National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2018-6319 In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a special DeviceIoControl code that doesn't check its argument. This argument is a memory address: if a caller passes a NULL pointer or a random invalid address, the driver will cause a Blue Scre... read CVE-2018-6319
    Published: February 02, 2018; 04:29:00 PM -05:00

  • CVE-2018-6318 In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the context of the application used to test an exploit or ransomware) the DLL using a payload that runs from NTDLL.DLL (so, it's run in userland), but the driver doesn't perform any validation... read CVE-2018-6318
    Published: February 02, 2018; 04:29:00 PM -05:00

    V3: 7.8 HIGH
    V2: 9.3 HIGH

  • CVE-2018-6317 The remote management interface in Claymore Dual Miner 10.5 and earlier is vulnerable to an unauthenticated format string vulnerability, allowing remote attackers to read memory or cause a denial of service.
    Published: February 02, 2018; 04:29:00 PM -05:00

  • CVE-2018-5261 An issue was discovered in Flexense DiskBoss 8.8.16 and earlier. Due to the usage of plaintext information from the handshake as input for the encryption key used for the encryption of the rest of the session, the server and client disclose sensitive... read CVE-2018-5261
    Published: February 02, 2018; 04:29:00 PM -05:00

  • CVE-2016-0342 IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to read or modify arbitrary reports by leveraging an incorrect grant of access. IBM X-Force ID: 111783.
    Published: February 02, 2018; 04:29:00 PM -05:00

  • CVE-2016-0329 Open redirect vulnerability in IBM Emptoris Sourcing 10.0.0.x before 10.0.0.1_iFix3, 10.0.1.x before 10.0.1.3_iFix3, 10.0.2.x before 10.0.2.8_iFix1, 10.0.4.0 before 10.0.4.0_iFix8, and 10.1.0.0 before 10.1.0.0_iFix3 allows remote attackers to redirec... read CVE-2016-0329
    Published: February 02, 2018; 04:29:00 PM -05:00

  • CVE-2016-0312 IBM TRIRIGA Application Platform before 3.3.2 allows remote attackers to obtain sensitive information via vectors related to granting unauthenticated access to Document Manager. IBM X-Force ID: 111486.
    Published: February 02, 2018; 04:29:00 PM -05:00

  • CVE-2016-0311 Cross-site scripting (XSS) vulnerability in IBM Tivoli Business Service Manager 6.1.0 before 6.1.0-TIV-BSM-FP0004 and 6.1.1 before 6.1.1-TIV-BSM-FP0004 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Forc... read CVE-2016-0311
    Published: February 02, 2018; 04:29:00 PM -05:00

  • CVE-2016-0303 Cross-site scripting (XSS) vulnerability in IBM Tivoli Integrated Portal 2.2.0.0 through 2.2.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
    Published: February 02, 2018; 04:29:00 PM -05:00

  • CVE-2016-0300 IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 might allow remote attackers to access arbitrary JSP pages via vectors related to improper input validation. IBM X-Force ID: 111412.
    Published: February 02, 2018; 04:29:00 PM -05:00

  • CVE-2015-2796 Multiple cross-site scripting (XSS) vulnerabilities in Project-Pier ProjectPier-Core allow remote attackers to inject arbitrary web script or HTML via the search_for parameter to (1) search_by_tag.php, (2) search_contacts.php, or (3) search.php.
    Published: February 02, 2018; 04:29:00 PM -05:00

  • CVE-2014-1835 The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to steal the login credentials by watching the process table.
    Published: February 02, 2018; 04:29:00 PM -05:00

    V3: 7.8 HIGH
    V2: 2.1 LOW

  • CVE-2014-1834 The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to inject arbitrary code by adding a semi-colon in their username or password.
    Published: February 02, 2018; 04:29:00 PM -05:00

  • CVE-2018-6581 SQL Injection exists in the JMS Music 1.1.1 component for Joomla! via a search with the keyword, artist, or username parameter.
    Published: February 02, 2018; 12:29:00 PM -05:00

  • CVE-2018-6580 Arbitrary file upload exists in the Jimtawl 2.1.6 and 2.2.5 component for Joomla! via a view=upload&task=upload&pop=true&tmpl=component request.
    Published: February 02, 2018; 12:29:00 PM -05:00

  • CVE-2018-6579 SQL Injection exists in the JEXTN Reverse Auction 3.1.0 component for Joomla! via a view=products&uid= request.
    Published: February 02, 2018; 12:29:00 PM -05:00

  • CVE-2018-6578 SQL Injection exists in the JE PayperVideo 3.0.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request.
    Published: February 02, 2018; 12:29:00 PM -05:00

  • CVE-2018-6577 SQL Injection exists in the JEXTN Membership 3.1.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request.
    Published: February 02, 2018; 12:29:00 PM -05:00

  • CVE-2018-6576 SQL Injection exists in Event Manager 1.0 via the event.php id parameter or the page.php slug parameter.
    Published: February 02, 2018; 12:29:00 PM -05:00

  • CVE-2018-6575 SQL Injection exists in the JEXTN Classified 1.0.0 component for Joomla! via a view=boutique&sid= request.
    Published: February 02, 2018; 12:29:00 PM -05:00