National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2019-13277 TRENDnet TEW-827DRU with firmware up to and including 2.04B03 allows an unauthenticated attacker to execute setup wizard functionality, giving this attacker the ability to change configuration values, potentially leading to a denial of service. The r... read CVE-2019-13277
    Published: July 09, 2019; 05:15:10 PM -04:00

  • CVE-2019-10340 A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs... read CVE-2019-10340
    Published: July 11, 2019; 10:15:10 AM -04:00

  • CVE-2019-12537 An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the SearchN.do search field.
    Published: July 11, 2019; 10:15:11 AM -04:00

  • CVE-2019-12540 An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5. There is XSS via the WorkOrder.do search field.
    Published: July 11, 2019; 10:15:11 AM -04:00

  • CVE-2019-13280 TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow while returning an error message to the user about failure to resolve a hostname during a ping or traceroute attempt. This allows an authenticated us... read CVE-2019-13280
    Published: July 09, 2019; 03:15:12 PM -04:00

  • CVE-2014-3798 The Windows Guest Tools in Citrix XenServer 6.2 SP1 and earlier allows remote attackers to cause a denial of service (guest OS crash) via a crafted Ethernet frame.
    Published: July 11, 2019; 04:15:10 PM -04:00

  • CVE-2019-13029 Multiple stored Cross-site scripting (XSS) issues in the admin panel and survey system in REDCap 8 before 8.10.20 and 9 before 9.1.2 allow an attacker to inject arbitrary malicious HTML or JavaScript code into a user's web browser.
    Published: July 11, 2019; 03:15:13 PM -04:00

  • CVE-2019-13464 An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) 3.0.2. Use of X.Filename instead of X_Filename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are in... read CVE-2019-13464
    Published: July 09, 2019; 03:15:12 PM -04:00

  • CVE-2019-0330 The OS Command Plugin in the transaction GPA_ADMIN and the OSCommand Console of SAP Diagnostic Agent (LM-Service), version 7.2, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior o... read CVE-2019-0330
    Published: July 10, 2019; 04:15:12 PM -04:00

  • CVE-2019-13142 The RzSurroundVADStreamingService (RzSurroundVADStreamingService.exe) in Razer Surround 1.1.63.0 runs as the SYSTEM user using an executable located in %PROGRAMDATA%\Razer\Synapse\Devices\Razer Surround\Driver\. The DACL on this folder allows any use... read CVE-2019-13142
    Published: July 09, 2019; 02:15:11 PM -04:00

  • CVE-2019-10349 A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.
    Published: July 11, 2019; 10:15:10 AM -04:00

  • CVE-2018-15738 An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains an Arbitrary Write vulnerability due to not validating the output buffer address value from IOCtl 0x8000205F.
    Published: July 09, 2019; 09:15:11 AM -04:00

  • CVE-2019-10347 Jenkins Mashup Portlets Plugin stored credentials unencrypted on the Jenkins master where they can be viewed by users with access to the master file system.
    Published: July 11, 2019; 10:15:10 AM -04:00

  • CVE-2019-10346 A reflected cross site scripting vulnerability in Jenkins Embeddable Build Status Plugin 2.0.1 and earlier allowed attackers inject arbitrary HTML and JavaScript into the response of this plugin.
    Published: July 11, 2019; 10:15:10 AM -04:00

  • CVE-2017-6900 An issue was discovered in Riello NetMan 204 14-2 and 15-2. The issue is with the login script and wrongpass Python script used for authentication. When calling wrongpass, the variables $VAL0 and $VAL1 should be enclosed in quotes to prevent the pote... read CVE-2017-6900
    Published: July 03, 2019; 01:15:09 PM -04:00

  • CVE-2019-10348 Jenkins Gogs Plugin stored credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
    Published: July 11, 2019; 10:15:10 AM -04:00

  • CVE-2019-5602 In FreeBSD 12.0-STABLE before r349628, 12.0-RELEASE before 12.0-RELEASE-p7, 11.3-PRERELEASE before r349629, 11.3-RC3 before 11.3-RC3-p1, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the cdrom driver allows users with read access to the cdrom de... read CVE-2019-5602
    Published: July 03, 2019; 03:15:12 PM -04:00

    V3: 8.8 HIGH
    V2: 9.0 HIGH

  • CVE-2019-11062 The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php". The target server can be exploited without authentication.
    Published: July 11, 2019; 03:15:12 PM -04:00

  • CVE-2019-5601 In FreeBSD 12.0-STABLE before r347474, 12.0-RELEASE before 12.0-RELEASE-p7, 11.2-STABLE before r347475, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the FFS implementation causes up to three bytes of kernel stack memory to be written to disk as... read CVE-2019-5601
    Published: July 03, 2019; 03:15:12 PM -04:00

  • CVE-2019-10351 Jenkins Caliper CI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
    Published: July 11, 2019; 10:15:11 AM -04:00