National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

NVD Dashboard

CVEs Received and Processed

CVEs Received and Processed

Please Wait

Time Period New CVEs Received by NVD New CVEs Analyzed by NVD Modified CVEs Received by NVD Modified CVEs Re-analyzed by NVD
Today {{data.count}}
This Week {{data.count}}
This Month {{data.count}}
Last Month {{data.count}}
This Year {{data.count}}

CVE Status Count

Please Wait

CVE Status Count

{{data.name}} {{data.count}}

CVSS Score Spread

Please Wait

CVSS V3 Score Distribution

Severity Number of Vulns
{{data.name}} {{data.count}}

CVSS V2 Score Distribution

Severity Number of Vulns
{{data.name}} {{data.count}}
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2017-5461 Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other i... read CVE-2017-5461
    Published: May 10, 2017; 09:29:05 PM -04:00

  • CVE-2018-8838 A weakness in access controls in CENTUM CS 1000 all versions, CENTUM CS 3000 versions R3.09.50 and earlier, CENTUM CS 3000 Small versions R3.09.50 and earlier, CENTUM VP versions R6.03.10 and earlier, CENTUM VP Small versions R6.03.10 and earlier, CE... read CVE-2018-8838
    Published: April 17, 2018; 05:29:00 PM -04:00

  • CVE-2002-0848 Cisco VPN 5000 series concentrator hardware 6.0.21.0002 and earlier, and 5.2.23.0003 and earlier, when using RADIUS with a challenge type of Password Authentication Protocol (PAP) or Challenge, sends the user password in cleartext in a validation ret... read CVE-2002-0848
    Published: August 12, 2002; 12:00:00 AM -04:00

  • CVE-2001-1056 IRC DCC helper in the ip_masq_irc IP masquerading module 2.2 allows remote attackers to bypass intended firewall restrictions by causing the target system to send a "DCC SEND" request to a malicious server which listens on port 6667, which may cause... read CVE-2001-1056
    Published: July 30, 2001; 12:00:00 AM -04:00

    V2: 7.5 HIGH

  • CVE-2018-4010 An exploitable code execution vulnerability exists in the connect functionality of ProtonVPN VPN client 1.5.1. A specially crafted configuration file can cause a privilege escalation, resulting in the ability to execute arbitrary commands with the sy... read CVE-2018-4010
    Published: September 07, 2018; 11:29:01 AM -04:00

    V3: 8.8 HIGH
    V2: 7.2 HIGH

  • CVE-2018-3952 An exploitable code execution vulnerability exists in the connect functionality of NordVPN 6.14.28.0. A specially crafted configuration file can cause a privilege escalation, resulting in the execution of arbitrary commands with system privileges.
    Published: September 07, 2018; 11:29:01 AM -04:00

    V3: 8.8 HIGH
    V2: 7.2 HIGH

  • CVE-2017-10936 SQL injection vulnerability in all versions prior to V4.01.01 of the ZTE ZXCDN-SNS product allows remote attackers to execute arbitrary SQL commands via the aoData parameter, resulting in the disclosure of database information.
    Published: July 25, 2018; 11:29:00 AM -04:00

  • CVE-2017-5985 lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check.
    Published: March 14, 2017; 01:59:00 PM -04:00

    V3: 3.3 LOW
    V2: 2.1 LOW

  • CVE-2017-10937 SQL injection vulnerability in all versions prior to V2.01.05.09 of the ZTE ZXIPTV-UCM product allows remote attackers to execute arbitrary SQL commands via the opertype parameter, resulting in the disclosure of database information.
    Published: July 25, 2018; 11:29:00 AM -04:00

  • CVE-2018-6677 Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors.
    Published: July 23, 2018; 09:29:00 AM -04:00

  • CVE-2018-1999023 The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code execution outside the sandbox. This attack appear to be exploitable via Loading specially-crafted... read CVE-2018-1999023
    Published: July 23, 2018; 12:29:00 PM -04:00

  • CVE-2018-1999020 Open Networking Foundation (ONF) ONOS version 1.13.2 and earlier version contains a Directory Traversal vulnerability in core/common/src/main/java/org/onosproject/common/app/ApplicationArchive.java line 35 that can result in arbitrary file deletion (... read CVE-2018-1999020
    Published: July 23, 2018; 11:29:00 AM -04:00

  • CVE-2018-1999009 October CMS version prior to Build 437 contains a Local File Inclusion vulnerability in modules/system/traits/ViewMaker.php#244 (makeFileContents function) that can result in Sensitive information disclosure and remote code execution. This attack app... read CVE-2018-1999009
    Published: July 23, 2018; 11:29:00 AM -04:00

  • CVE-2018-14573 A Local File Inclusion (LFI) vulnerability exists in the Web Interface API of TightRope Media Carousel Digital Signage before 7.3.5. The RenderingFetch API allows for the downloading of arbitrary files through the use of directory traversal sequences... read CVE-2018-14573
    Published: July 23, 2018; 07:29:00 PM -04:00

  • CVE-2018-14565 An issue was discovered in libthulac.so in THULAC through 2018-02-25. A heap-based buffer over-read can occur in NGramFeature::find_bases in include/cb_ngram_feature.h.
    Published: July 23, 2018; 10:29:00 AM -04:00

  • CVE-2018-14564 An issue was discovered in libthulac.so in THULAC through 2018-02-25. A SEGV can occur in NGramFeature::find_bases in include/cb_ngram_feature.h.
    Published: July 23, 2018; 10:29:00 AM -04:00

  • CVE-2018-14563 An issue was discovered in libthulac.so in THULAC through 2018-02-25. "operator delete" is used with "operator new[]" in the TaggingLearner class in include/cb_tagging_learner.h, possibly leading to memory corruption.
    Published: July 23, 2018; 10:29:00 AM -04:00

  • CVE-2018-14562 An issue was discovered in libthulac.so in THULAC through 2018-02-25. A NULL pointer dereference can occur in the BasicModel class in include/cb_model.h.
    Published: July 23, 2018; 10:29:00 AM -04:00

  • CVE-2018-14549 An issue has been found in libwav through 2017-04-20. It is a SEGV in the function wav_write in libwav.c.
    Published: July 23, 2018; 04:29:00 AM -04:00

  • CVE-2018-14335 An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database file.
    Published: July 24, 2018; 09:29:00 AM -04:00