National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

JSON 1.1 Vulnerability Feed Released!
JSON 1.1 Vulnerability Feed Released!
CVSS 3.1 Official Support!
CVSS Version 3.1 Official Support!
XML Vulnerability Feeds Retirement
XML Vulnerability Feeds Retirement


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2019-15258 — A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to impr... read CVE-2019-15258
    Published: October 16, 2019; 03:15:13 PM -04:00

    V3.1: 6.5 MEDIUM
         V2: 6.8 MEDIUM

  • CVE-2019-2946 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via... read CVE-2019-2946
    Published: October 16, 2019; 02:15:29 PM -04:00

    V3.1: 6.5 MEDIUM
         V2: 4.0 MEDIUM

  • CVE-2019-10449 — Jenkins Fortify on Demand Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
    Published: October 16, 2019; 10:15:12 AM -04:00

    V3.1: 8.8 HIGH
         V2: 4.0 MEDIUM

  • CVE-2019-2884 — Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Segment). The supported version that is affected is 17.0. Difficult to exploit vulnerability allows unauthenticated a... read CVE-2019-2884
    Published: October 16, 2019; 02:15:26 PM -04:00

    V3.1: 5.9 MEDIUM
         V2: 4.3 MEDIUM

  • CVE-2019-2935 — Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: EAI). Supported versions that are affected are 19.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi... read CVE-2019-2935
    Published: October 16, 2019; 02:15:29 PM -04:00

    V3.1: 5.3 MEDIUM
         V2: 5.0 MEDIUM

  • CVE-2019-10450 — Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
    Published: October 16, 2019; 10:15:12 AM -04:00

    V3.1: 3.3 LOW
         V2: 2.1 LOW

  • CVE-2019-2923 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with... read CVE-2019-2923
    Published: October 16, 2019; 02:15:28 PM -04:00

    V3.1: 5.3 MEDIUM
         V2: 5.0 MEDIUM

  • CVE-2019-10452 — Jenkins View26 Test-Reporting Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
    Published: October 16, 2019; 10:15:13 AM -04:00

    V3.1: 4.3 MEDIUM
         V2: 4.0 MEDIUM

  • CVE-2019-10453 — Jenkins Delphix Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
    Published: October 16, 2019; 10:15:13 AM -04:00

    V3.1: 7.8 HIGH
         V2: 2.1 LOW

  • CVE-2019-10446 — Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM.
    Published: October 16, 2019; 10:15:12 AM -04:00

    V3.1: 8.2 HIGH
         V2: 6.4 MEDIUM

  • CVE-2019-10445 — A missing permission check in Jenkins Google Kubernetes Engine Plugin 0.7.0 and earlier allowed attackers with Overall/Read permission to obtain limited information about the scope of a credential with an attacker-specified credentials ID.
    Published: October 16, 2019; 10:15:12 AM -04:00

    V3.1: 4.3 MEDIUM
         V2: 4.0 MEDIUM

  • CVE-2019-10448 — Jenkins Extensive Testing Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
    Published: October 16, 2019; 10:15:12 AM -04:00

    V3.1: 8.8 HIGH
         V2: 4.0 MEDIUM

  • CVE-2019-10444 — Jenkins Bumblebee HP ALM Plugin 4.1.3 and earlier unconditionally disabled SSL/TLS and hostname verification for connections to HP ALM.
    Published: October 16, 2019; 10:15:12 AM -04:00

    V3.1: 6.5 MEDIUM
         V2: 6.4 MEDIUM

  • CVE-2019-16523 — The events-manager plugin through 5.9.5 for WordPress (aka Events Manager) is susceptible to Stored XSS due to improper encoding and insertion of data provided to the attribute map_style of shortcodes (locations_map and events_map) provided by the pl... read CVE-2019-16523
    Published: October 16, 2019; 11:15:15 AM -04:00

    V3.1: 5.4 MEDIUM
         V2: 3.5 LOW

  • CVE-2019-2897 — Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low p... read CVE-2019-2897
    Published: October 16, 2019; 02:15:27 PM -04:00

    V3.1: 6.4 MEDIUM
         V2: 5.5 MEDIUM

  • CVE-2019-16521 — The broken-link-checker plugin through 1.11.8 for WordPress (aka Broken Link Checker) is susceptible to Reflected XSS due to improper encoding and insertion of an HTTP GET parameter into HTML. The filter function on the page listing all detected brok... read CVE-2019-16521
    Published: October 16, 2019; 11:15:15 AM -04:00

    V3.1: 6.1 MEDIUM
         V2: 4.3 MEDIUM

  • CVE-2019-16520 — The all-in-one-seo-pack plugin before 3.2.7 for WordPress (aka All in One SEO Pack) is susceptible to Stored XSS due to improper encoding of the SEO-specific description for posts provided by the plugin via unsafe placeholder replacement.
    Published: October 16, 2019; 10:15:13 AM -04:00

    V3.1: 5.4 MEDIUM
         V2: 3.5 LOW

  • CVE-2019-0071 — Veriexec is a kernel-based file integrity subsystem in Junos OS that ensures only authorized binaries are able to be executed. Due to a flaw in specific versions of Junos OS, affecting specific EX Series platforms, the Veriexec subsystem will fail to... read CVE-2019-0071
    Published: October 09, 2019; 04:15:18 PM -04:00

    V3.1: 7.8 HIGH
         V2: 7.2 HIGH

  • CVE-2019-6474 — A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. If the number of such l... read CVE-2019-6474
    Published: October 16, 2019; 02:15:37 PM -04:00

    V3.1: 6.5 MEDIUM
         V2: 6.1 MEDIUM

  • CVE-2019-15247 — Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied i... read CVE-2019-15247
    Published: October 16, 2019; 03:15:12 PM -04:00

    V3.1: 8.0 HIGH
         V2: 5.2 MEDIUM