National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2019-17672 — WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements.
    Published: October 17, 2019; 09:15:11 AM -04:00

    V3.1: 6.1 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2019-17673 — WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin header.
    Published: October 17, 2019; 09:15:11 AM -04:00

    V3.1: 7.5 HIGH
        V2: 5.0 MEDIUM

  • CVE-2019-17674 — WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripting) via the Customizer.
    Published: October 17, 2019; 09:15:11 AM -04:00

    V3.1: 5.4 MEDIUM
        V2: 3.5 LOW

  • CVE-2019-17675 — WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF.
    Published: October 17, 2019; 09:15:11 AM -04:00

    V3.1: 8.8 HIGH
        V2: 6.8 MEDIUM

  • CVE-2019-0073 — The PKI keys exported using the command "run request security pki key-pair export" on Junos OS may have insecure file permissions. This may allow another user on the Junos OS device with shell access to read them. This issue affects: Juniper Networks... read CVE-2019-0073
    Published: October 09, 2019; 04:15:18 PM -04:00

    V3.1: 7.1 HIGH
        V2: 2.1 LOW

  • CVE-2019-10447 — Jenkins Sofy.AI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
    Published: October 16, 2019; 10:15:12 AM -04:00

    V3.1: 4.3 MEDIUM
        V2: 4.0 MEDIUM

  • CVE-2019-17546 — tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.
    Published: October 13, 2019; 10:15:11 PM -04:00

    V3.1: 8.8 HIGH
        V2: 6.8 MEDIUM

  • CVE-2019-16522 — The eu-cookie-law plugin through 3.0.6 for WordPress (aka EU Cookie Law (GDPR)) is susceptible to Stored XSS due to improper encoding of several configuration options in the admin area and the displayed cookie consent message. This affects Font Color... read CVE-2019-16522
    Published: October 16, 2019; 11:15:15 AM -04:00

    V3.1: 4.8 MEDIUM
        V2: 3.5 LOW

  • CVE-2019-15258 — A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to impr... read CVE-2019-15258
    Published: October 16, 2019; 03:15:13 PM -04:00

    V3.1: 6.5 MEDIUM
        V2: 6.8 MEDIUM

  • CVE-2019-2946 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via... read CVE-2019-2946
    Published: October 16, 2019; 02:15:29 PM -04:00

    V3.1: 6.5 MEDIUM
        V2: 4.0 MEDIUM

  • CVE-2019-10449 — Jenkins Fortify on Demand Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
    Published: October 16, 2019; 10:15:12 AM -04:00

    V3.1: 8.8 HIGH
        V2: 4.0 MEDIUM

  • CVE-2019-2884 — Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Segment). The supported version that is affected is 17.0. Difficult to exploit vulnerability allows unauthenticated a... read CVE-2019-2884
    Published: October 16, 2019; 02:15:26 PM -04:00

    V3.1: 5.9 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2019-2935 — Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: EAI). Supported versions that are affected are 19.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi... read CVE-2019-2935
    Published: October 16, 2019; 02:15:29 PM -04:00

    V3.1: 5.3 MEDIUM
        V2: 5.0 MEDIUM

  • CVE-2019-10450 — Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
    Published: October 16, 2019; 10:15:12 AM -04:00

    V3.1: 3.3 LOW
        V2: 2.1 LOW

  • CVE-2019-2923 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with... read CVE-2019-2923
    Published: October 16, 2019; 02:15:28 PM -04:00

    V3.1: 5.3 MEDIUM
        V2: 5.0 MEDIUM

  • CVE-2019-10452 — Jenkins View26 Test-Reporting Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
    Published: October 16, 2019; 10:15:13 AM -04:00

    V3.1: 4.3 MEDIUM
        V2: 4.0 MEDIUM

  • CVE-2019-10453 — Jenkins Delphix Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
    Published: October 16, 2019; 10:15:13 AM -04:00

    V3.1: 7.8 HIGH
        V2: 2.1 LOW

  • CVE-2019-10446 — Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM.
    Published: October 16, 2019; 10:15:12 AM -04:00

    V3.1: 8.2 HIGH
        V2: 6.4 MEDIUM

  • CVE-2019-10445 — A missing permission check in Jenkins Google Kubernetes Engine Plugin 0.7.0 and earlier allowed attackers with Overall/Read permission to obtain limited information about the scope of a credential with an attacker-specified credentials ID.
    Published: October 16, 2019; 10:15:12 AM -04:00

    V3.1: 4.3 MEDIUM
        V2: 4.0 MEDIUM

  • CVE-2019-10448 — Jenkins Extensive Testing Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
    Published: October 16, 2019; 10:15:12 AM -04:00

    V3.1: 8.8 HIGH
        V2: 4.0 MEDIUM