National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

NVD Dashboard

CVEs Received and Processed

CVEs Received and Processed

Please Wait

Time Period New CVEs Received by NVD New CVEs Analyzed by NVD Modified CVEs Received by NVD Modified CVEs Re-analyzed by NVD
Today {{data.count}}
This Week {{data.count}}
This Month {{data.count}}
Last Month {{data.count}}
This Year {{data.count}}

CVE Status Count

Please Wait

CVE Status Count

{{data.name}} {{data.count}}

CVSS Score Spread

Please Wait

CVSS V3 Score Distribution

Severity Number of Vulns
{{data.name}} {{data.count}}

CVSS V2 Score Distribution

Severity Number of Vulns
{{data.name}} {{data.count}}
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2018-14979 The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains a pre-installed app with a package name of com.asus.loguploader (versionCode=1570000275,... read CVE-2018-14979
    Published: December 28, 2018; 04:29:00 PM -05:00

  • CVE-2019-8953 The HAProxy package before 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, related to haproxy_listeners.php and haproxy_listeners_edit.php.
    Published: February 20, 2019; 11:29:00 AM -05:00

  • CVE-2018-13404 The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from... read CVE-2018-13404
    Published: February 13, 2019; 01:29:00 PM -05:00

  • CVE-2019-5909 License Manager Service of YOKOGAWA products (CENTUM VP (R5.01.00 - R6.06.00), CENTUM VP Entry Class (R5.01.00 - R6.06.00), ProSafe-RS (R3.01.00 - R4.04.00), PRM (R4.01.00 - R4.02.00), B/M9000 VP(R7.01.01 - R8.02.03)) allows remote attackers to bypas... read CVE-2019-5909
    Published: February 13, 2019; 01:29:00 PM -05:00

  • CVE-2019-0255 SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly. That behavior may lead to situation, where business user achieves access to the... read CVE-2019-0255
    Published: February 15, 2019; 01:29:00 PM -05:00

  • CVE-2018-20784 In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load.
    Published: February 22, 2019; 10:29:00 AM -05:00

  • CVE-2019-9015 A Path Traversal vulnerability was discovered in MOPCMS through 2018-11-30, leading to deletion of unexpected critical files. The exploitation point is in the "column management" function. The path added to the column is not verified. When a column i... read CVE-2019-9015
    Published: February 22, 2019; 11:29:00 AM -05:00

  • CVE-2018-19036 An issue was discovered in several Bosch IP cameras for firmware versions 6.32 and higher. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface.
    Published: December 17, 2018; 02:29:00 PM -05:00

  • CVE-2019-8985 On Netis WF2880 and WF2411 2.1.36123 devices, there is a stack-based buffer overflow that does not require authentication. This can cause denial of service (device restart) or remote code execution. This vulnerability can be triggered by a GET reques... read CVE-2019-8985
    Published: February 21, 2019; 02:29:00 PM -05:00

  • CVE-2016-1000271 Joomla extension DT Register version before 3.1.12 (Joomla 3.x) / 2.8.18 (Joomla 2.5) contains an SQL injection in "/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events". This attack appears to be exploitable if the attacker... read CVE-2016-1000271
    Published: February 04, 2019; 04:29:00 PM -05:00

  • CVE-2017-18362 ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. In February 2019, attackers have actively exploited this in the wild to downl... read CVE-2017-18362
    Published: February 05, 2019; 01:29:00 AM -05:00

  • CVE-2019-1698 A vulnerability in the web-based user interface of Cisco Internet of Things Field Network Director (IoT-FND) Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The vulnerabi... read CVE-2019-1698
    Published: February 21, 2019; 04:29:00 PM -05:00

  • CVE-2019-1700 A vulnerability in field-programmable gate array (FPGA) ingress buffer management for the Cisco Firepower 9000 Series with the Cisco Firepower 2-port 100G double-width network module (PID: FPR9K-DNM-2X100G) could allow an unauthenticated, adjacent at... read CVE-2019-1700
    Published: February 21, 2019; 04:29:00 PM -05:00

  • CVE-2019-1691 A vulnerability in the detection engine of Cisco Firepower Threat Defense Software could allow an unauthenticated, remote attacker to cause the unexpected restart of the SNORT detection engine, resulting in a denial of service (DoS) condition. The vu... read CVE-2019-1691
    Published: February 21, 2019; 03:29:00 PM -05:00

  • CVE-2019-1685 A vulnerability in the Security Assertion Markup Language (SAML) single sign-on (SSO) interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface o... read CVE-2019-1685
    Published: February 21, 2019; 03:29:00 PM -05:00

  • CVE-2019-9004 In Eclipse Wakaama (formerly liblwm2m) 1.0, core/er-coap-13/er-coap-13.c in lwm2mserver in the LWM2M server mishandles invalid options, leading to a memory leak. Processing of a single crafted packet leads to leaking (wasting) 24 bytes of memory. Thi... read CVE-2019-9004
    Published: February 22, 2019; 10:29:00 AM -05:00

  • CVE-2019-9003 In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart" loop.
    Published: February 22, 2019; 10:29:00 AM -05:00

    V3: 7.5 HIGH
    V2: 7.8 HIGH

  • CVE-2018-11759 The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs sup... read CVE-2018-11759
    Published: October 31, 2018; 04:29:00 PM -04:00

  • CVE-2019-1681 A vulnerability in the TFTP service of Cisco Network Convergence System 1000 Series software could allow an unauthenticated, remote attacker to retrieve arbitrary files from the targeted device, possibly resulting in information disclosure. The vulne... read CVE-2019-1681
    Published: February 21, 2019; 03:29:00 PM -05:00

  • CVE-2019-9016 An XSS vulnerability was discovered in MOPCMS through 2018-11-30. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[name] parameter in a mod=column request, as demonstrated by the /mopcms/X0AZgf(... read CVE-2019-9016
    Published: February 22, 2019; 11:29:00 AM -05:00