National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2019-1858 A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the SNMP application to leak system memory, which could c... read CVE-2019-1858
    Published: May 15, 2019; 10:29:00 PM -04:00

  • CVE-2019-1795 A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due... read CVE-2019-1795
    Published: May 15, 2019; 05:29:03 PM -04:00

  • CVE-2019-12163 GAT-Ship Web Module through 1.30 allows remote attackers to obtain potentially sensitive information via {} in a ws/gatshipWs.asmx/SqlVersion request.
    Published: May 17, 2019; 05:29:00 PM -04:00

  • CVE-2019-12208 njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c.
    Published: May 20, 2019; 10:29:00 AM -04:00

  • CVE-2019-12207 njs through 0.3.1, used in NGINX, has a heap-based buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c.
    Published: May 20, 2019; 10:29:00 AM -04:00

  • CVE-2019-12206 njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c.
    Published: May 20, 2019; 10:29:00 AM -04:00

  • CVE-2019-0727 An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the... read CVE-2019-0727
    Published: May 16, 2019; 03:29:00 PM -04:00

    V3: 7.8 HIGH
    V2: 7.2 HIGH

  • CVE-2019-12173 MacDown 0.7.1 (870) allows remote code execution via a file:\\\ URI, with a .app pathname, in the HREF attribute of an A element. This is different from CVE-2019-12138.
    Published: May 17, 2019; 08:29:00 PM -04:00

  • CVE-2019-1825 A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist bec... read CVE-2019-1825
    Published: May 15, 2019; 09:29:00 PM -04:00

  • CVE-2019-1824 A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist bec... read CVE-2019-1824
    Published: May 15, 2019; 09:29:00 PM -04:00

  • CVE-2019-1822 A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying o... read CVE-2019-1822
    Published: May 15, 2019; 09:29:00 PM -04:00

    V3: 7.2 HIGH
    V2: 9.0 HIGH

  • CVE-2019-0132 Data Corruption in Intel Unite(R) Client before version 3.3.176.13 may allow an unauthenticated user to potentially cause a denial of service via network access.
    Published: May 17, 2019; 12:29:01 PM -04:00

  • CVE-2014-1817 usp10.dll in Uniscribe (aka the Unicode Script Processor) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Of... read CVE-2014-1817
    Published: June 11, 2014; 12:56:18 AM -04:00

    V2: 9.3 HIGH

  • CVE-2019-0138 Improper directory permissions in Intel(R) ACU Wizard version 12.0.0.129 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.
    Published: May 17, 2019; 12:29:02 PM -04:00

  • CVE-2019-12184 There is XSS in browser/components/MarkdownPreview.js in BoostIO Boostnote 0.11.15 via a label named flowchart, sequence, gallery, or chart, as demonstrated by a crafted SRC attribute of an IFRAME element, a different vulnerability than CVE-2019-1213... read CVE-2019-12184
    Published: May 19, 2019; 03:29:00 PM -04:00

  • CVE-2019-11057 SQL injection vulnerability in Vtiger CRM before 7.1.0 hotfix3 allows authenticated users to execute arbitrary SQL commands.
    Published: May 17, 2019; 01:29:00 PM -04:00

  • CVE-2019-5883 An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 6.0 and later but before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. The issue comments feature could allow a user to comment on an issue which t... read CVE-2019-5883
    Published: May 17, 2019; 12:29:03 PM -04:00

  • CVE-2018-20500 An insecure permissions issue was discovered in GitLab Community and Enterprise Edition 9.4 and later but before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. The runner registration token in the CI/CD settings could not be reset. This was... read CVE-2018-20500
    Published: May 17, 2019; 12:29:00 PM -04:00

  • CVE-2018-19585 GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1 have CRLF Injection in Project Mirroring when using the Git protocol.
    Published: May 17, 2019; 12:29:00 PM -04:00

  • CVE-2019-5955 CREATE SD official App for Android version 1.0.2 and earlier allows remote attackers to bypass access restriction to lead a user to access an arbitrary website via vulnerable application and conduct phishing attacks.
    Published: May 17, 2019; 12:29:05 PM -04:00