National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2018-18938 An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via an ontoggle attribute to details/open/ within a second input field.
    Published: November 05, 2018; 04:29:00 AM -05:00

  • CVE-2011-4596 Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted (1) tarball o... read CVE-2011-4596
    Published: December 23, 2011; 05:55:00 PM -05:00

  • CVE-2012-4456 The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote attackers to read the roles for an arbitrary user or get, create, or delete... read CVE-2012-4456
    Published: October 09, 2012; 11:55:01 AM -04:00

    V2: 7.5 HIGH

  • CVE-2013-0270 OpenStack Keystone Grizzly before 2013.1, Folsom, and possibly earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a large HTTP request, as demonstrated by a long tenant_name when requesting a token.
    Published: April 12, 2013; 06:55:01 PM -04:00

  • CVE-2013-0282 OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass acc... read CVE-2013-0282
    Published: April 12, 2013; 06:55:01 PM -04:00

  • CVE-2013-2256 OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive information (flavor properties), boot arbitrary flavors... read CVE-2013-2256
    Published: September 16, 2013; 03:14:38 PM -04:00

  • CVE-2013-6437 The libvirt driver in OpenStack Compute (Nova) before 2013.2.2 and icehouse before icehouse-2 allows remote authenticated users to cause a denial of service (disk consumption) by creating and deleting instances with unique os_type settings, which tri... read CVE-2013-6437
    Published: March 06, 2014; 10:55:28 AM -05:00

  • CVE-2014-8333 The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state.
    Published: October 31, 2014; 10:55:07 AM -04:00

  • CVE-2018-16549 HScripts PHP File Browser Script v1.0 allows Directory Traversal via the index.php path parameter.
    Published: September 05, 2018; 05:29:03 PM -04:00

  • CVE-2018-14813 Fuji Electric V-Server 4.0.3.0 and prior, A heap-based buffer overflow vulnerability has been identified, which may allow remote code execution.
    Published: September 26, 2018; 04:29:00 PM -04:00

  • CVE-2014-3517 api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-for... read CVE-2014-3517
    Published: August 07, 2014; 07:13:34 AM -04:00

  • CVE-2018-17588 AirTies Air 5021 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.
    Published: October 02, 2018; 02:29:01 PM -04:00

  • CVE-2018-17589 AirTies Air 5650 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.
    Published: October 02, 2018; 02:29:01 PM -04:00

  • CVE-2018-17830 The $args variable in addons/mediapool/pages/index.php in REDAXO 5.6.2 is not effectively filtered, because names are not restricted (only values are restricted). The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_i... read CVE-2018-17830
    Published: October 01, 2018; 04:29:01 AM -04:00

  • CVE-2018-17587 AirTies Air 5750 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.
    Published: October 02, 2018; 02:29:01 PM -04:00

  • CVE-2018-17835 An issue was discovered in GetSimple CMS 3.3.15. An administrator can insert stored XSS via the admin/settings.php Custom Permalink Structure parameter, which injects the XSS payload into any page created at the admin/pages.php URI.
    Published: October 01, 2018; 04:29:01 AM -04:00

  • CVE-2018-18939 An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via a seventh input field.
    Published: November 05, 2018; 04:29:00 AM -05:00

  • CVE-2018-1541 IBM WebSphere Commerce Enterprise V7, V8, and V9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials discl... read CVE-2018-1541
    Published: October 24, 2018; 08:29:00 AM -04:00

  • CVE-2018-1683 IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by the failure to encrypt ORB communication. IBM X-Force ID: 145455.
    Published: September 26, 2018; 11:29:00 AM -04:00

  • CVE-2018-1702 IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive... read CVE-2018-1702
    Published: September 28, 2018; 09:29:00 AM -04:00