National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2018-8389 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet... read CVE-2018-8389
    Published: August 15, 2018; 01:29:08 PM -04:00

    V3: 7.5 HIGH
    V2: 7.6 HIGH

  • CVE-2018-0410 A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected system. T... read CVE-2018-0410
    Published: August 15, 2018; 04:29:00 PM -04:00

    V3: 8.6 HIGH
    V2: 7.8 HIGH

  • CVE-2018-0412 A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an unauthentic... read CVE-2018-0412
    Published: August 15, 2018; 04:29:00 PM -04:00

  • CVE-2018-15120 libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences.
    Published: August 24, 2018; 03:29:01 PM -04:00

  • CVE-2018-15528 Reflected Cross-Site Scripting exists in the Java System Solutions SSO plugin 4.0.13.1 for BMC MyIT. A remote attacker can abuse this issue to inject client-side scripts into the "select_sso()" function. The payload is triggered when the victim opens... read CVE-2018-15528
    Published: August 21, 2018; 12:29:00 PM -04:00

  • CVE-2018-1000216 Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attack appear to be exploitable via Attacker must be able to force victim to print JSON data, de... read CVE-2018-1000216
    Published: August 20, 2018; 04:29:00 PM -04:00

  • CVE-2018-15685 GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code... read CVE-2018-15685
    Published: August 23, 2018; 01:29:00 AM -04:00

  • CVE-2018-1140 A missing input sanitization flaw was found in the implementation of LDP database used for the LDAP server. An attacker could use this flaw to cause a denial of service against a samba server, used as a Active Directory Domain Controller. All version... read CVE-2018-1140
    Published: August 22, 2018; 10:29:00 AM -04:00

  • CVE-2017-14447 An exploitable buffer overflow vulnerability exists in the PubNub message handler for the 'ad' channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow ov... read CVE-2017-14447
    Published: August 06, 2018; 01:29:01 PM -04:00

  • CVE-2018-1999046 A exposure of sensitive information vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in Computer.java that allows attackers With Overall/Read permission to access the connection log for any agent.
    Published: August 23, 2018; 02:29:00 PM -04:00

  • CVE-2018-1000215 Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service (DoS). This attack appear to be exploitable via If the attacker can force the data to be printed and the system is in l... read CVE-2018-1000215
    Published: August 20, 2018; 04:29:00 PM -04:00

  • CVE-2018-1999044 A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter an infinite loop.
    Published: August 23, 2018; 02:29:00 PM -04:00

  • CVE-2018-5240 The Inventory Plugin for Symantec Management Agent prior to 7.6 POST HF7, 8.0 POST HF6, or 8.1 RU7 may be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are n... read CVE-2018-5240
    Published: July 25, 2018; 12:29:00 PM -04:00

  • CVE-2018-11063 Dell WMS versions 1.1 and prior are impacted by multiple unquoted service path vulnerabilities. Affected software installs multiple services incorrectly by specifying the paths to the service executables without quotes. This could potentially allow a... read CVE-2018-11063
    Published: August 10, 2018; 04:29:00 PM -04:00

  • CVE-2018-11048 Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious us... read CVE-2018-11048
    Published: August 10, 2018; 04:29:00 PM -04:00

  • CVE-2016-8526 Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to an XML external entities (XXE). XXEs are a way to permit XML parsers to access storage that exist on external systems. If an unprivileged user is permitted to control the c... read CVE-2016-8526
    Published: August 06, 2018; 04:29:00 PM -04:00

  • CVE-2018-10931 It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context... read CVE-2018-10931
    Published: August 09, 2018; 04:29:00 PM -04:00

  • CVE-2018-11454 A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC... read CVE-2018-11454
    Published: August 07, 2018; 11:29:00 AM -04:00

  • CVE-2018-11453 A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC... read CVE-2018-11453
    Published: August 07, 2018; 11:29:00 AM -04:00

  • CVE-2017-2654 jenkins-email-ext before version 2.57.1 is vulnerable to an Information Exposure. The Email Extension Plugins is able to send emails to a dynamically created list of users based on the changelogs, like authors of SCM changes since the last successful... read CVE-2017-2654
    Published: August 06, 2018; 06:29:00 PM -04:00