National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

NVD Dashboard

CVEs Received and Processed

CVEs Received and Processed

Please Wait

Time Period New CVEs Received by NVD New CVEs Analyzed by NVD Modified CVEs Received by NVD Modified CVEs Re-analyzed by NVD
Today {{data.count}}
This Week {{data.count}}
This Month {{data.count}}
Last Month {{data.count}}
This Year {{data.count}}

CVE Status Count

Please Wait

CVE Status Count

{{data.name}} {{data.count}}

CVSS Score Spread

Please Wait

CVSS V3 Score Distribution

Severity Number of Vulns
{{data.name}} {{data.count}}

CVSS V2 Score Distribution

Severity Number of Vulns
{{data.name}} {{data.count}}
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2019-12875 Alpine Linux abuild through 3.4.0 allows an unprivileged member of the abuild group to add an untrusted package via a --keys-dir option that causes acceptance of an untrusted signing key.
    Published: June 18, 2019; 03:15:11 PM -04:00

  • CVE-2019-12436 Samba 4.10.x before 4.10.5 has a NULL pointer dereference, leading to an AD DC LDAP server Denial of Service. This is related to an attacker using the paged search control. The attacker must have directory read access in order to attempt an exploit.
    Published: June 19, 2019; 08:15:10 AM -04:00

  • CVE-2019-0316 SAP NetWeaver Process Integration, versions: SAP_XIESR: 7.20, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate user-controlled inputs, which allows an attacker possessing admin privileges to read and modify data from t... read CVE-2019-0316
    Published: June 14, 2019; 03:29:00 PM -04:00

  • CVE-2019-10085 In Apache Allura prior to 1.11.0, a vulnerability exists for stored XSS on the user dropdown selector when creating or editing tickets. The XSS executes when a user engages with that dropdown on that page.
    Published: June 18, 2019; 08:15:12 PM -04:00

  • CVE-2019-3954 Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 81024 RPC call.
    Published: June 18, 2019; 08:15:13 PM -04:00

  • CVE-2019-3953 Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 10012 RPC call.
    Published: June 18, 2019; 07:15:10 PM -04:00

  • CVE-2018-18863 NGA ResourceLink 20.0.2.1 allows local file inclusion.
    Published: June 19, 2019; 12:15:10 PM -04:00

  • CVE-2019-10962 BD Alaris Gateway versions, 1.0.13,1.1.3 Build 10,1.1.3 MR Build 11,1.1.5, and 1.1.6, The web browser user interface on the Alaris Gateway Workstation does not prevent an attacker with knowledge of the IP address of the Alaris Gateway Workstation ter... read CVE-2019-10962
    Published: June 13, 2019; 05:29:15 PM -04:00

  • CVE-2019-7579 An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. An ability exists for an unauthenticated user to browse a confidential ui/1.0.99.187766/dynamic/js/setup.js.localized file on the router's webserver, allowing for an attacker to iden... read CVE-2019-7579
    Published: June 17, 2019; 03:15:11 PM -04:00

  • CVE-2019-4303 IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a tr... read CVE-2019-4303
    Published: June 19, 2019; 10:15:10 AM -04:00

  • CVE-2019-4364 IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680.
    Published: June 19, 2019; 10:15:11 AM -04:00

    V3: 8.0 HIGH
    V2: 8.5 HIGH

  • CVE-2019-12828 An issue was discovered in Electronic Arts Origin before 10.5.39. Due to improper sanitization of the origin:// and origin2:// URI schemes, it is possible to inject additional arguments into the Origin process and ultimately leverage code execution b... read CVE-2019-12828
    Published: June 14, 2019; 04:29:00 PM -04:00

  • CVE-2015-2125 Unspecified vulnerability in HP WebInspect 7.x through 10.4 before 10.4 update 1 allows remote authenticated users to bypass intended access restrictions via unknown vectors.
    Published: June 07, 2015; 02:59:06 PM -04:00

  • CVE-2019-12592 A universal Cross-site scripting (UXSS) vulnerability in the Evernote Web Clipper extension before 7.11.1 for Chrome allows remote attackers to run arbitrary web script or HTML in the context of any loaded 3rd-party IFrame.
    Published: June 18, 2019; 05:15:10 PM -04:00

  • CVE-2019-6114 An issue was discovered in Corel PaintShop Pro 2019 21.0.0.119. An integer overflow in the jp2 parsing library allows an attacker to overwrite memory and to execute arbitrary code.
    Published: June 19, 2019; 12:15:11 PM -04:00

  • CVE-2019-11649 Cross-site scripting in Micro Focus Fortify software security center server, version 18.1, 18.2. The vulnerability may allow remote code execution.
    Published: June 19, 2019; 01:15:11 PM -04:00

  • CVE-2019-9842 madskristensen MiniBlog through 2018-05-18 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in app_code/handlers/PostHandler.cs writes a decoded base64 string to a file without valida... read CVE-2019-9842
    Published: June 14, 2019; 04:29:00 PM -04:00

  • CVE-2018-18958 OPNsense 18.7.x before 18.7.7 has Incorrect Access Control.
    Published: June 17, 2019; 05:15:09 PM -04:00

  • CVE-2019-12549 WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded private keys for the SSH daemon. The fingerprint of the SSH host key from the corresponding SSH daemon matches the embedded private key.
    Published: June 17, 2019; 01:15:11 PM -04:00

  • CVE-2019-4385 IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password in the IBM Spectrum Protect Plus Joblog. This can result in an attacker gaining access to sensitive information as well as vSnap. IBM X-Force ID: 162173.
    Published: June 19, 2019; 10:15:11 AM -04:00