National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

<strong>JSON Vulnerability Feeds 1.0 Released!</strong>
JSON Feed 1.0 Released
Sign up to receive NVD News!
NVD News Google Group
XML Vulnerability Feed Retirement Timeline Update
XML Vulnerability Feeds Retirement


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2019-12155 interface_release_resource in hw/display/qxl.c in QEMU 4.0.0 has a NULL pointer dereference.
    Published: May 24, 2019; 12:29:00 PM -04:00

    V3: 7.5 HIGH
     V2: 5.0 MEDIUM

  • CVE-2019-5803 Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
    Published: May 23, 2019; 04:29:01 PM -04:00

    V3: 6.5 MEDIUM
     V2: 4.3 MEDIUM

  • CVE-2019-5801 Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
    Published: May 23, 2019; 04:29:01 PM -04:00

    V3: 6.5 MEDIUM
     V2: 4.3 MEDIUM

  • CVE-2019-5799 Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
    Published: May 23, 2019; 04:29:01 PM -04:00

    V3: 6.5 MEDIUM
     V2: 4.3 MEDIUM

  • CVE-2019-5800 Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
    Published: May 23, 2019; 04:29:01 PM -04:00

    V3: 6.5 MEDIUM
     V2: 4.3 MEDIUM

  • CVE-2019-7027 Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary co... read CVE-2019-7027
    Published: May 24, 2019; 02:29:01 PM -04:00

    V3: 9.8 CRITICAL
     V2: 10.0 HIGH

  • CVE-2018-7780 In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, a buffer overflow vulnerability exist in cgi program "set".
    Published: July 03, 2018; 10:29:01 AM -04:00

    V3: 9.8 CRITICAL
     V2: 7.5 HIGH

  • CVE-2018-7781 In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, by sending a specially crafted request an authenticated user can view password in clear text and results in privilege escalation.
    Published: July 03, 2018; 10:29:01 AM -04:00

    V3: 8.8 HIGH
     V2: 4.0 MEDIUM

  • CVE-2018-7782 In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, authenticated users can view passwords in clear text.
    Published: July 03, 2018; 10:29:01 AM -04:00

    V3: 8.8 HIGH
     V2: 4.0 MEDIUM

  • CVE-2019-10854 Computrols CBAS 18.0.0 allows Authenticated Command Injection.
    Published: May 23, 2019; 03:29:00 PM -04:00

    V3: 8.8 HIGH
     V2: 9.0 HIGH

  • CVE-2019-10851 Computrols CBAS 18.0.0 has hard-coded encryption keys.
    Published: May 23, 2019; 03:29:00 PM -04:00

    V3: 6.5 MEDIUM
     V2: 4.0 MEDIUM

  • CVE-2019-10852 Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via the id GET parameter, as demonstrated by the index.php?m=servers&a=start_pulling&id= substring.
    Published: May 23, 2019; 03:29:00 PM -04:00

    V3: 8.8 HIGH
     V2: 6.5 MEDIUM

  • CVE-2019-10849 Computrols CBAS 18.0.0 allows unprotected Subversion (SVN) directory / source code disclosure.
    Published: May 23, 2019; 04:29:00 PM -04:00

    V3: 7.5 HIGH
     V2: 5.0 MEDIUM

  • CVE-2016-8897 Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/help/controllers/helpController.php.
    Published: May 23, 2019; 03:29:00 PM -04:00

    V3: 9.8 CRITICAL
     V2: 7.5 HIGH

  • CVE-2018-7829 An Improper Neutralization of Special Elements in Query vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which allows an attacker to execute arbitrary system commands.
    Published: May 22, 2019; 04:29:01 PM -04:00

    V3: 8.8 HIGH
     V2: 9.0 HIGH

  • CVE-2016-8899 Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expCatController.php related to change_cats.
    Published: May 23, 2019; 03:29:00 PM -04:00

    V3: 9.8 CRITICAL
     V2: 7.5 HIGH

  • CVE-2019-10846 Computrols CBAS 18.0.0 allows Unauthenticated Reflected Cross-Site Scripting vulnerabilities in the login page and password reset page via the username GET parameter.
    Published: May 23, 2019; 04:29:00 PM -04:00

    V3: 6.1 MEDIUM
     V2: 4.3 MEDIUM

  • CVE-2019-10850 Computrols CBAS 18.0.0 has Default Credentials.
    Published: May 23, 2019; 04:29:00 PM -04:00

    V3: 9.8 CRITICAL
     V2: 10.0 HIGH

  • CVE-2019-10855 Computrols CBAS 18.0.0 mishandles password hashes. The approach is MD5 with a pw prefix, e.g., if the password is admin, it will calculate the MD5 hash of pwadmin and store it in a MySQL database.
    Published: May 23, 2019; 03:29:01 PM -04:00

    V3: 7.5 HIGH
     V2: 5.0 MEDIUM

  • CVE-2019-12044 A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23 and Citrix Application Delivery Controller 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10... read CVE-2019-12044
    Published: May 22, 2019; 12:29:01 PM -04:00

    V3: 7.5 HIGH
     V2: 5.0 MEDIUM