National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2015-3908 Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary val... read CVE-2015-3908
    Published: August 12, 2015; 10:59:21 AM -04:00

  • CVE-2018-0387 A vulnerability in Cisco Webex Teams (for Windows and macOS) could allow an unauthenticated, remote attacker to execute arbitrary code on the user's device, possibly with elevated privileges. The vulnerability occurs because Cisco Webex Teams does no... read CVE-2018-0387
    Published: July 18, 2018; 07:29:01 PM -04:00

    V3: 8.8 HIGH
    V2: 9.3 HIGH

  • CVE-2015-6240 The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack.
    Published: June 07, 2017; 04:29:00 PM -04:00

    V3: 7.8 HIGH
    V2: 7.2 HIGH

  • CVE-2013-4260 lib/ansible/playbook/__init__.py in Ansible 1.2.x before 1.2.3, when playbook does not run due to an error, allows local users to overwrite arbitrary files via a symlink attack on a retry file with a predictable name in /var/tmp/ansible/.
    Published: September 16, 2013; 03:14:39 PM -04:00

    V2: 3.3 LOW

  • CVE-2014-3498 The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands.
    Published: June 08, 2017; 02:29:00 PM -04:00

  • CVE-2018-1503 IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a remotely authenticated attacker to to send invalid or malformed headers that could cause messages to no longer be transmitted via the affected channel. IBM X-Force ID: 141339.
    Published: July 23, 2018; 09:29:00 AM -04:00

  • CVE-2018-14527 Feedback.asp in Xiao5uCompany 1.7 has XSS because the XSS protection mechanism in Safe.asp is insufficient (for example, it considers SCRIPT and IMG elements, but does not consider VIDEO elements).
    Published: July 23, 2018; 04:29:00 AM -04:00

  • CVE-2018-14551 The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory corruption.
    Published: July 23, 2018; 04:29:00 AM -04:00

  • CVE-2018-8018 Apache Ignite 2.5 and earlier serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vul... read CVE-2018-8018
    Published: July 19, 2018; 09:29:04 PM -04:00

  • CVE-2017-7468 In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resu... read CVE-2017-7468
    Published: July 16, 2018; 09:29:00 AM -04:00

  • CVE-2018-7602 A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability... read CVE-2018-7602
    Published: July 19, 2018; 01:29:00 PM -04:00

  • CVE-2018-14606 An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur via a Milestone name during a promotion.
    Published: July 26, 2018; 10:29:00 PM -04:00

  • CVE-2018-1002208 sharplibzip before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
    Published: July 25, 2018; 01:29:02 PM -04:00

  • CVE-2018-1002202 zip4j before 1.3.3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
    Published: July 25, 2018; 01:29:00 PM -04:00

  • CVE-2018-5536 A remote attacker via undisclosed measures, may be able to exploit an F5 BIG-IP APM 13.0.0-13.1.0.7 or 12.1.0-12.1.3.5 virtual server configured with an APM per-request policy object and cause a memory leak in the APM module.
    Published: July 25, 2018; 10:29:00 AM -04:00

  • CVE-2018-1002201 zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
    Published: July 25, 2018; 01:29:00 PM -04:00

  • CVE-2018-1002204 adm-zip npm library before 0.4.9 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip... read CVE-2018-1002204
    Published: July 25, 2018; 01:29:01 PM -04:00

  • CVE-2018-1002206 SharpCompress before 0.21.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
    Published: July 25, 2018; 01:29:01 PM -04:00

  • CVE-2018-14605 An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the branch name during a Web IDE file commit.
    Published: July 26, 2018; 10:29:00 PM -04:00

  • CVE-2018-14604 An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the tooltip of the job inside the CI/CD pipeline.
    Published: July 26, 2018; 10:29:00 PM -04:00