National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

<strong>JSON Vulnerability Feeds 1.0 Released!</strong>
JSON Feed 1.0 Released
Sign up to receive NVD News!
NVD News Google Group
XML Vulnerability Feed Retirement Timeline Update
XML Vulnerability Feeds Retirement


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2019-12211 When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered, resulting in a heap overflow.
    Published: May 20, 2019; 12:29:01 PM -04:00

    V3: 7.5 HIGH
     V2: 5.0 MEDIUM

  • CVE-2019-1000 An elevation of privilege vulnerability exists in Microsoft Azure Active Directory Connect build 1.3.20.0, which allows an attacker to execute two PowerShell cmdlets in context of a privileged account, and perform privileged actions.To exploit this,... read CVE-2019-1000
    Published: May 16, 2019; 03:29:05 PM -04:00

    V3: 5.3 MEDIUM
     V2: 3.5 LOW

  • CVE-2019-1821 A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying o... read CVE-2019-1821
    Published: May 15, 2019; 09:29:00 PM -04:00

    V3: 9.8 CRITICAL
     V2: 10.0 HIGH

  • CVE-2019-1823 A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying o... read CVE-2019-1823
    Published: May 15, 2019; 09:29:00 PM -04:00

    V3: 7.2 HIGH
     V2: 9.0 HIGH

  • CVE-2019-12213 When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp always returns 1, leading to stack exhaustion.
    Published: May 20, 2019; 12:29:01 PM -04:00

    V3: 6.5 MEDIUM
     V2: 4.3 MEDIUM

  • CVE-2018-20007 Yeelight Smart AI Speaker 3.3.10_0074 devices have improper access control over the UART interface, allowing physical attackers to obtain a root shell. The attacker can then exfiltrate the audio data, read cleartext Wi-Fi credentials in a log file, o... read CVE-2018-20007
    Published: May 16, 2019; 03:29:00 PM -04:00

    V3: 6.8 MEDIUM
     V2: 7.2 HIGH

  • CVE-2018-20839 systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mo... read CVE-2018-20839
    Published: May 17, 2019; 12:29:00 AM -04:00

    V3: 9.8 CRITICAL
     V2: 5.0 MEDIUM

  • CVE-2019-12185 eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This w... read CVE-2019-12185
    Published: May 19, 2019; 08:29:00 PM -04:00

    V3: 8.8 HIGH
     V2: 9.0 HIGH

  • CVE-2019-7353 An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 11.7.x before 11.7.4. GitLab Releases were vulnerable to an authorization issue that allowed users to view confidential issue and merge request titles of othe... read CVE-2019-7353
    Published: May 17, 2019; 01:29:00 PM -04:00

    V3: 9.1 CRITICAL
     V2: 6.4 MEDIUM

  • CVE-2019-0921 An spoofing vulnerability exists when Internet Explorer improperly handles URLs, aka 'Internet Explorer Spoofing Vulnerability'.
    Published: May 16, 2019; 03:29:02 PM -04:00

    V3: 6.5 MEDIUM
     V2: 4.3 MEDIUM

  • CVE-2019-1858 A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the SNMP application to leak system memory, which could c... read CVE-2019-1858
    Published: May 15, 2019; 10:29:00 PM -04:00

    V3: 7.5 HIGH
     V2: 5.0 MEDIUM

  • CVE-2019-5597 In FreeBSD 11.3-PRERELEASE and 12.0-STABLE before r347591, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in the pf IPv6 fragment reassembly logic incorrectly uses the last extension header offset from the last r... read CVE-2019-5597
    Published: May 15, 2019; 12:29:00 PM -04:00

    V3: 9.1 CRITICAL
     V2: 6.4 MEDIUM

  • CVE-2019-5598 In FreeBSD 11.3-PRERELEASE before r345378, 12.0-STABLE before r345377, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in pf does not check if the outer ICMP or ICMP6 packet has the same destination IP as the sour... read CVE-2019-5598
    Published: May 15, 2019; 12:29:01 PM -04:00

    V3: 7.5 HIGH
     V2: 5.0 MEDIUM

  • CVE-2019-3586 Protection Mechanism Failure in the Firewall in McAfee Endpoint Security (ENS) 10.x prior to 10.6.1 May 2019 update allows context-dependent attackers to circumvent ENS protection where GTI flagged IP addresses are not blocked by the ENS Firewall via... read CVE-2019-3586
    Published: May 15, 2019; 12:29:00 PM -04:00

    V3: 7.5 HIGH
     V2: 5.1 MEDIUM

  • CVE-2019-6578 A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G28), SINAMICS PERFECT HARMONY GH180 with NXG II control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All... read CVE-2019-6578
    Published: May 14, 2019; 04:29:04 PM -04:00

    V3: 7.5 HIGH
     V2: 5.0 MEDIUM

  • CVE-2019-6574 A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G21, G22, G23, G26, G28, G31, G32, G38, G43 or G46), SINAMICS PERFECT HARMONY GH180 with NXG II co... read CVE-2019-6574
    Published: May 14, 2019; 04:29:04 PM -04:00

    V3: 7.5 HIGH
     V2: 5.0 MEDIUM

  • CVE-2019-1784 A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validati... read CVE-2019-1784
    Published: May 15, 2019; 04:29:01 PM -04:00

    V3: 6.7 MEDIUM
     V2: 7.2 HIGH

  • CVE-2019-1795 A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due... read CVE-2019-1795
    Published: May 15, 2019; 05:29:03 PM -04:00

    V3: 6.7 MEDIUM
     V2: 7.2 HIGH

  • CVE-2019-1790 A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with valid administrator credentials to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to i... read CVE-2019-1790
    Published: May 15, 2019; 04:29:01 PM -04:00

    V3: 6.7 MEDIUM
     V2: 7.2 HIGH

  • CVE-2019-8936 NTP through 4.2.8p12 has a NULL Pointer Dereference.
    Published: May 15, 2019; 12:29:01 PM -04:00

    V3: 7.5 HIGH
     V2: 5.0 MEDIUM