National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2011-3355 — evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login cr... read CVE-2011-3355
    Published: November 25, 2019; 06:15:10 PM -05:00

    V3.1: 7.3 HIGH
        V2: 4.3 MEDIUM

  • CVE-2019-15638 — COPA-DATA zenone32 zenon Editor through 8.10 has an Uncontrolled Search Path Element.
    Published: December 04, 2019; 10:15:11 AM -05:00

    V3.1: 7.8 HIGH
        V2: 4.4 MEDIUM

  • CVE-2015-0837 — The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cach... read CVE-2015-0837
    Published: November 29, 2019; 05:15:11 PM -05:00

    V3.1: 5.9 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2019-19333 — In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, whi... read CVE-2019-19333
    Published: December 06, 2019; 11:15:10 AM -05:00

    V3.1: 9.8 CRITICAL
        V2: 7.5 HIGH

  • CVE-2019-19597 — D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without authentication via shell metacharacters within an HNAP_AUTH HTTP header.
    Published: December 04, 2019; 11:15:11 PM -05:00

    V3.1: 8.8 HIGH
        V2: 8.3 HIGH

  • CVE-2019-19598 — D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authentication via the HNAP_AUTH header timestamp value. In HTTP requests, part of the HNAP_AUTH header is the timestamp used to determine the time when the... read CVE-2019-19598
    Published: December 04, 2019; 11:15:11 PM -05:00

    V3.1: 8.8 HIGH
        V2: 8.3 HIGH

  • CVE-2013-0163 — OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS
    Published: December 05, 2019; 10:15:11 AM -05:00

    V3.1: 5.5 MEDIUM
        V2: 2.1 LOW

  • CVE-2019-17392 — Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled.
    Published: November 26, 2019; 01:15:15 PM -05:00

    V3.1: 9.8 CRITICAL
        V2: 7.5 HIGH

  • CVE-2013-1793 — openstack-utils openstack-db has insecure password creation
    Published: December 10, 2019; 09:15:10 AM -05:00

    V3.1: 7.5 HIGH
        V2: 5.0 MEDIUM

  • CVE-2019-17556 — Apache Olingo versions 4.0.0 to 4.6.0 provide the AbstractService class, which is public API, uses ObjectInputStream and doesn't check classes being deserialized. If an attacker can feed malicious metadata to the class, then it may result in running... read CVE-2019-17556
    Published: December 04, 2019; 12:16:43 PM -05:00

    V3.1: 9.8 CRITICAL
        V2: 10.0 HIGH

  • CVE-2012-4428 — openslp: SLPIntersectStringList()' Function has a DoS vulnerability
    Published: December 02, 2019; 01:15:09 PM -05:00

    V3.1: 7.5 HIGH
        V2: 5.0 MEDIUM

  • CVE-2019-1453 — A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'.
    Published: December 10, 2019; 05:15:16 PM -05:00

    V3.1: 7.5 HIGH
        V2: 5.0 MEDIUM

  • CVE-2013-4245 — Orca has arbitrary code execution due to insecure Python module load
    Published: December 11, 2019; 09:15:09 AM -05:00

    V3.1: 7.3 HIGH
        V2: 4.4 MEDIUM

  • CVE-2019-17554 — The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resolution of external entities. Request with content type "application/xml", which trigger the deserialization of entities, can be used t... read CVE-2019-17554
    Published: December 04, 2019; 12:16:43 PM -05:00

    V3.1: 5.5 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2019-15009 — The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and Crucible before version 4.8.0 allows remote attackers to remove another user's favourite setting for a project via an improper authorization vulnerability.
    Published: December 11, 2019; 10:15:14 AM -05:00

    V3.1: 4.3 MEDIUM
        V2: 4.0 MEDIUM

  • CVE-2019-19589 — The Lever PDF Embedder plugin 4.4 for WordPress does not block the distribution of polyglot PDF documents that are valid JAR archives.
    Published: December 04, 2019; 11:15:11 PM -05:00

    V3.1: 9.8 CRITICAL
        V2: 7.5 HIGH

  • CVE-2019-19703 — In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location.
    Published: December 10, 2019; 03:15:17 PM -05:00

    V3.1: 6.1 MEDIUM
        V2: 5.8 MEDIUM

  • CVE-2019-19746 — make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type.
    Published: December 11, 2019; 10:15:11 PM -05:00

    V3.1: 5.5 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2019-1468 — A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Win32k Graphics Remote Code Execution Vulnerability'.
    Published: December 10, 2019; 05:15:16 PM -05:00

    V3.1: 8.8 HIGH
        V2: 9.3 HIGH

  • CVE-2019-4521 — Platform System Manager in IBM Cloud Pak System 2.3 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 165179.
    Published: December 10, 2019; 11:15:13 AM -05:00

    V3.1: 9.8 CRITICAL
        V2: 10.0 HIGH