NVD - Home

<strong>JSON Vulnerability Feeds 1.0 Released!</strong>

JSON Feed 1.0 Released

CPE Ranges

Multiple different visualizations displaying word, CWE, CVSS score distribution and more!

Vulnerability Visualizations

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2018-18887 — S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type parameter (aka the $N_type field).
Published: October 31, 2018; 09:29:00 PM -04:00

V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-18733 — An XSS issue was discovered in Catfish CMS 4.8.30, related to "write source code," a similar issue to CVE-2018-13999.
Published: October 29, 2018; 08:29:08 AM -04:00

V3: 5.4 MEDIUM
V2: 3.5 LOW
CVE-2018-18736 — An XSS issue was discovered in catfish blog 2.0.33, related to "write source code."
Published: October 29, 2018; 08:29:08 AM -04:00

V3: 5.4 MEDIUM
V2: 3.5 LOW
CVE-2018-19051 — MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword abt_type parameter.
Published: November 06, 2018; 11:29:00 PM -05:00

V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-11824 — A stack-based buffer overflow can occur in a firmware routine in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850, SDA660
Published: October 26, 2018; 09:29:01 AM -04:00

V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2018-19060 — An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.
Published: November 07, 2018; 11:29:01 AM -05:00

V3: 6.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-19059 — An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.
Published: November 07, 2018; 11:29:00 AM -05:00

V3: 6.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-19058 — An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.
Published: November 07, 2018; 11:29:00 AM -05:00

V3: 6.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-19050 — MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword langset parameter.
Published: November 06, 2018; 11:29:00 PM -05:00

V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-19835 — Metinfo 6.1.3 has reflected XSS via the admin/column/move.php lang_columnerr4 parameter.
Published: December 03, 2018; 02:29:00 PM -05:00

V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2015-5159 — python-kdcproxy before 0.3.2 allows remote attackers to cause a denial of service via a large POST request.
Published: October 30, 2018; 02:29:00 PM -04:00

V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2018-18897 — An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.
Published: November 02, 2018; 03:29:00 AM -04:00

V3: 6.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2017-18297 — Double memory free while closing TEE SE API Session management in Snapdragon Mobile in version SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820.
Published: October 23, 2018; 09:29:01 AM -04:00

V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2017-18277 — When dynamic memory allocation fails, currently the process sleeps for one second and continues with infinite loop without retrying for memory allocation in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM964... read CVE-2017-18277
Published: October 23, 2018; 09:29:00 AM -04:00

V3: 5.5 MEDIUM
V2: 4.9 MEDIUM
CVE-2017-18305 — XBL sec mem dump system call allows complete control of EL3 by unlocking all XPUs if enable fuse is not blown in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835.
Published: October 23, 2018; 09:29:02 AM -04:00

V3: 7.0 HIGH
V2: 6.9 MEDIUM
CVE-2018-11951 — Improper access control in core module lead XBL_LOADER performs the ZI region clear for QTEE instead of XBL_SEC in Snapdragon Mobile in version SD 845, SD 850.
Published: October 26, 2018; 09:29:01 AM -04:00

V3: 5.5 MEDIUM
V2: 4.9 MEDIUM
CVE-2018-11854 — Lack of check of valid length of input parameter may cause buffer overwrite in WLAN in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660
Published: October 26, 2018; 09:29:01 AM -04:00

V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2018-11950 — Unapproved TrustZone applications can be loaded and executed in Snapdragon Mobile in version SD 845, SD 850
Published: October 26, 2018; 09:29:01 AM -04:00

V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2017-18312 — While accessing SafeSwitch services, third party can manipulate a given device and perform unauthorized operation due to lack of checking of same state transitions in Snapdragon Automobile, Snapdragon Mobile in version MSM8996AU, SD 410/12, SD 617, S... read CVE-2017-18312
Published: October 23, 2018; 09:29:02 AM -04:00

V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2018-1851 — IBM WebSphere Application Server Liberty OpenID Connect could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization. By sending a specially-crafted request to the RP service, an attacker could exploit thi... read CVE-2018-1851
Published: October 31, 2018; 09:29:00 AM -04:00

V3: 9.8 CRITICAL
V2: 7.5 HIGH

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database