_manager)

Wed, 06/05/2019 - 14:29
A Remote Unauthorized Access vulnerability was identified in HPE Smart Update Manager (SUM) earlier than version 8.3.5.
Categories: Security News

CVE-2019-12196 (manageengine_netflow_analyzer)

Wed, 06/05/2019 - 14:29
A SQL injection vulnerability in /client/api/json/v2/nfareports/compareReport in Zoho ManageEngine NetFlow Analyzer 12.3 allows attackers to execute arbitrary SQL commands via the DeviceID parameter.
Categories: Security News

CVE-2019-12276

Wed, 06/05/2019 - 14:29
A Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in GrandNode 4.40 allows remote, unauthenticated attackers to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests. A patch for this issue was made on 2019-05-30 in GrandNode 4.40.
Categories: Security News

CVE-2019-5394

Wed, 06/05/2019 - 14:29
The HPE Nonstop Maintenance Entity family of products are vulnerable to local disclosure of information, such as system layout and configuration.
Categories: Security News

CVE-2019-9187

Wed, 06/05/2019 - 14:29
ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190226 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs.
Categories: Security News

Pages