National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2016-10968 — The peepso-core plugin before 1.6.1 for WordPress has PeepSoProfilePreferencesAjax->save() privilege escalation.
    Published: September 16, 2019; 09:15:11 AM -04:00

    V3.1: 8.8 HIGH
        V2: 6.5 MEDIUM

  • CVE-2018-21015 — AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. There is "cfg_new->AVCLevelIndication = cfg->AVCLevelIndication;... read CVE-2018-21015
    Published: September 16, 2019; 09:15:11 AM -04:00

    V3.1: 6.5 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2018-21016 — audio_sample_entry_AddBox() at isomedia/box_code_base.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
    Published: September 16, 2019; 09:15:11 AM -04:00

    V3.1: 6.5 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2018-21017 — GPAC 0.7.1 has a memory leak in dinf_Read in isomedia/box_code_base.c.
    Published: September 16, 2019; 09:15:11 AM -04:00

    V3.1: 6.5 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2019-16353 — Emerson GE Automation Proficy Machine Edition 8.0 allows an access violation and application crash via crafted traffic from a remote device, as demonstrated by an RX7i device.
    Published: September 16, 2019; 10:15:10 AM -04:00

    V3.1: 7.5 HIGH
        V2: 5.0 MEDIUM

  • CVE-2016-10977 — The nelio-ab-testing plugin before 4.5.0 for WordPress has filename=..%2f directory traversal.
    Published: September 17, 2019; 11:15:11 AM -04:00

    V3.1: 6.5 MEDIUM
        V2: 4.0 MEDIUM

  • CVE-2016-10990 — The wp-cerber plugin before 2.7 for WordPress has XSS via the X-Forwarded-For HTTP header.
    Published: September 17, 2019; 11:15:12 AM -04:00

    V3.1: 6.1 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2019-15737 — An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Certain account actions needed improved authentication and session management.
    Published: September 16, 2019; 02:15:11 PM -04:00

    V3.1: 6.5 MEDIUM
        V2: 6.4 MEDIUM

  • CVE-2016-10975 — The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has reflected XSS via the skin parameter.
    Published: September 17, 2019; 11:15:11 AM -04:00

    V3.1: 6.1 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2019-16264 — In Escuela de Gestion Publica Plurinacional (EGPP) Sistema Integrado de Gestion Academica (GESAC) v1, the username parameter of the authentication form is vulnerable to SQL injection, allowing attackers to access the database.
    Published: September 16, 2019; 09:15:11 AM -04:00

    V3.1: 9.8 CRITICAL
        V2: 7.5 HIGH

  • CVE-2016-10985 — The echosign plugin before 1.2 for WordPress has XSS via the templates/add_templates.php id parameter.
    Published: September 17, 2019; 11:15:12 AM -04:00

    V3.1: 6.1 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2019-11559 — A reflected Cross-site scripting (XSS) vulnerability in HRworks V 1.16.1 allows remote attackers to inject arbitrary web script or HTML via the URL parameter to the Login component.
    Published: September 17, 2019; 11:15:13 AM -04:00

    V3.1: 6.1 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2016-10989 — The leenkme plugin before 2.6.0 for WordPress has wp-admin/admin.php?page=leenkme_facebook CSRF.
    Published: September 17, 2019; 11:15:12 AM -04:00

    V3.1: 8.8 HIGH
        V2: 6.8 MEDIUM

  • CVE-2016-10993 — The ScoreMe theme through 2016-04-01 for WordPress has XSS via the s parameter.
    Published: September 17, 2019; 11:15:12 AM -04:00

    V3.1: 5.4 MEDIUM
        V2: 3.5 LOW

  • CVE-2016-10974 — The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has frs_save CSRF with resultant stored XSS.
    Published: September 17, 2019; 11:15:11 AM -04:00

    V3.1: 8.8 HIGH
        V2: 6.8 MEDIUM

  • CVE-2019-16349 — Bento4 1.5.1-628 has a NULL pointer dereference in AP4_ByteStream::ReadUI32 in Core/Ap4ByteStream.cpp when called from the AP4_TrunAtom class.
    Published: September 16, 2019; 09:15:12 AM -04:00

    V3.1: 5.5 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2019-13990 — initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.
    Published: July 26, 2019; 03:15:11 PM -04:00

    V3.1: 9.8 CRITICAL
        V2: 7.5 HIGH

  • CVE-2019-15722 — An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.2.1. Particular mathematical expressions in GitLab Markdown can exhaust client resources.
    Published: September 16, 2019; 01:15:13 PM -04:00

    V3.1: 7.5 HIGH
        V2: 5.0 MEDIUM

  • CVE-2019-9008 — An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30. A user with low privileges can take full control over the runtime.
    Published: September 17, 2019; 10:15:10 AM -04:00

    V3.1: 8.8 HIGH
        V2: 6.5 MEDIUM

  • CVE-2019-11774 — Prior to 0.1, all builds of Eclipse OMR contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may no... read CVE-2019-11774
    Published: September 12, 2019; 02:15:11 PM -04:00

    V3.1: 7.4 HIGH
        V2: 5.8 MEDIUM