National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2017-18211 In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function saveBinaryCLProgram in magick/opencl.c because a program-lookup result is not checked, related to CacheOpenCLKernel.
    Published: March 01, 2018; 04:29:00 PM -05:00

  • CVE-2017-18029 In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.
    Published: January 12, 2018; 03:29:00 PM -05:00

  • CVE-2017-18028 In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allow remote attackers to cause a denial of service via a crafted file.
    Published: January 12, 2018; 03:29:00 PM -05:00

  • CVE-2017-18027 In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.
    Published: January 12, 2018; 03:29:00 PM -05:00

  • CVE-2017-18008 In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in coders/pwp.c.
    Published: January 01, 2018; 03:29:00 AM -05:00

  • CVE-2018-18898 The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing.
    Published: March 21, 2019; 12:00:29 PM -04:00

  • CVE-2018-15906 SolarWinds Serv-U FTP Server 15.1.6 allows remote authenticated users to execute arbitrary code by leveraging the Import feature and modifying a CSV file.
    Published: March 21, 2019; 12:00:21 PM -04:00

    V3: 7.2 HIGH
    V2: 9.0 HIGH

  • CVE-2018-18435 KioWare Server 4.9.6 allows local users to gain privileges by replacing \kioware_com\KWSS.exe with a Trojan horse program, because \kioware_com has "Everyone: (F)" permissions.
    Published: March 21, 2019; 12:00:28 PM -04:00

    V3: 7.8 HIGH
    V2: 7.2 HIGH

  • CVE-2018-18607 An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols... read CVE-2018-18607
    Published: October 23, 2018; 01:29:00 PM -04:00

  • CVE-2018-16519 COYO 9.0.8, 10.0.11 and 12.0.4 has cross-site scripting (XSS) via URLs used by "iFrame" widgets.
    Published: March 21, 2019; 12:00:22 PM -04:00

  • CVE-2018-19511 wg7.php in Webgalamb 7.0 lacks security measures to prevent CSRF attacks, as demonstrated by wg7.php?options=1 to change the administrator password.
    Published: March 21, 2019; 12:00:31 PM -04:00

  • CVE-2018-20121 Podcast Generator 2.7 has stored cross-site scripting (XSS) via the URL addcategory parameter.
    Published: March 21, 2019; 12:00:34 PM -04:00

  • CVE-2018-12638 An issue was discovered in the Bose Soundtouch app 18.1.4 for iOS. There is no frontend input validation of the device name. A malicious device name can execute JavaScript on the registered Bose User Account if a speaker has been connected to the app... read CVE-2018-12638
    Published: March 21, 2019; 12:00:14 PM -04:00

  • CVE-2018-19510 subscriber.php in Webgalamb through 7.0 is vulnerable to SQL injection via the Client-IP HTTP request header.
    Published: March 21, 2019; 12:00:31 PM -04:00

  • CVE-2018-19509 wg7.php in Webgalamb 7.0 makes opportunistic calls to htmlspecialchars() instead of using a templating engine with proper contextual encoding. Because it is possible to insert arbitrary strings into the database, any JavaScript could be executed by t... read CVE-2018-19509
    Published: March 21, 2019; 12:00:31 PM -04:00

  • CVE-2018-20635 PHP Scripts Mall Advance B2B Script 2.1.4 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory.
    Published: March 21, 2019; 12:00:36 PM -04:00

  • CVE-2018-20634 PHP Scripts Mall Advance B2B Script 2.1.4 allows remote attackers to cause a denial of service (changed Page structure) via JavaScript code in the First Name field.
    Published: March 21, 2019; 12:00:36 PM -04:00

  • CVE-2018-20633 PHP Scripts Mall Advance B2B Script 2.1.4 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature.
    Published: March 21, 2019; 12:00:36 PM -04:00

  • CVE-2018-20632 PHP Scripts Mall Advance B2B Script 2.1.4 has stored Cross-Site Scripting (XSS) via the FIRST NAME or LAST NAME field.
    Published: March 21, 2019; 12:00:36 PM -04:00

  • CVE-2019-6727 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The... read CVE-2019-6727
    Published: March 21, 2019; 12:01:09 PM -04:00