National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

NVD Dashboard

CVEs Received and Processed

CVEs Received and Processed

Please Wait

Time Period New CVEs Received by NVD New CVEs Analyzed by NVD Modified CVEs Received by NVD Modified CVEs Re-analyzed by NVD
Today {{data.count}}
This Week {{data.count}}
This Month {{data.count}}
Last Month {{data.count}}
This Year {{data.count}}

CVE Status Count

Please Wait

CVE Status Count

{{data.name}} {{data.count}}

CVSS Score Spread

Please Wait

CVSS V3 Score Distribution

Severity Number of Vulns
{{data.name}} {{data.count}}

CVSS V2 Score Distribution

Severity Number of Vulns
{{data.name}} {{data.count}}
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2019-0584 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Win... read CVE-2019-0584
    Published: January 08, 2019; 04:29:02 PM -05:00

    V3: 7.8 HIGH
    V2: 9.3 HIGH

  • CVE-2018-1000416 A reflected cross-site scripting vulnerability exists in Jenkins Job Config History Plugin 2.18 and earlier in all Jelly files that shows arbitrary attacker-specified HTML in Jenkins to users with Job/Configure access.
    Published: January 09, 2019; 06:29:02 PM -05:00

  • CVE-2018-1000413 A cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in configfiles.jelly, providerlist.jelly that allows users with the ability to configure configuration files to insert arbitrary HTML into some pages i... read CVE-2018-1000413
    Published: January 09, 2019; 06:29:02 PM -05:00

  • CVE-2018-0635 Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via filename parameter.
    Published: January 09, 2019; 06:29:00 PM -05:00

    V3: 7.2 HIGH
    V2: 9.0 HIGH

  • CVE-2018-0636 Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter of a certain URL, different URL from CVE-2018-0634.
    Published: January 09, 2019; 06:29:00 PM -05:00

    V3: 7.2 HIGH
    V2: 9.0 HIGH

  • CVE-2018-0637 Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via export.cgi encKey parameter.
    Published: January 09, 2019; 06:29:00 PM -05:00

    V3: 7.2 HIGH
    V2: 9.0 HIGH

  • CVE-2018-0638 Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via import.cgi encKey parameter.
    Published: January 09, 2019; 06:29:01 PM -05:00

    V3: 7.2 HIGH
    V2: 9.0 HIGH

  • CVE-2018-20392 S-A WebSTAR DPC2100 v2.0.2r1256-060303 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
    Published: December 23, 2018; 04:29:01 PM -05:00

  • CVE-2018-16082 An out of bounds read in Swiftshader in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
    Published: January 09, 2019; 02:29:02 PM -05:00

  • CVE-2018-16071 A use after free in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
    Published: January 09, 2019; 02:29:01 PM -05:00

  • CVE-2018-16079 A race condition between permission prompts and navigations in Prompts in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
    Published: January 09, 2019; 02:29:02 PM -05:00

  • CVE-2018-20065 Handling of URI action in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to initiate potentially unsafe navigations without a user gesture via a crafted PDF file.
    Published: January 09, 2019; 02:29:03 PM -05:00

  • CVE-2018-17470 A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
    Published: January 09, 2019; 02:29:02 PM -05:00

  • CVE-2018-0705 Directory traversal vulnerability in Cybozu Dezie 8.0.2 to 8.1.2 allows remote attackers to read arbitrary files via HTTP requests.
    Published: January 09, 2019; 06:29:02 PM -05:00

  • CVE-2018-0704 Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via Keitai Screen.
    Published: January 09, 2019; 06:29:02 PM -05:00

  • CVE-2018-0703 Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via HTTP requests.
    Published: January 09, 2019; 06:29:02 PM -05:00

  • CVE-2018-0702 Directory traversal vulnerability in Cybozu Mailwise 5.0.0 to 5.4.5 allows remote attackers to delete arbitrary files via unspecified vectors.
    Published: January 09, 2019; 06:29:02 PM -05:00

  • CVE-2018-20663 The Reporting Addon (aka Reports Addon) through 2019-01-02 for CUBA Platform through 6.10.x has Persistent XSS via the "Reports > Reports" name field.
    Published: January 03, 2019; 02:29:01 PM -05:00

  • CVE-2018-18584 In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.
    Published: October 22, 2018; 10:29:00 PM -04:00

  • CVE-2019-5721 In Wireshark 2.4.0 to 2.4.11, the ENIP dissector could crash. This was addressed in epan/dissectors/packet-enip.c by changing the memory-management approach so that a use-after-free is avoided.
    Published: January 08, 2019; 06:29:00 PM -05:00