National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

<strong>JSON Vulnerability Feeds 1.0 Released!</strong>
JSON Feed 1.0 Released
Vulnerable Product Configurations Improved!
CPE Ranges
Multiple different visualizations displaying word, CWE, CVSS score distribution and more!
Vulnerability Visualizations


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2018-12815 Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current... read CVE-2018-12815
    Published: July 20, 2018; 03:29:02 PM -04:00

    V3: 9.8 CRITICAL
     V2: 10.0 HIGH

  • CVE-2019-9835 The receiver (aka bridge) component of Fujitsu Wireless Keyboard Set LX901 GK900 devices allows Keystroke Injection. This occurs because it accepts unencrypted 2.4 GHz packets, even though all legitimate communication uses AES encryption.
    Published: March 15, 2019; 02:29:00 PM -04:00

    V3: 9.6 CRITICAL
     V2: 5.8 MEDIUM

  • CVE-2017-9344 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero. This was addressed in epan/dissectors/packet-btl2cap.c by validating an interval value.
    Published: June 02, 2017; 01:29:00 AM -04:00

    V3: 7.5 HIGH
     V2: 5.0 MEDIUM

  • CVE-2017-9343 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer. This was addressed in epan/dissectors/packet-msnip.c by validating an IPv4 address.
    Published: June 02, 2017; 01:29:00 AM -04:00

    V3: 7.5 HIGH
     V2: 5.0 MEDIUM

  • CVE-2017-9346 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-slsk.c by making loop bounds more explicit.
    Published: June 02, 2017; 01:29:00 AM -04:00

    V3: 7.5 HIGH
     V2: 7.8 HIGH

  • CVE-2017-9345 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dns.c by trying to detect self-referencing pointers.
    Published: June 02, 2017; 01:29:00 AM -04:00

    V3: 7.5 HIGH
     V2: 7.8 HIGH

  • CVE-2017-9347 In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/asn1/ros/packet-ros-template.c by validating an OID.
    Published: June 02, 2017; 01:29:00 AM -04:00

    V3: 7.5 HIGH
     V2: 5.0 MEDIUM

  • CVE-2018-2919 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Unified Navigation). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacke... read CVE-2018-2919
    Published: July 18, 2018; 09:29:01 AM -04:00

    V3: 6.1 MEDIUM
     V2: 5.8 MEDIUM

  • CVE-2018-2895 Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0, 14.0.0 and 14.1.0. Easily exploitable vulnerabilit... read CVE-2018-2895
    Published: July 18, 2018; 09:29:00 AM -04:00

    V3: 6.1 MEDIUM
     V2: 5.8 MEDIUM

  • CVE-2018-2897 Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.3.0, 14.0.0 and 14.1.0. Easily exploitabl... read CVE-2018-2897
    Published: July 18, 2018; 09:29:00 AM -04:00

    V3: 6.1 MEDIUM
     V2: 5.8 MEDIUM

  • CVE-2018-0769 Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memor... read CVE-2018-0769
    Published: January 04, 2018; 09:29:00 AM -05:00

    V3: 7.5 HIGH
     V2: 7.6 HIGH

  • CVE-2017-8635 Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the conte... read CVE-2017-8635
    Published: August 08, 2017; 05:29:00 PM -04:00

    V3: 7.5 HIGH
     V2: 7.6 HIGH

  • CVE-2017-8549 Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system when Microsoft Edge improperly handles objects in memory, aka "Scripting Engin... read CVE-2017-8549
    Published: June 14, 2017; 09:29:04 PM -04:00

    V3: 7.5 HIGH
     V2: 7.6 HIGH

  • CVE-2017-8543 Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and... read CVE-2017-8543
    Published: June 14, 2017; 09:29:04 PM -04:00

    V3: 9.8 CRITICAL
     V2: 10.0 HIGH

  • CVE-2017-8548 Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system when Microsoft Edge improperly handles objects in memory, aka "Scripting Engin... read CVE-2017-8548
    Published: June 14, 2017; 09:29:04 PM -04:00

    V3: 7.5 HIGH
     V2: 7.6 HIGH

  • CVE-2015-1417 The inet module in FreeBSD 10.2x before 10.2-PRERELEASE, 10.2-BETA2-p2, 10.2-RC1-p1, 10.1x before 10.1-RELEASE-p16, 9.x before 9.3-STABLE, 9.3-RELEASE-p21, and 8.x before 8.4-STABLE, 8.4-RELEASE-p35 on systems with VNET enabled and at least 16 VNET i... read CVE-2015-1417
    Published: July 25, 2017; 02:29:00 PM -04:00

    V3: 7.5 HIGH
     V2: 5.0 MEDIUM

  • CVE-2017-5208 Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of executi... read CVE-2017-5208
    Published: August 22, 2017; 02:29:00 PM -04:00

    V3: 8.8 HIGH
     V2: 6.8 MEDIUM

  • CVE-2017-14063 Async Http Client (aka async-http-client) before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL (CVE... read CVE-2017-14063
    Published: August 31, 2017; 12:29:00 PM -04:00

    V3: 7.5 HIGH
     V2: 5.0 MEDIUM

  • CVE-2018-17161 In FreeBSD before 11.2-STABLE(r348229), 11.2-RELEASE-p7, 12.0-STABLE(r342228), and 12.0-RELEASE-p1, insufficient validation of network-provided data in bootpd may make it possible for a malicious attacker to craft a bootp packet which could cause a s... read CVE-2018-17161
    Published: January 03, 2019; 12:29:00 PM -05:00

    V3: 9.8 CRITICAL
     V2: 7.5 HIGH

  • CVE-2018-15858 Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap in xkbcomp/keycodes.c in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keym... read CVE-2018-15858
    Published: August 25, 2018; 05:29:02 PM -04:00

    V3: 5.5 MEDIUM
     V2: 2.1 LOW