National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2018-1729 IBM QRadar SIEM 7.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 147708.
    Published: April 19, 2019; 01:29:00 PM -04:00

  • CVE-2018-11684 Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c.
    Published: June 04, 2018; 02:29:00 AM -04:00

  • CVE-2019-1834 A vulnerability in the internal packet processing of Cisco Aironet Series Access Points (APs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected AP if the switch interface where the AP is con... read CVE-2019-1834
    Published: April 17, 2019; 10:29:05 PM -04:00

  • CVE-2019-1835 A vulnerability in the CLI of Cisco Aironet Access Points (APs) could allow an authenticated, local attacker to access sensitive information stored in an AP. The vulnerability is due to improper sanitization of user-supplied input in specific CLI com... read CVE-2019-1835
    Published: April 17, 2019; 10:29:05 PM -04:00

  • CVE-2018-17289 An XML external entity (XXE) vulnerability in Kofax Front Office Server Administration Console version 4.1.1.11.0.5212 allows remote authenticated users to read arbitrary files via crafted XML inside an imported package configuration (.ZIP file) with... read CVE-2018-17289
    Published: April 18, 2019; 02:29:00 PM -04:00

  • CVE-2018-17288 Kofax Front Office Server version 4.1.1.11.0.5212 (both Thin Client and Administration Console) suffers from multiple authenticated stored XSS vulnerabilities via the (1) "Filename" field in /Kofax/KFS/ThinClient/document/upload/ - (Thin Client) or (... read CVE-2018-17288
    Published: April 18, 2019; 02:29:00 PM -04:00

  • CVE-2018-20200 CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application.
    Published: April 18, 2019; 03:29:01 PM -04:00

  • CVE-2019-11331 Network Time Protocol (NTP), as specified in RFC 5905, uses port 123 even for modes where a fixed port number is not required, which makes it easier for remote attackers to conduct off-path attacks.
    Published: April 18, 2019; 06:29:00 PM -04:00

  • CVE-2018-11577 Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c.
    Published: May 30, 2018; 08:29:00 PM -04:00

  • CVE-2019-9161 WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a Remote Code Execution issue allowing remote attackers to achieve full access to the system, because shell metacharacters in the nginx_webconsole.php Cookie header can be use... read CVE-2019-9161
    Published: April 18, 2019; 07:29:00 PM -04:00

  • CVE-2019-1830 A vulnerability in Locally Significant Certificate (LSC) management for the Cisco Wireless LAN Controller (WLC) could allow an authenticated, remote attacker to cause the device to unexpectedly restart, which causes a denial of service (DoS) conditio... read CVE-2019-1830
    Published: April 17, 2019; 10:29:05 PM -04:00

  • CVE-2019-1837 A vulnerability in the User Data Services (UDS) API of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the management GUI. The vulnerability is due to i... read CVE-2019-1837
    Published: April 17, 2019; 10:29:05 PM -04:00

    V3: 7.5 HIGH
    V2: 7.8 HIGH

  • CVE-2019-1840 A vulnerability in the DHCPv6 input packet processor of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to restart the server and cause a denial of service (DoS) condition on the affected system. The vulnerability is due... read CVE-2019-1840
    Published: April 17, 2019; 10:29:06 PM -04:00

    V3: 7.5 HIGH
    V2: 7.8 HIGH

  • CVE-2019-10893 CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version) and 0.9.8.753 (Pro) is vulnerable to Stored/Persistent XSS for Admin Email fields on the "CWP Settings > "Edit Settings" screen. By changing the email ID to any XS... read CVE-2019-10893
    Published: April 18, 2019; 04:29:00 PM -04:00

  • CVE-2018-11685 Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c.
    Published: June 04, 2018; 02:29:00 AM -04:00

  • CVE-2019-1841 A vulnerability in the Software Image Management feature of Cisco DNA Center could allow an authenticated, remote attacker to access to internal services without additional authentication. The vulnerability is due to insufficient validation of user-s... read CVE-2019-1841
    Published: April 17, 2019; 10:29:06 PM -04:00

  • CVE-2019-11017 On D-Link DI-524 V2.06RU devices, multiple Stored and Reflected XSS vulnerabilities were found in the Web Configuration: /spap.htm, /smap.htm, and /cgi-bin/smap, as demonstrated by the cgi-bin/smap RC parameter.
    Published: April 18, 2019; 02:29:00 PM -04:00

  • CVE-2019-1831 A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper... read CVE-2019-1831
    Published: April 17, 2019; 10:29:05 PM -04:00

  • CVE-2019-11339 The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via crafted MPEG-4 video dat... read CVE-2019-11339
    Published: April 18, 2019; 08:29:00 PM -04:00

  • CVE-2019-11338 libavcodec/hevcdec.c in FFmpeg 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted H... read CVE-2019-11338
    Published: April 18, 2019; 08:29:00 PM -04:00