NVD - Home

<strong>BETA JSON Vulnerability Feeds Now Available!</strong>

New Data Feeds

CPE Ranges

Multiple different visualizations displaying word, CWE, CVSS score distribution and more!

Vulnerability Visualizations

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2018-8389 — A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet... read CVE-2018-8389
Published: August 15, 2018; 01:29:08 PM -04:00

V3: 7.5 HIGH
V2: 7.6 HIGH
CVE-2018-0410 — A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected system. T... read CVE-2018-0410
Published: August 15, 2018; 04:29:00 PM -04:00

V3: 8.6 HIGH
V2: 7.8 HIGH
CVE-2018-0412 — A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an unauthentic... read CVE-2018-0412
Published: August 15, 2018; 04:29:00 PM -04:00

V3: 5.3 MEDIUM
V2: 2.9 LOW
CVE-2018-15120 — libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences.
Published: August 24, 2018; 03:29:01 PM -04:00

V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2018-15528 — Reflected Cross-Site Scripting exists in the Java System Solutions SSO plugin 4.0.13.1 for BMC MyIT. A remote attacker can abuse this issue to inject client-side scripts into the "select_sso()" function. The payload is triggered when the victim opens... read CVE-2018-15528
Published: August 21, 2018; 12:29:00 PM -04:00

V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-1000216 — Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attack appear to be exploitable via Attacker must be able to force victim to print JSON data, de... read CVE-2018-1000216
Published: August 20, 2018; 04:29:00 PM -04:00

V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2018-15685 — GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code... read CVE-2018-15685
Published: August 23, 2018; 01:29:00 AM -04:00

V3: 8.1 HIGH
V2: 6.8 MEDIUM
CVE-2018-1140 — A missing input sanitization flaw was found in the implementation of LDP database used for the LDAP server. An attacker could use this flaw to cause a denial of service against a samba server, used as a Active Directory Domain Controller. All version... read CVE-2018-1140
Published: August 22, 2018; 10:29:00 AM -04:00

V3: 6.5 MEDIUM
V2: 3.3 LOW
CVE-2017-14447 — An exploitable buffer overflow vulnerability exists in the PubNub message handler for the 'ad' channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow ov... read CVE-2017-14447
Published: August 06, 2018; 01:29:01 PM -04:00

V3: 7.7 HIGH
V2: 5.5 MEDIUM
CVE-2018-1999046 — A exposure of sensitive information vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in Computer.java that allows attackers With Overall/Read permission to access the connection log for any agent.
Published: August 23, 2018; 02:29:00 PM -04:00

V3: 4.3 MEDIUM
V2: 4.0 MEDIUM
CVE-2018-1000215 — Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service (DoS). This attack appear to be exploitable via If the attacker can force the data to be printed and the system is in l... read CVE-2018-1000215
Published: August 20, 2018; 04:29:00 PM -04:00

V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2018-1999044 — A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter an infinite loop.
Published: August 23, 2018; 02:29:00 PM -04:00

V3: 6.5 MEDIUM
V2: 4.0 MEDIUM
CVE-2018-5240 — The Inventory Plugin for Symantec Management Agent prior to 7.6 POST HF7, 8.0 POST HF6, or 8.1 RU7 may be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are n... read CVE-2018-5240
Published: July 25, 2018; 12:29:00 PM -04:00

V3: 8.0 HIGH
V2: 5.2 MEDIUM
CVE-2018-11063 — Dell WMS versions 1.1 and prior are impacted by multiple unquoted service path vulnerabilities. Affected software installs multiple services incorrectly by specifying the paths to the service executables without quotes. This could potentially allow a... read CVE-2018-11063
Published: August 10, 2018; 04:29:00 PM -04:00

V3: 7.8 HIGH
V2: 4.6 MEDIUM
CVE-2018-11048 — Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious us... read CVE-2018-11048
Published: August 10, 2018; 04:29:00 PM -04:00

V3: 8.1 HIGH
V2: 5.5 MEDIUM
CVE-2016-8526 — Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to an XML external entities (XXE). XXEs are a way to permit XML parsers to access storage that exist on external systems. If an unprivileged user is permitted to control the c... read CVE-2016-8526
Published: August 06, 2018; 04:29:00 PM -04:00

V3: 8.8 HIGH
V2: 4.0 MEDIUM
CVE-2018-10931 — It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context... read CVE-2018-10931
Published: August 09, 2018; 04:29:00 PM -04:00

V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-11454 — A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC... read CVE-2018-11454
Published: August 07, 2018; 11:29:00 AM -04:00

V3: 8.6 HIGH
V2: 4.4 MEDIUM
CVE-2018-11453 — A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC... read CVE-2018-11453
Published: August 07, 2018; 11:29:00 AM -04:00

V3: 7.8 HIGH
V2: 4.6 MEDIUM
CVE-2017-2654 — jenkins-email-ext before version 2.57.1 is vulnerable to an Information Exposure. The Email Extension Plugins is able to send emails to a dynamically created list of users based on the changelogs, like authors of SCM changes since the last successful... read CVE-2017-2654
Published: August 06, 2018; 06:29:00 PM -04:00

V3: 5.3 MEDIUM
V2: 5.0 MEDIUM

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database