National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2017-7981 Tuleap before 9.7 allows command injection via the PhpWiki 1.3.10 SyntaxHighlighter plugin. This occurs in the Project Wiki component because the proc_open PHP function is used within PhpWiki before 1.5.5 with a syntax value in its first argument, an... read CVE-2017-7981
    Published: April 29, 2017; 12:59:00 PM -04:00

    V3: 8.8 HIGH
    V2: 9.0 HIGH

  • CVE-2016-4627 IOAcceleratorFamily in Apple iOS before 9.3.3, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors.
    Published: July 21, 2016; 10:59:47 PM -04:00

    V3: 7.8 HIGH
    V2: 7.2 HIGH

  • CVE-2018-12815 Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current... read CVE-2018-12815
    Published: July 20, 2018; 03:29:02 PM -04:00

  • CVE-2018-2927 Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: HTTP data path subsystems). The supported version that is affected is Prior to 8.7.18. Easily exploitable vulnerability allows low p... read CVE-2018-2927
    Published: July 18, 2018; 09:29:01 AM -04:00

  • CVE-2017-8636 Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the conte... read CVE-2017-8636
    Published: August 08, 2017; 05:29:00 PM -04:00

    V3: 7.5 HIGH
    V2: 7.6 HIGH

  • CVE-2017-8634 Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine... read CVE-2017-8634
    Published: August 08, 2017; 05:29:00 PM -04:00

    V3: 7.5 HIGH
    V2: 7.6 HIGH

  • CVE-2017-8625 Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to bypass Device Guard User Mode Code Integrity (UMCI) policies due to Internet Explorer failing to validate UMCI policies, aka "Internet Explorer Secu... read CVE-2017-8625
    Published: August 08, 2017; 05:29:00 PM -04:00

  • CVE-2017-8536 The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, a... read CVE-2017-8536
    Published: May 26, 2017; 04:29:00 PM -04:00

  • CVE-2017-8535 The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, a... read CVE-2017-8535
    Published: May 26, 2017; 04:29:00 PM -04:00

  • CVE-2018-3053 Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation component of Oracle Retail Applications (subcomponent: Internal Operations). Supported versions that are affected are 16.x and 17.x. Easily exploitable vulnerability a... read CVE-2018-3053
    Published: July 18, 2018; 09:29:07 AM -04:00

  • CVE-2018-2981 Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0, 12.4.0... read CVE-2018-2981
    Published: July 18, 2018; 09:29:04 AM -04:00

  • CVE-2019-9835 The receiver (aka bridge) component of Fujitsu Wireless Keyboard Set LX901 GK900 devices allows Keystroke Injection. This occurs because it accepts unencrypted 2.4 GHz packets, even though all legitimate communication uses AES encryption.
    Published: March 15, 2019; 02:29:00 PM -04:00

  • CVE-2017-9344 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero. This was addressed in epan/dissectors/packet-btl2cap.c by validating an interval value.
    Published: June 02, 2017; 01:29:00 AM -04:00

  • CVE-2017-9343 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer. This was addressed in epan/dissectors/packet-msnip.c by validating an IPv4 address.
    Published: June 02, 2017; 01:29:00 AM -04:00

  • CVE-2017-9346 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-slsk.c by making loop bounds more explicit.
    Published: June 02, 2017; 01:29:00 AM -04:00

    V3: 7.5 HIGH
    V2: 7.8 HIGH

  • CVE-2017-9345 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dns.c by trying to detect self-referencing pointers.
    Published: June 02, 2017; 01:29:00 AM -04:00

    V3: 7.5 HIGH
    V2: 7.8 HIGH

  • CVE-2017-9347 In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/asn1/ros/packet-ros-template.c by validating an OID.
    Published: June 02, 2017; 01:29:00 AM -04:00

  • CVE-2018-2919 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Unified Navigation). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacke... read CVE-2018-2919
    Published: July 18, 2018; 09:29:01 AM -04:00

  • CVE-2018-2895 Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0, 14.0.0 and 14.1.0. Easily exploitable vulnerabilit... read CVE-2018-2895
    Published: July 18, 2018; 09:29:00 AM -04:00

  • CVE-2018-2897 Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.3.0, 14.0.0 and 14.1.0. Easily exploitabl... read CVE-2018-2897
    Published: July 18, 2018; 09:29:00 AM -04:00