National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

<strong>BETA JSON Vulnerability Feeds Now Available!</strong>
New Data Feeds
Vulnerable Product Configurations Improved!
CPE Ranges
Multiple different visualizations displaying word, CWE, CVSS score distribution and more!
Vulnerability Visualizations


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2018-7774 The vulnerability exists within processing of localize.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the username input parameter.
    Published: July 03, 2018; 10:29:01 AM -04:00

    V3: 8.8 HIGH
     V2: 6.8 MEDIUM

  • CVE-2018-7769 The vulnerability exists within processing of xmlserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter.
    Published: July 03, 2018; 10:29:00 AM -04:00

    V3: 8.8 HIGH
     V2: 6.8 MEDIUM

  • CVE-2018-7768 The vulnerability exists within processing of loadtemplate.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the tpl input parameter.
    Published: July 03, 2018; 10:29:00 AM -04:00

    V3: 8.8 HIGH
     V2: 6.8 MEDIUM

  • CVE-2018-7767 The vulnerability exists within processing of editobject.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the type input parameter.
    Published: July 03, 2018; 10:29:00 AM -04:00

    V3: 8.8 HIGH
     V2: 6.8 MEDIUM

  • CVE-2018-7766 The vulnerability exists within processing of track_getdata.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter.
    Published: July 03, 2018; 10:29:00 AM -04:00

    V3: 8.8 HIGH
     V2: 6.8 MEDIUM

  • CVE-2018-7765 The vulnerability exists within processing of track_import_export.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the object_id input parameter.
    Published: July 03, 2018; 10:29:00 AM -04:00

    V3: 8.8 HIGH
     V2: 6.8 MEDIUM

  • CVE-2018-7475 Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in IceWarp Mail Server 12.0.3 allows remote attackers to inject arbitrary web script or HTML.
    Published: June 30, 2018; 10:29:00 AM -04:00

    V3: 6.1 MEDIUM
     V2: 4.3 MEDIUM

  • CVE-2018-13040 OpenSID 18.06-pasca has a CSRF vulnerability. This vulnerability can add an account (at the admin level) via the index.php/man_user/insert URI.
    Published: July 01, 2018; 02:29:00 PM -04:00

    V3: 8.8 HIGH
     V2: 6.8 MEDIUM

  • CVE-2018-8802 SQL injection vulnerability in the management interface in ePortal Manager allows remote attackers to execute arbitrary SQL commands via unspecified parameters.
    Published: March 26, 2018; 05:29:00 PM -04:00

    V3: 8.1 HIGH
     V2: 6.5 MEDIUM

  • CVE-2018-1000204 ** DISPUTED ** Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the userspace. This has been fix... read CVE-2018-1000204
    Published: June 26, 2018; 10:29:02 AM -04:00

    V3: 5.3 MEDIUM
     V2: 6.3 MEDIUM

  • CVE-2018-0331 A vulnerability in the Cisco Discovery Protocol (formerly known as CDP) subsystem of devices running, or based on, Cisco NX-OS Software contain a vulnerability that could allow an unauthenticated, adjacent attacker to create a denial of service (DoS)... read CVE-2018-0331
    Published: June 21, 2018; 07:29:00 AM -04:00

    V3: 6.5 MEDIUM
     V2: 6.1 MEDIUM

  • CVE-2018-0330 A vulnerability in the NX-API management application programming interface (API) in devices running, or based on, Cisco NX-OS Software could allow an authenticated, remote attacker to execute commands with elevated privileges. The vulnerability is du... read CVE-2018-0330
    Published: June 20, 2018; 05:29:00 PM -04:00

    V3: 8.8 HIGH
     V2: 6.5 MEDIUM

  • CVE-2018-0307 A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker c... read CVE-2018-0307
    Published: June 20, 2018; 05:29:00 PM -04:00

    V3: 7.8 HIGH
     V2: 7.2 HIGH

  • CVE-2018-0301 A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to craft a packet to the management interface on an affected system, causing a buffer overflow. The vulnerability is due to incorrect input... read CVE-2018-0301
    Published: June 20, 2018; 05:29:00 PM -04:00

    V3: 9.8 CRITICAL
     V2: 10.0 HIGH

  • CVE-2018-0298 A vulnerability in the web UI of Cisco FXOS and Cisco UCS Fabric Interconnect Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected system. The vulnerability is due to incorrect input validation in the web... read CVE-2018-0298
    Published: June 21, 2018; 07:29:00 AM -04:00

    V3: 7.5 HIGH
     V2: 7.8 HIGH

  • CVE-2018-0295 A vulnerability in the Border Gateway Protocol (BGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the device unexpectedly reloading. The vulnerability is du... read CVE-2018-0295
    Published: June 20, 2018; 05:29:00 PM -04:00

    V3: 7.5 HIGH
     V2: 7.8 HIGH

  • CVE-2018-0294 A vulnerability in the write-erase feature of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to configure an unauthorized administrator account for an affected device. The vulnerability exists because the af... read CVE-2018-0294
    Published: June 20, 2018; 05:29:00 PM -04:00

    V3: 6.7 MEDIUM
     V2: 7.2 HIGH

  • CVE-2018-0293 A vulnerability in role-based access control (RBAC) for Cisco NX-OS Software could allow an authenticated, remote attacker to execute CLI commands that should be restricted for a nonadministrative user. The attacker would have to possess valid user c... read CVE-2018-0293
    Published: June 20, 2018; 05:29:00 PM -04:00

    V3: 8.8 HIGH
     V2: 9.0 HIGH

  • CVE-2018-0292 A vulnerability in the Internet Group Management Protocol (IGMP) Snooping feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code and gain full control of an affected system. The attacker could also... read CVE-2018-0292
    Published: June 20, 2018; 05:29:00 PM -04:00

    V3: 8.8 HIGH
     V2: 8.3 HIGH

  • CVE-2018-0291 A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly. The vulnerabili... read CVE-2018-0291
    Published: June 20, 2018; 05:29:00 PM -04:00

    V3: 6.5 MEDIUM
     V2: 6.8 MEDIUM