National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2019-1665 A vulnerability in the web-based management interface of Cisco HyperFlex software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected syste... read CVE-2019-1665
    Published: February 21, 2019; 02:29:00 PM -05:00

  • CVE-2019-1666 A vulnerability in the Graphite service of Cisco HyperFlex software could allow an unauthenticated, remote attacker to retrieve data from the Graphite service. The vulnerability is due to insufficient authentication controls. An attacker could exploi... read CVE-2019-1666
    Published: February 21, 2019; 02:29:00 PM -05:00

  • CVE-2019-1667 A vulnerability in the Graphite interface of Cisco HyperFlex software could allow an authenticated, local attacker to write arbitrary data to the Graphite interface. The vulnerability is due to insufficient authorization controls. An attacker could e... read CVE-2019-1667
    Published: February 21, 2019; 02:29:00 PM -05:00

    V3: 3.3 LOW
    V2: 2.1 LOW

  • CVE-2018-20783 In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file.... read CVE-2018-20783
    Published: February 21, 2019; 02:29:00 PM -05:00

  • CVE-2019-8982 com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF.
    Published: February 21, 2019; 09:29:00 AM -05:00

  • CVE-2019-8950 The backdoor account dnsekakf2$$ in /bin/login on DASAN H665 devices with firmware 1.46p1-0028 allows an attacker to login to the admin account via TELNET.
    Published: February 19, 2019; 11:29:00 PM -05:00

  • CVE-2019-5778 A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileg... read CVE-2019-5778
    Published: February 19, 2019; 12:29:01 PM -05:00

  • CVE-2018-10612 In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, in... read CVE-2018-10612
    Published: January 29, 2019; 11:29:00 AM -05:00

  • CVE-2019-0257 Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, res... read CVE-2019-0257
    Published: February 15, 2019; 01:29:01 PM -05:00

  • CVE-2018-12547 In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly... read CVE-2018-12547
    Published: February 11, 2019; 10:29:00 AM -05:00

  • CVE-2018-11855 If an end user makes use of SCP11 sample OCE code without modification it could lead to a buffer overflow when transmitting a CAPDU in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdra... read CVE-2018-11855
    Published: February 11, 2019; 10:29:00 AM -05:00

    V3: 7.8 HIGH
    V2: 7.2 HIGH

  • CVE-2018-11847 Malicious TA can tag QSEE kernel memory and map to EL0, there by corrupting the physical memory as well it can be used to corrupt the QSEE kernel and compromise the whole TEE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon... read CVE-2018-11847
    Published: February 11, 2019; 10:29:00 AM -05:00

    V3: 7.8 HIGH
    V2: 7.2 HIGH

  • CVE-2019-6242 ** DISPUTED ** Kentico v10.0.42 allows Global Administrators to read the cleartext SMTP Password by navigating to the SMTP configuration page. NOTE: the vendor considers this a best-practice violation but not a vulnerability. The vendor plans to fix... read CVE-2019-6242
    Published: February 08, 2019; 12:29:00 AM -05:00

  • CVE-2018-3989 An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resu... read CVE-2018-3989
    Published: February 05, 2019; 06:29:00 PM -05:00

  • CVE-2018-5817 A type confusion error within the "unpacked_load_raw()" function within LibRaw versions prior to 0.19.1 (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop.
    Published: February 20, 2019; 01:29:00 PM -05:00

  • CVE-2018-5818 An error within the "parse_rollei()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop.
    Published: February 20, 2019; 01:29:00 PM -05:00

  • CVE-2018-1944 IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external com... read CVE-2018-1944
    Published: February 21, 2019; 12:29:00 PM -05:00

  • CVE-2018-1950 IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance generates an error message that includes sensitive information about its environment, users, or associated data which could be used in further attacks against the... read CVE-2018-1950
    Published: February 21, 2019; 12:29:00 PM -05:00

  • CVE-2018-1948 IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user o... read CVE-2018-1948
    Published: February 21, 2019; 12:29:00 PM -05:00

  • CVE-2018-1949 IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 153429.
    Published: February 21, 2019; 12:29:00 PM -05:00