National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

JSON 1.1 Vulnerability Feed Soon!!!
JSON 1.1 Vulnerability Feed Announcement
CVSS 3.1 Support Coming Soon!
CVSS Version 3.1 Support Coming Soon!
XML Vulnerability Feeds Retirement
XML Vulnerability Feeds Retirement


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2019-15047 An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in the function AP4_BitReader::SkipBits at Core/Ap4Utils.cpp.
    Published: August 14, 2019; 12:15:12 PM -04:00

    V3: 8.8 HIGH
     V2: 6.8 MEDIUM

  • CVE-2019-15049 An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in the AP4_Dec3Atom class at Core/Ap4Dec3Atom.cpp.
    Published: August 14, 2019; 12:15:12 PM -04:00

    V3: 8.8 HIGH
     V2: 6.8 MEDIUM

  • CVE-2019-15048 An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer overflow in the AP4_RtpAtom class at Core/Ap4RtpAtom.cpp.
    Published: August 14, 2019; 12:15:12 PM -04:00

    V3: 8.8 HIGH
     V2: 6.8 MEDIUM

  • CVE-2019-15050 An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in the AP4_AvccAtom class at Core/Ap4AvccAtom.cpp.
    Published: August 14, 2019; 12:15:12 PM -04:00

    V3: 7.8 HIGH
     V2: 6.8 MEDIUM

  • CVE-2019-15120 The Kunena extension before 5.1.14 for Joomla! allows XSS via BBCode.
    Published: August 16, 2019; 11:15:11 AM -04:00

    V3: 6.1 MEDIUM
     V2: 4.3 MEDIUM

  • CVE-2019-5237 Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versions before 9.0.1.70 (China) have a code execution vulnerability. Successful exploitation may cause the attacker to execute code and read/write information.
    Published: August 08, 2019; 01:15:11 PM -04:00

    V3: 7.8 HIGH
     V2: 6.8 MEDIUM

  • CVE-2019-1150 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1144, CVE-2019-1145, CVE... read CVE-2019-1150
    Published: August 14, 2019; 05:15:14 PM -04:00

    V3: 8.8 HIGH
     V2: 9.3 HIGH

  • CVE-2019-14948 The woocommerce-product-addon plugin before 18.4 for WordPress has XSS via an import of a new meta data structure.
    Published: August 12, 2019; 11:15:12 AM -04:00

    V3: 5.4 MEDIUM
     V2: 3.5 LOW

  • CVE-2019-1151 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1144, CVE-2019-1145, CVE... read CVE-2019-1151
    Published: August 14, 2019; 05:15:14 PM -04:00

    V3: 8.8 HIGH
     V2: 9.3 HIGH

  • CVE-2019-1144 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1145, CVE-2019-1149, CVE... read CVE-2019-1144
    Published: August 14, 2019; 05:15:14 PM -04:00

    V3: 8.8 HIGH
     V2: 9.3 HIGH

  • CVE-2017-18515 The wp-statistics plugin before 12.0.8 for WordPress has SQL injection.
    Published: August 14, 2019; 10:15:14 AM -04:00

    V3: 9.8 CRITICAL
     V2: 7.5 HIGH

  • CVE-2017-18548 The note-press plugin before 0.1.2 for WordPress has SQL injection.
    Published: August 16, 2019; 10:15:09 AM -04:00

    V3: 9.8 CRITICAL
     V2: 7.5 HIGH

  • CVE-2015-9306 The wp-ultimate-csv-importer plugin before 3.8.1 for WordPress has XSS.
    Published: August 12, 2019; 11:15:11 AM -04:00

    V3: 6.1 MEDIUM
     V2: 4.3 MEDIUM

  • CVE-2015-9303 The simple-share-buttons-adder plugin before 6.0.0 for WordPress has XSS.
    Published: August 12, 2019; 12:15:12 PM -04:00

    V3: 6.1 MEDIUM
     V2: 4.3 MEDIUM

  • CVE-2016-10878 The wp-google-map-plugin plugin before 3.1.2 for WordPress has XSS.
    Published: August 12, 2019; 11:15:11 AM -04:00

    V3: 6.1 MEDIUM
     V2: 4.3 MEDIUM

  • CVE-2019-1152 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1144, CVE-2019-1145, CVE... read CVE-2019-1152
    Published: August 14, 2019; 05:15:15 PM -04:00

    V3: 8.8 HIGH
     V2: 9.3 HIGH

  • CVE-2017-18499 The simple-membership plugin before 3.5.7 for WordPress has XSS.
    Published: August 12, 2019; 12:15:12 PM -04:00

    V3: 6.1 MEDIUM
     V2: 4.3 MEDIUM

  • CVE-2017-18506 The woocommerce-pdf-invoices-packing-slips plugin before 2.0.13 for WordPress has XSS via the tab or section variable on settings screens.
    Published: August 12, 2019; 11:15:11 AM -04:00

    V3: 6.1 MEDIUM
     V2: 4.3 MEDIUM

  • CVE-2019-5223 PCManager 9.1.3.1 has an improper authentication vulnerability. The certain driver interface of the software does not perform a validation of user-mode data properly, successful exploit could result in malicious code execution.
    Published: August 13, 2019; 05:15:12 PM -04:00

    V3: 7.8 HIGH
     V2: 6.8 MEDIUM

  • CVE-2019-14221 1CRM On-Premise Software 8.5.7 allows XSS via a payload that is mishandled during a Run Report operation.
    Published: August 08, 2019; 09:15:12 AM -04:00

    V3: 5.4 MEDIUM
     V2: 3.5 LOW