National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

<strong>BETA JSON Vulnerability Feeds Now Available!</strong>
New Data Feeds
Vulnerable Product Configurations Improved!
CPE Ranges
Multiple different visualizations displaying word, CWE, CVSS score distribution and more!
Vulnerability Visualizations


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2018-1999008 October CMS version prior to build 437 contains a Cross Site Scripting (XSS) vulnerability in the Media module and create folder functionality that can result in an Authenticated user with media module permission creating arbitrary folder name with X... read CVE-2018-1999008
    Published: July 23, 2018; 11:29:00 AM -04:00

    V3: 5.4 MEDIUM
     V2: 3.5 LOW

  • CVE-2018-1999007 A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to control the existence of some URLs in Jenkins to d... read CVE-2018-1999007
    Published: July 23, 2018; 03:29:00 PM -04:00

    V3: 5.4 MEDIUM
     V2: 3.5 LOW

  • CVE-2018-1999005 A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in BuildTimelineWidget.java, BuildTimelineWidget/control.jelly that allows attackers with Job/Configure permission to define JavaScript that would be execut... read CVE-2018-1999005
    Published: July 23, 2018; 03:29:00 PM -04:00

    V3: 5.4 MEDIUM
     V2: 3.5 LOW

  • CVE-2017-0104 The iSNS Server service in Microsoft Windows Server 2008 SP2 and R2, Windows Server 2012 Gold and R2, and Windows Server 2016 allows remote attackers to issue malicious requests via an integer overflow, aka "iSNS Server Memory Corruption Vulnerabilit... read CVE-2017-0104
    Published: March 16, 2017; 08:59:02 PM -04:00

    V3: 8.1 HIGH
     V2: 9.3 HIGH

  • CVE-2017-0175 The Windows kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information Disclosure Vulnerability," a different vulner... read CVE-2017-0175
    Published: May 12, 2017; 10:29:01 AM -04:00

    V3: 4.7 MEDIUM
     V2: 2.1 LOW

  • CVE-2018-5061 Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
    Published: July 20, 2018; 03:29:04 PM -04:00

    V3: 6.5 MEDIUM
     V2: 4.3 MEDIUM

  • CVE-2018-1999014 FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer that can result in DoS. This attack appear to be exploitable via specially crafted MXF file which has to be provided as... read CVE-2018-1999014
    Published: July 23, 2018; 11:29:00 AM -04:00

    V3: 6.5 MEDIUM
     V2: 4.3 MEDIUM

  • CVE-2018-0351 A vulnerability in the command-line tcpdump utility in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validati... read CVE-2018-0351
    Published: July 18, 2018; 07:29:00 PM -04:00

    V3: 7.8 HIGH
     V2: 7.2 HIGH

  • CVE-2018-1999012 FFmpeg before commit 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 contains a CWE-835: Infinite loop vulnerability in pva format demuxer that can result in a Vulnerability that allows attackers to consume excessive amount of resources like CPU and RAM. Th... read CVE-2018-1999012
    Published: July 23, 2018; 11:29:00 AM -04:00

    V3: 6.5 MEDIUM
     V2: 7.1 HIGH

  • CVE-2018-14610 An issue was discovered in the Linux kernel through 4.17.10. There is out-of-bounds access in write_extent_buffer() when mounting and operating a crafted btrfs image, because of a lack of verification that each block group has a corresponding chunk a... read CVE-2018-14610
    Published: July 27, 2018; 12:29:00 AM -04:00

    V3: 5.5 MEDIUM
     V2: 7.1 HIGH

  • CVE-2018-0349 A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the request adm... read CVE-2018-0349
    Published: July 18, 2018; 07:29:00 PM -04:00

    V3: 9.8 CRITICAL
     V2: 10.0 HIGH

  • CVE-2018-0348 A vulnerability in the CLI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could ex... read CVE-2018-0348
    Published: July 18, 2018; 07:29:00 PM -04:00

    V3: 7.2 HIGH
     V2: 9.0 HIGH

  • CVE-2018-0347 A vulnerability in the Zero Touch Provisioning (ZTP) subsystem of the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient inp... read CVE-2018-0347
    Published: July 18, 2018; 07:29:00 PM -04:00

    V3: 7.8 HIGH
     V2: 7.2 HIGH

  • CVE-2018-0345 A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of th... read CVE-2018-0345
    Published: July 18, 2018; 07:29:00 PM -04:00

    V3: 8.8 HIGH
     V2: 9.0 HIGH

  • CVE-2018-0346 A vulnerability in the Zero Touch Provisioning service of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect bounds check... read CVE-2018-0346
    Published: July 18, 2018; 07:29:00 PM -04:00

    V3: 7.5 HIGH
     V2: 7.8 HIGH

  • CVE-2018-1002203 unzipper npm library before 0.8.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Sl... read CVE-2018-1002203
    Published: July 25, 2018; 01:29:01 PM -04:00

    V3: 5.5 MEDIUM
     V2: 4.3 MEDIUM

  • CVE-2018-0344 A vulnerability in the vManage dashboard for the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected syst... read CVE-2018-0344
    Published: July 18, 2018; 07:29:00 PM -04:00

    V3: 7.2 HIGH
     V2: 6.5 MEDIUM

  • CVE-2018-1999024 MathJax version prior to version 2.7.4 contains a Cross Site Scripting (XSS) vulnerability in the \unicode{} macro that can result in Potentially untrusted Javascript running within a web browser. This attack appear to be exploitable via The victim m... read CVE-2018-1999024
    Published: July 23, 2018; 12:29:00 PM -04:00

    V3: 5.4 MEDIUM
     V2: 4.3 MEDIUM

  • CVE-2018-14615 An issue was discovered in the Linux kernel through 4.17.10. There is a buffer overflow in truncate_inline_inode() in fs/f2fs/inline.c when umounting an f2fs image, because a length value may be negative.
    Published: July 27, 2018; 12:29:00 AM -04:00

    V3: 5.5 MEDIUM
     V2: 7.1 HIGH

  • CVE-2017-2586 A null pointer dereference vulnerability was found in netpbm before 10.61. A maliciously crafted SVG file could cause the application to crash.
    Published: July 27, 2018; 02:29:00 PM -04:00

    V3: 5.5 MEDIUM
     V2: 4.3 MEDIUM