National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2020-0643 — An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI+ Information Disclosure... read CVE-2020-0643
    Published: January 14, 2020; 06:15:32 PM -05:00

    V3.1: 5.5 MEDIUM
        V2: 2.1 LOW

  • CVE-2014-9211 — ClickDesk version 4.3 and below has persistent cross site scripting
    Published: January 14, 2020; 09:15:11 AM -05:00

    V3.1: 6.1 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2020-2682 — Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attack... read CVE-2020-2682
    Published: January 15, 2020; 12:15:25 PM -05:00

    V3.1: 8.2 HIGH
        V2: 4.6 MEDIUM

  • CVE-2020-2681 — Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacke... read CVE-2020-2681
    Published: January 15, 2020; 12:15:25 PM -05:00

    V3.1: 6.5 MEDIUM
        V2: 2.1 LOW

  • CVE-2020-2678 — Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows low privileged attac... read CVE-2020-2678
    Published: January 15, 2020; 12:15:25 PM -05:00

    V3.1: 6.4 MEDIUM
        V2: 3.3 LOW

  • CVE-2020-2683 — Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows lo... read CVE-2020-2683
    Published: January 15, 2020; 12:15:25 PM -05:00

    V3.1: 5.4 MEDIUM
        V2: 5.5 MEDIUM

  • CVE-2020-2684 — Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows lo... read CVE-2020-2684
    Published: January 15, 2020; 12:15:25 PM -05:00

    V3.1: 6.5 MEDIUM
        V2: 4.0 MEDIUM

  • CVE-2020-2685 — Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows un... read CVE-2020-2685
    Published: January 15, 2020; 12:15:26 PM -05:00

    V3.1: 5.4 MEDIUM
        V2: 5.8 MEDIUM

  • CVE-2020-0650 — A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0651, CVE-2020-0653.
    Published: January 14, 2020; 06:15:33 PM -05:00

    V3.1: 7.8 HIGH
        V2: 9.3 HIGH

  • CVE-2020-0651 — A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0650, CVE-2020-0653.
    Published: January 14, 2020; 06:15:33 PM -05:00

    V3.1: 7.8 HIGH
        V2: 9.3 HIGH

  • CVE-2019-17573 — By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack, which allows a malicious actor to inject javascript into... read CVE-2019-17573
    Published: January 16, 2020; 01:15:11 PM -05:00

    V3.1: 6.1 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2019-19858 — An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. admin/add_user/UID allows stored XSS via the author parameter.
    Published: January 15, 2020; 06:15:11 PM -05:00

    V3.1: 4.8 MEDIUM
        V2: 3.5 LOW

  • CVE-2019-19856 — An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. The User Type on the admin/list_user page allows stored XSS via the type parameter.
    Published: January 15, 2020; 06:15:11 PM -05:00

    V3.1: 4.8 MEDIUM
        V2: 3.5 LOW

  • CVE-2019-19855 — An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. admin/list_user allows stored XSS via the auth_type parameter.
    Published: January 15, 2020; 06:15:11 PM -05:00

    V3.1: 4.8 MEDIUM
        V2: 3.5 LOW

  • CVE-2019-19854 — An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. It does not use CSRF Tokens to mitigate against CSRF; it uses the Origin header (which must match the request origin). This is problematic in conjunction wit... read CVE-2019-19854
    Published: January 15, 2020; 06:15:11 PM -05:00

    V3.1: 8.8 HIGH
        V2: 6.8 MEDIUM

  • CVE-2020-2710 — Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network acc... read CVE-2020-2710
    Published: January 15, 2020; 12:15:27 PM -05:00

    V3.1: 5.4 MEDIUM
        V2: 5.5 MEDIUM

  • CVE-2020-2709 — Vulnerability in the Oracle iLearning product of Oracle iLearning (component: Learner Pages). The supported version that is affected is 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise O... read CVE-2020-2709
    Published: January 15, 2020; 12:15:27 PM -05:00

    V3.1: 4.7 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2020-2705 — Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacke... read CVE-2020-2705
    Published: January 15, 2020; 12:15:27 PM -05:00

    V3.1: 6.5 MEDIUM
        V2: 2.1 LOW

  • CVE-2020-2699 — Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows lo... read CVE-2020-2699
    Published: January 15, 2020; 12:15:26 PM -05:00

    V3.1: 7.1 HIGH
        V2: 5.5 MEDIUM

  • CVE-2020-2697 — Vulnerability in the Oracle Hospitality Suites Management component of Oracle Food and Beverage Applications. Supported versions that are affected are 3.7 and 3.8. Easily exploitable vulnerability allows physical access to compromise Oracle Hospitali... read CVE-2020-2697
    Published: January 15, 2020; 12:15:26 PM -05:00

    V3.1: 4.9 MEDIUM
        V2: 3.2 LOW