National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

<strong>BETA JSON Vulnerability Feeds Now Available!</strong>
New Data Feeds
Vulnerable Product Configurations Improved!
CPE Ranges
Multiple different visualizations displaying word, CWE, CVSS score distribution and more!
Vulnerability Visualizations


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2018-8225 A remote code execution vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses, aka "Windows DNSAPI Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Wind... read CVE-2018-8225
    Published: June 14, 2018; 08:29:01 AM -04:00

    V3: 8.1 HIGH
     V2: 9.3 HIGH

  • CVE-2018-8210 A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka "Windows Remote Code Execution Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2016, Windows... read CVE-2018-8210
    Published: June 14, 2018; 08:29:01 AM -04:00

    V3: 7.8 HIGH
     V2: 7.2 HIGH

  • CVE-2018-8207 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 200... read CVE-2018-8207
    Published: June 14, 2018; 08:29:00 AM -04:00

    V3: 4.7 MEDIUM
     V2: 1.9 LOW

  • CVE-2018-8205 A denial of service vulnerability exists when Windows improperly handles objects in memory, aka "Windows Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Serve... read CVE-2018-8205
    Published: June 14, 2018; 08:29:00 AM -04:00

    V3: 5.5 MEDIUM
     V2: 4.9 MEDIUM

  • CVE-2018-8169 An elevation of privilege vulnerability exists when the (Human Interface Device) HID Parser Library driver improperly handles objects in memory, aka "HIDParser Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Win... read CVE-2018-8169
    Published: June 14, 2018; 08:29:00 AM -04:00

    V3: 7.0 HIGH
     V2: 6.9 MEDIUM

  • CVE-2018-1040 A denial of service vulnerability exists in the way that the Windows Code Integrity Module performs hashing, aka "Windows Code Integrity Module Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows... read CVE-2018-1040
    Published: June 14, 2018; 08:29:00 AM -04:00

    V3: 5.3 MEDIUM
     V2: 5.4 MEDIUM

  • CVE-2018-1036 An elevation of privilege vulnerability exists when NTFS improperly checks access, aka "NTFS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1,... read CVE-2018-1036
    Published: June 14, 2018; 08:29:00 AM -04:00

    V3: 7.0 HIGH
     V2: 6.9 MEDIUM

  • CVE-2018-5101 A use-after-free vulnerability can occur when manipulating floating "first-letter" style elements, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 58.
    Published: June 11, 2018; 05:29:12 PM -04:00

    V3: 7.5 HIGH
     V2: 5.0 MEDIUM

  • CVE-2018-5100 A use-after-free vulnerability can occur when arguments passed to the "IsPotentiallyScrollable" function are freed while still in use by scripts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 58.
    Published: June 11, 2018; 05:29:12 PM -04:00

    V3: 7.5 HIGH
     V2: 5.0 MEDIUM

  • CVE-2018-8008 Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cp... read CVE-2018-8008
    Published: June 05, 2018; 03:29:00 PM -04:00

    V3: 5.5 MEDIUM
     V2: 5.8 MEDIUM

  • CVE-2018-11194 Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 6 of 6).
    Published: June 01, 2018; 09:29:04 PM -04:00

    V3: 8.8 HIGH
     V2: 9.0 HIGH

  • CVE-2018-11193 Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 5 of 6).
    Published: June 01, 2018; 09:29:04 PM -04:00

    V3: 8.8 HIGH
     V2: 9.0 HIGH

  • CVE-2018-11192 Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 4 of 6).
    Published: June 01, 2018; 09:29:04 PM -04:00

    V3: 8.8 HIGH
     V2: 9.0 HIGH

  • CVE-2018-11191 Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 3 of 6).
    Published: June 01, 2018; 09:29:04 PM -04:00

    V3: 8.8 HIGH
     V2: 9.0 HIGH

  • CVE-2018-11190 Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 2 of 6).
    Published: June 01, 2018; 09:29:04 PM -04:00

    V3: 8.8 HIGH
     V2: 9.0 HIGH

  • CVE-2018-11189 Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 1 of 6).
    Published: June 01, 2018; 09:29:04 PM -04:00

    V3: 8.8 HIGH
     V2: 9.0 HIGH

  • CVE-2018-11188 Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 46 of 46).
    Published: June 01, 2018; 09:29:04 PM -04:00

    V3: 8.8 HIGH
     V2: 6.5 MEDIUM

  • CVE-2018-11187 Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 45 of 46).
    Published: June 01, 2018; 09:29:04 PM -04:00

    V3: 8.8 HIGH
     V2: 6.5 MEDIUM

  • CVE-2018-11186 Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 44 of 46).
    Published: June 01, 2018; 09:29:04 PM -04:00

    V3: 8.8 HIGH
     V2: 6.5 MEDIUM

  • CVE-2018-11185 Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 43 of 46).
    Published: June 01, 2018; 09:29:04 PM -04:00

    V3: 8.8 HIGH
     V2: 6.5 MEDIUM