National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

<strong>BETA JSON Vulnerability Feeds Now Available!</strong>
New Data Feeds
Vulnerable Product Configurations Improved!
CPE Ranges
Multiple different visualizations displaying word, CWE, CVSS score distribution and more!
Vulnerability Visualizations


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2018-10598 CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has two out-of-bounds read vulnerabilities could cause the software to crash due to lacking user input validation for processing project files. Which may allow an attacker to gain re... read CVE-2018-10598
    Published: August 13, 2018; 05:47:58 PM -04:00

    V3: 8.1 HIGH
     V2: 5.8 MEDIUM

  • CVE-2018-15534 Geutebrueck re_porter 16 before 7.8.974.20 has a possibility of unauthenticated access to sensitive information including usernames and hashes via a direct request for /statistics/gscsetup.xml on TCP port 12003.
    Published: August 21, 2018; 12:29:00 PM -04:00

    V3: 9.8 CRITICAL
     V2: 5.0 MEDIUM

  • CVE-2018-15533 A reflected cross-site scripting vulnerability exists in Geutebrueck re_porter 16 before 7.8.974.20 by appending a query string to /modifychannel/exec or /images/*.png on TCP port 12005.
    Published: August 21, 2018; 12:29:00 PM -04:00

    V3: 6.1 MEDIUM
     V2: 4.3 MEDIUM

  • CVE-2018-11561 An integer overflow in the unprotected distributeToken function of a smart contract implementation for EETHER (EETHER), an Ethereum ERC20 token, will lead to an unauthorized increase of an attacker's digital assets.
    Published: August 08, 2018; 01:29:00 PM -04:00

    V3: 7.5 HIGH
     V2: 5.0 MEDIUM

  • CVE-2018-10921 Certain input files may trigger an integer overflow in ttembed input file processing. This overflow could potentially lead to corruption of the input file due to a lack of checking return codes of fgetc/fputc function calls.
    Published: August 02, 2018; 02:29:00 PM -04:00

    V3: 7.5 HIGH
     V2: 5.0 MEDIUM

  • CVE-2018-12448 Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser's address bar when visiting a non-http page, which allows an attacker to display a malicious web page with a fake domain name.
    Published: August 02, 2018; 09:29:00 AM -04:00

    V3: 5.3 MEDIUM
     V2: 5.0 MEDIUM

  • CVE-2018-8378 An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Office Information Disclosure Vulnerability." This a... read CVE-2018-8378
    Published: August 15, 2018; 01:29:07 PM -04:00

    V3: 5.5 MEDIUM
     V2: 4.3 MEDIUM

  • CVE-2018-15353 A Buffer Overflow exploited through web interface by remote attacker can cause remote code execution in Kraftway 24F2XG Router firmware 3.5.30.1118.
    Published: August 17, 2018; 10:29:00 AM -04:00

    V3: 9.8 CRITICAL
     V2: 10.0 HIGH

  • CVE-2018-15351 Denial of service via crafting malicious link and sending it to a privileged user can cause Denial of Service in Kraftway 24F2XG Router firmware version 3.5.30.1118.
    Published: August 17, 2018; 10:29:00 AM -04:00

    V3: 6.5 MEDIUM
     V2: 7.1 HIGH

  • CVE-2018-11687 An integer overflow in the distributeBTR function of a smart contract implementation for Bitcoin Red (BTCR), an Ethereum ERC20 token, allows the owner to accomplish an unauthorized increase of digital assets by providing a large address[] array, as e... read CVE-2018-11687
    Published: August 15, 2018; 01:29:00 PM -04:00

    V3: 7.5 HIGH
     V2: 5.0 MEDIUM

  • CVE-2016-9598 libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2... read CVE-2016-9598
    Published: August 16, 2018; 04:29:00 PM -04:00

    V3: 6.5 MEDIUM
     V2: 4.3 MEDIUM

  • CVE-2016-9596 libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix fo... read CVE-2016-9596
    Published: August 16, 2018; 04:29:00 PM -04:00

    V3: 6.5 MEDIUM
     V2: 4.3 MEDIUM

  • CVE-2018-10140 The PAN-OS Management Web Interface in Palo Alto Networks PAN-OS 8.1.2 and earlier may allow an authenticated user to shut down all management sessions, resulting in all logged in users to be redirected to the login page. PAN-OS 6.1, PAN-OS 7.1 and P... read CVE-2018-10140
    Published: August 16, 2018; 02:29:00 PM -04:00

    V3: 4.3 MEDIUM
     V2: 4.0 MEDIUM

  • CVE-2018-10139 The PAN-OS response for GlobalProtect Gateway in Palo Alto Networks PAN-OS 6.1.21 and earlier, PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11 and earlier may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. PAN-OS 8.1 is NOT affect... read CVE-2018-10139
    Published: August 16, 2018; 02:29:00 PM -04:00

    V3: 6.1 MEDIUM
     V2: 4.3 MEDIUM

  • CVE-2018-0428 A vulnerability in the account management subsystem of Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to elevate privileges to root. The attacker must authenticate with valid administrator credentials. The vulnerabili... read CVE-2018-0428
    Published: August 15, 2018; 04:29:01 PM -04:00

    V3: 6.7 MEDIUM
     V2: 7.2 HIGH

  • CVE-2018-8396 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2... read CVE-2018-8396
    Published: August 15, 2018; 01:29:08 PM -04:00

    V3: 4.7 MEDIUM
     V2: 1.9 LOW

  • CVE-2018-0415 A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an authenticat... read CVE-2018-0415
    Published: August 15, 2018; 04:29:00 PM -04:00

    V3: 6.8 MEDIUM
     V2: 5.5 MEDIUM

  • CVE-2018-0427 A vulnerability in the CronJob scheduler API of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to incorrect input validation of user-suppli... read CVE-2018-0427
    Published: August 15, 2018; 04:29:01 PM -04:00

    V3: 8.8 HIGH
     V2: 9.0 HIGH

  • CVE-2018-0419 A vulnerability in certain attachment detection mechanisms of Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of an affected system. The vulnerability is due to the improper... read CVE-2018-0419
    Published: August 15, 2018; 04:29:01 PM -04:00

    V3: 7.5 HIGH
     V2: 4.3 MEDIUM

  • CVE-2018-0418 A vulnerability in the Local Packet Transport Services (LPTS) feature set of Cisco ASR 9000 Series Aggregation Services Router Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device... read CVE-2018-0418
    Published: August 15, 2018; 04:29:01 PM -04:00

    V3: 8.6 HIGH
     V2: 7.8 HIGH