The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
-
CVE-2019-20917 - An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0. The mysql module contains a NULL pointer dereference when built against mariadb-connector-c 3.0.5 or newer. When combined with the sqlauth or sqloper modules, this vulnerabili... read CVE-2019-20917
Published: September 11, 2020; 1:15:12 AM -0400V3.1: 6.5 MEDIUM
V2.0: 6.8 MEDIUM
-
CVE-2020-15785 - A vulnerability has been identified in Siveillance Video Client (All versions). In environments where Windows NTLM authentication is enabled the affected client application transmits usernames to the server in cleartext. This could allow an attack... read CVE-2020-15785
Published: September 09, 2020; 3:15:19 PM -0400V3.1: 5.3 MEDIUM
V2.0: 4.3 MEDIUM
-
CVE-2018-6589 - CA Spectrum 10.1 prior to 10.01.02.PTF_10.1.239 and 10.2.x prior to 10.2.3 allows remote attackers to cause a denial of service via unspecified vectors.
Published: May 01, 2018; 2:29:00 PM -0400V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
-
CVE-2020-15702 - TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a root process with the same PID as the crashed pr... read CVE-2020-15702
Published: August 06, 2020; 7:15:11 PM -0400V3.1: 7.0 HIGH
V2.0: 4.4 MEDIUM
-
CVE-2018-6588 - CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflected cross-site scripting vulnerability related to the apiExplorer.
Published: March 29, 2018; 9:29:00 AM -0400V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
-
CVE-2018-6587 - CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnerability related to the widgetID variable.
Published: March 29, 2018; 9:29:00 AM -0400V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
-
CVE-2018-6586 - CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored cross-site scripting vulnerability related to profile picture processing.
Published: March 29, 2018; 9:29:00 AM -0400V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
-
CVE-2023-23749 - The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login' extension is vulnerable to LDAP Injection since is not properly sanitizing the 'username' POST parameter. An attacker can manipulate this paramter to dump arbitrary ... read CVE-2023-23749
Published: January 17, 2023; 3:15:11 PM -0500V3.1: 7.5 HIGH
-
CVE-2017-3080 - Adobe Flash Player versions 26.0.0.131 and earlier have a security bypass vulnerability related to the Flash API used by Internet Explorer. Successful exploitation could lead to information disclosure.
Published: July 17, 2017; 9:18:26 AM -0400V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
-
CVE-2017-3071 - Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when masking display objects. Successful exploitation could lead to arbitrary code execution.
Published: May 09, 2017; 12:29:00 PM -0400 -
CVE-2017-3072 - Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution.
Published: May 09, 2017; 12:29:00 PM -0400 -
CVE-2017-3070 - Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the ConvolutionFilter class. Successful exploitation could lead to arbitrary code execution.
Published: May 09, 2017; 12:29:00 PM -0400 -
CVE-2017-3069 - Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BlendMode class. Successful exploitation could lead to arbitrary code execution.
Published: May 09, 2017; 12:29:00 PM -0400 -
CVE-2017-3068 - Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Advanced Video Coding engine. Successful exploitation could lead to arbitrary code execution.
Published: May 09, 2017; 12:29:00 PM -0400 -
CVE-2017-2998 - Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK API functionality related to timeline interactions. Successful exploitation could lead to arbitrary code execution.
Published: March 14, 2017; 12:59:00 PM -0400 -
CVE-2017-2927 - Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing Adobe Texture Format files. Successful exploitation could lead to arbitrary code execution.
Published: January 10, 2017; 11:59:00 PM -0500 -
CVE-2019-11539 - In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX befo... read CVE-2019-11539
Published: April 25, 2019; 10:29:00 PM -0400V3.1: 7.2 HIGH
V2.0: 6.5 MEDIUM
-
CVE-2019-11540 - In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2 and 5.4RX before 5.4R7.1, an unauthenticated, remote attacker can conduct a session hijacking attack.
Published: April 25, 2019; 10:29:00 PM -0400V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
-
CVE-2019-11541 - In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.2RX before 8.2R12.1, users using SAML authentication with the Reuse Existing NC (Pulse) Session option may see authentication leaks.
Published: April 25, 2019; 10:29:00 PM -0400V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
-
CVE-2019-10475 - A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin.
Published: October 23, 2019; 9:15:11 AM -0400V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM