National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2018-0378 A vulnerability in the Precision Time Protocol (PTP) feature of Cisco Nexus 5500, 5600, and 6000 Series Switches running Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected... read CVE-2018-0378
    Published: October 17, 2018; 05:49:52 PM -04:00

    V3: 8.6 HIGH
    V2: 7.8 HIGH

  • CVE-2018-7111 A remote unauthorized access vulnerability was identified in HPE UIoT versions 1.5, 1.4.0, 1.4.1, 1.4.2, 1.2.4.2. Specifically, there is a malfunction identified in some section of the DSM portal and some DSM APIs. The impact of the malfunction is th... read CVE-2018-7111
    Published: October 17, 2018; 09:29:00 AM -04:00

  • CVE-2018-6333 The hhvm-attach deep link handler in Nuclide did not properly sanitize the provided hostname parameter when rendering. As a result, a malicious URL could be used to render HTML and other content inside of the editor's context, which could potentially... read CVE-2018-6333
    Published: December 31, 2018; 06:29:00 PM -05:00

  • CVE-2019-8314 An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitr... read CVE-2019-8314
    Published: February 12, 2019; 10:29:00 PM -05:00

    V3: 8.8 HIGH
    V2: 9.0 HIGH

  • CVE-2019-8312 An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitr... read CVE-2019-8312
    Published: February 12, 2019; 10:29:00 PM -05:00

    V3: 8.8 HIGH
    V2: 9.0 HIGH

  • CVE-2019-8319 An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitr... read CVE-2019-8319
    Published: February 12, 2019; 10:29:00 PM -05:00

    V3: 8.8 HIGH
    V2: 9.0 HIGH

  • CVE-2019-8315 An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitr... read CVE-2019-8315
    Published: February 12, 2019; 10:29:00 PM -05:00

    V3: 8.8 HIGH
    V2: 9.0 HIGH

  • CVE-2019-8316 An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitr... read CVE-2019-8316
    Published: February 12, 2019; 10:29:00 PM -05:00

    V3: 8.8 HIGH
    V2: 9.0 HIGH

  • CVE-2018-5497 Clustered Data ONTAP versions prior to 9.1P16, 9.3P10 and 9.4P5 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user.
    Published: January 24, 2019; 03:29:00 PM -05:00

  • CVE-2019-1000011 API Platform version from 2.2.0 to 2.3.5 contains an Incorrect Access Control vulnerability in GraphQL delete mutations that can result in a user authorized to delete a resource can delete any resource. This attack appears to be exploitable via the u... read CVE-2019-1000011
    Published: February 04, 2019; 04:29:01 PM -05:00

  • CVE-2019-6496 The ThreadX-based firmware on Marvell Avastar Wi-Fi devices, models 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997, allows remote attackers to execute arbitrary code or cause a denial of service (block pool overflow) via malformed Wi-Fi packets duri... read CVE-2019-6496
    Published: January 20, 2019; 03:29:00 PM -05:00

    V3: 8.8 HIGH
    V2: 8.3 HIGH

  • CVE-2018-15796 Cloud Foundry Bits Service Release, versions prior to 2.14.0, uses an insecure hashing algorithm to sign URLs. A remote malicious user may obtain a signed URL and extract the signing key, allowing them complete read and write access to the the Bits S... read CVE-2018-15796
    Published: November 09, 2018; 05:29:00 PM -05:00

  • CVE-2019-6339 In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code... read CVE-2019-6339
    Published: January 22, 2019; 10:29:00 AM -05:00

  • CVE-2019-0015 A vulnerability in the SRX Series Service Gateway allows deleted dynamic VPN users to establish dynamic VPN connections until the device is rebooted. A deleted dynamic VPN connection should be immediately disallowed from establishing new VPN connecti... read CVE-2019-0015
    Published: January 15, 2019; 04:29:01 PM -05:00

  • CVE-2019-7659 Genivia gSOAP 2.7.x and 2.8.x before 2.8.75 allows attackers to cause a denial of service (application abort) or possibly have unspecified other impact if a server application is built with the -DWITH_COOKIES flag. This affects the C/C++ libgsoapck/l... read CVE-2019-7659
    Published: February 09, 2019; 09:29:00 AM -05:00

  • CVE-2019-3818 The kube-rbac-proxy container before version 0.4.1 as used in Red Hat OpenShift Container Platform does not honor TLS configurations, allowing for use of insecure ciphers and TLS 1.0. An attacker could target traffic sent over a TLS connection with a... read CVE-2019-3818
    Published: February 05, 2019; 12:29:00 PM -05:00

  • CVE-2019-1000003 MapSVG MapSVG Lite version 3.2.3 contains a Cross Site Request Forgery (CSRF) vulnerability in REST endpoint /wp-admin/admin-ajax.php?action=mapsvg_save that can result in an attacker can modify post data, including embedding javascript. This attack... read CVE-2019-1000003
    Published: February 04, 2019; 04:29:00 PM -05:00

  • CVE-2018-0187 A vulnerability in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain confidential information for privileged accounts. The vulnerability is due to the improper handling of confidential in... read CVE-2018-0187
    Published: January 23, 2019; 05:29:00 PM -05:00

  • CVE-2019-1645 A vulnerability in the Cisco Connected Mobile Experiences (CMX) software could allow an unauthenticated, adjacent attacker to access sensitive data on an affected device. The vulnerability is due to a lack of input and validation checking mechanisms... read CVE-2019-1645
    Published: January 24, 2019; 10:29:00 AM -05:00

  • CVE-2019-1658 A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The... read CVE-2019-1658
    Published: January 24, 2019; 11:29:00 AM -05:00