NVD - Home

<strong>JSON Vulnerability Feeds 1.0 Released!</strong>

JSON Feed 1.0 Released

CPE Ranges

Multiple different visualizations displaying word, CWE, CVSS score distribution and more!

Vulnerability Visualizations

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2018-0378 — A vulnerability in the Precision Time Protocol (PTP) feature of Cisco Nexus 5500, 5600, and 6000 Series Switches running Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected... read CVE-2018-0378
Published: October 17, 2018; 05:49:52 PM -04:00

V3: 8.6 HIGH
V2: 7.8 HIGH
CVE-2018-7111 — A remote unauthorized access vulnerability was identified in HPE UIoT versions 1.5, 1.4.0, 1.4.1, 1.4.2, 1.2.4.2. Specifically, there is a malfunction identified in some section of the DSM portal and some DSM APIs. The impact of the malfunction is th... read CVE-2018-7111
Published: October 17, 2018; 09:29:00 AM -04:00

V3: 5.3 MEDIUM
V2: 5.0 MEDIUM
CVE-2018-6333 — The hhvm-attach deep link handler in Nuclide did not properly sanitize the provided hostname parameter when rendering. As a result, a malicious URL could be used to render HTML and other content inside of the editor's context, which could potentially... read CVE-2018-6333
Published: December 31, 2018; 06:29:00 PM -05:00

V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2019-8314 — An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitr... read CVE-2019-8314
Published: February 12, 2019; 10:29:00 PM -05:00

V3: 8.8 HIGH
V2: 9.0 HIGH
CVE-2019-8312 — An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitr... read CVE-2019-8312
Published: February 12, 2019; 10:29:00 PM -05:00

V3: 8.8 HIGH
V2: 9.0 HIGH
CVE-2019-8319 — An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitr... read CVE-2019-8319
Published: February 12, 2019; 10:29:00 PM -05:00

V3: 8.8 HIGH
V2: 9.0 HIGH
CVE-2019-8315 — An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitr... read CVE-2019-8315
Published: February 12, 2019; 10:29:00 PM -05:00

V3: 8.8 HIGH
V2: 9.0 HIGH
CVE-2019-8316 — An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitr... read CVE-2019-8316
Published: February 12, 2019; 10:29:00 PM -05:00

V3: 8.8 HIGH
V2: 9.0 HIGH
CVE-2018-5497 — Clustered Data ONTAP versions prior to 9.1P16, 9.3P10 and 9.4P5 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user.
Published: January 24, 2019; 03:29:00 PM -05:00

V3: 4.4 MEDIUM
V2: 2.1 LOW
CVE-2019-1000011 — API Platform version from 2.2.0 to 2.3.5 contains an Incorrect Access Control vulnerability in GraphQL delete mutations that can result in a user authorized to delete a resource can delete any resource. This attack appears to be exploitable via the u... read CVE-2019-1000011
Published: February 04, 2019; 04:29:01 PM -05:00

V3: 6.5 MEDIUM
V2: 5.5 MEDIUM
CVE-2019-6496 — The ThreadX-based firmware on Marvell Avastar Wi-Fi devices, models 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997, allows remote attackers to execute arbitrary code or cause a denial of service (block pool overflow) via malformed Wi-Fi packets duri... read CVE-2019-6496
Published: January 20, 2019; 03:29:00 PM -05:00

V3: 8.8 HIGH
V2: 8.3 HIGH
CVE-2018-15796 — Cloud Foundry Bits Service Release, versions prior to 2.14.0, uses an insecure hashing algorithm to sign URLs. A remote malicious user may obtain a signed URL and extract the signing key, allowing them complete read and write access to the the Bits S... read CVE-2018-15796
Published: November 09, 2018; 05:29:00 PM -05:00

V3: 8.1 HIGH
V2: 5.5 MEDIUM
CVE-2019-6339 — In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code... read CVE-2019-6339
Published: January 22, 2019; 10:29:00 AM -05:00

V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2019-0015 — A vulnerability in the SRX Series Service Gateway allows deleted dynamic VPN users to establish dynamic VPN connections until the device is rebooted. A deleted dynamic VPN connection should be immediately disallowed from establishing new VPN connecti... read CVE-2019-0015
Published: January 15, 2019; 04:29:01 PM -05:00

V3: 5.4 MEDIUM
V2: 5.5 MEDIUM
CVE-2019-7659 — Genivia gSOAP 2.7.x and 2.8.x before 2.8.75 allows attackers to cause a denial of service (application abort) or possibly have unspecified other impact if a server application is built with the -DWITH_COOKIES flag. This affects the C/C++ libgsoapck/l... read CVE-2019-7659
Published: February 09, 2019; 09:29:00 AM -05:00

V3: 8.1 HIGH
V2: 6.8 MEDIUM
CVE-2019-3818 — The kube-rbac-proxy container before version 0.4.1 as used in Red Hat OpenShift Container Platform does not honor TLS configurations, allowing for use of insecure ciphers and TLS 1.0. An attacker could target traffic sent over a TLS connection with a... read CVE-2019-3818
Published: February 05, 2019; 12:29:00 PM -05:00

V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2019-1000003 — MapSVG MapSVG Lite version 3.2.3 contains a Cross Site Request Forgery (CSRF) vulnerability in REST endpoint /wp-admin/admin-ajax.php?action=mapsvg_save that can result in an attacker can modify post data, including embedding javascript. This attack... read CVE-2019-1000003
Published: February 04, 2019; 04:29:00 PM -05:00

V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2018-0187 — A vulnerability in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain confidential information for privileged accounts. The vulnerability is due to the improper handling of confidential in... read CVE-2018-0187
Published: January 23, 2019; 05:29:00 PM -05:00

V3: 6.5 MEDIUM
V2: 4.0 MEDIUM
CVE-2019-1645 — A vulnerability in the Cisco Connected Mobile Experiences (CMX) software could allow an unauthenticated, adjacent attacker to access sensitive data on an affected device. The vulnerability is due to a lack of input and validation checking mechanisms... read CVE-2019-1645
Published: January 24, 2019; 10:29:00 AM -05:00

V3: 4.3 MEDIUM
V2: 3.3 LOW
CVE-2019-1658 — A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The... read CVE-2019-1658
Published: January 24, 2019; 11:29:00 AM -05:00

V3: 7.4 HIGH
V2: 4.3 MEDIUM

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database