National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2018-8455 An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows... read CVE-2018-8455
    Published: September 12, 2018; 08:29:05 PM -04:00

  • CVE-2018-8475 A remote code execution vulnerability exists when Windows does not properly handle specially crafted image files, aka "Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008,... read CVE-2018-8475
    Published: September 12, 2018; 08:29:07 PM -04:00

  • CVE-2018-9081 For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add... read CVE-2018-9081
    Published: September 28, 2018; 04:29:01 PM -04:00

  • CVE-2018-17868 DASAN H660GW devices have Stored XSS in the Port Forwarding functionality.
    Published: October 01, 2018; 07:29:00 PM -04:00

  • CVE-2018-17595 In the 5.4.0 version of the Fork CMS software, HTML Injection and Stored XSS vulnerabilities were discovered via the /backend/ajax URI.
    Published: October 02, 2018; 02:29:02 PM -04:00

  • CVE-2018-17596 In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was discovered in the 6.2.0 version via the /AssetDef.do ciName or assetName parameter.
    Published: October 02, 2018; 02:29:02 PM -04:00

  • CVE-2018-17886 An issue was discovered in JEESNS 1.3. The XSS filter in com.lxinet.jeesns.core.utils.XssHttpServletRequestWrapper.java could be bypassed, as demonstrated by a <svg/onLoad=confirm substring. NOTE: this vulnerability exists because of an incomplete... read CVE-2018-17886
    Published: October 02, 2018; 02:29:02 PM -04:00

  • CVE-2018-17947 The Snazzy Maps plugin before 1.1.5 for WordPress has XSS via the text or tab parameter.
    Published: October 03, 2018; 04:29:00 AM -04:00

  • CVE-2018-17876 A Stored XSS vulnerability has been discovered in the v5.5.0 version of the Coaster CMS product.
    Published: October 04, 2018; 03:29:00 PM -04:00

  • CVE-2018-17946 The Tribulant Slideshow Gallery plugin before 1.6.6.1 for WordPress has XSS via the id, method, Gallerymessage, Galleryerror, or Galleryupdated parameter.
    Published: October 03, 2018; 04:29:00 AM -04:00

  • CVE-2016-0750 The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code executi... read CVE-2016-0750
    Published: September 11, 2018; 09:29:00 AM -04:00

  • CVE-2016-7068 An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which mi... read CVE-2016-7068
    Published: September 11, 2018; 09:29:00 AM -04:00

    V3: 7.5 HIGH
    V2: 7.8 HIGH

  • CVE-2016-7071 It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they... read CVE-2016-7071
    Published: September 10, 2018; 11:29:00 AM -04:00

    V3: 8.8 HIGH
    V2: 9.0 HIGH

  • CVE-2016-7074 An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing ch... read CVE-2016-7074
    Published: September 11, 2018; 09:29:01 AM -04:00

  • CVE-2016-7073 An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing ch... read CVE-2016-7073
    Published: September 11, 2018; 09:29:01 AM -04:00

  • CVE-2016-7066 It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations.
    Published: September 11, 2018; 10:29:00 AM -04:00

  • CVE-2018-8332 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Win32k Graphics Remote Code Execution Vulnerability." This affects Windows 7, Microsoft Office, Windows Server 2012 R... read CVE-2018-8332
    Published: September 12, 2018; 08:29:00 PM -04:00

    V3: 8.8 HIGH
    V2: 9.3 HIGH

  • CVE-2018-8430 A remote code execution vulnerability exists in Microsoft Word if a user opens a specially crafted PDF file, aka "Word PDF Remote Code Execution Vulnerability." This affects Microsoft Word, Microsoft Office.
    Published: September 12, 2018; 08:29:03 PM -04:00

    V3: 7.8 HIGH
    V2: 9.3 HIGH

  • CVE-2018-8331 A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office.
    Published: September 12, 2018; 08:29:00 PM -04:00

    V3: 7.8 HIGH
    V2: 9.3 HIGH

  • CVE-2018-10937 A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform 3.11. An attacker with the ability to create pods can use this flaw to perform actions on the K8s API as the victim.
    Published: September 11, 2018; 12:29:00 PM -04:00