National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2018-10374 EasyCMS 1.3 has XSS via the s POST parameter (aka a search box value) in an index.php?s=/index/search/index.html request.
    Published: April 25, 2018; 05:29:00 AM -04:00

  • CVE-2017-2899 An exploitable integer overflow exists in the TIFF loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.tif' file can cause an integer overflow resulting in a buffer overflow which can allow for code... read CVE-2017-2899
    Published: April 24, 2018; 03:29:02 PM -04:00

  • CVE-2017-12105 An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c applies a particular object modifier to a Mesh. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which... read CVE-2017-12105
    Published: April 24, 2018; 03:29:01 PM -04:00

  • CVE-2017-12104 An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c draws a Particle object. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code exe... read CVE-2017-12104
    Published: April 24, 2018; 03:29:01 PM -04:00

  • CVE-2017-12103 An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts text rendered as a font into a curve. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which... read CVE-2017-12103
    Published: April 24, 2018; 03:29:01 PM -04:00

  • CVE-2017-12102 An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts curves to polygons. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code... read CVE-2017-12102
    Published: April 24, 2018; 03:29:01 PM -04:00

  • CVE-2017-12101 An exploitable integer overflow exists in the 'modifier_mdef_compact_influences' functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can... read CVE-2017-12101
    Published: April 24, 2018; 03:29:01 PM -04:00

  • CVE-2017-12100 An exploitable integer overflow exists in the 'multires_load_old_dm' functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for c... read CVE-2017-12100
    Published: April 24, 2018; 03:29:01 PM -04:00

  • CVE-2017-12099 An exploitable integer overflow exists in the upgrade of the legacy Mesh attribute 'tface' of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can all... read CVE-2017-12099
    Published: April 24, 2018; 03:29:01 PM -04:00

  • CVE-2018-10321 Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via "Admin Site title" in Settings.
    Published: April 24, 2018; 02:29:00 AM -04:00

  • CVE-2018-10320 Frog CMS 0.9.5 has XSS via the admin/?/layout/edit layout[name] parameter, aka Edit Layout.
    Published: April 23, 2018; 10:29:00 PM -04:00

  • CVE-2018-10319 Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit snippet[name] parameter, aka Edit Snippet.
    Published: April 23, 2018; 10:29:00 PM -04:00

  • CVE-2018-10318 Frog CMS 0.9.5 has XSS via the admin/?/page/edit page[keywords] parameter, aka Edit Page Metadata.
    Published: April 23, 2018; 10:29:00 PM -04:00

  • CVE-2018-10313 WUZHI CMS 4.1.0 allows persistent XSS via the form%5Bqq_10%5D parameter to the /index.php?m=member&f=index&v=profile&set_iframe=1 URI.
    Published: April 23, 2018; 10:29:00 PM -04:00

  • CVE-2017-1786 IBM WebSphere MQ 8.0 through 8.0.0.8 and 9.0 through 9.0.4 under special circumstances could allow an authenticated user to consume all resources due to a memory leak resulting in service loss. IBM X-Force ID: 136975.
    Published: April 23, 2018; 09:29:00 AM -04:00

  • CVE-2017-1764 IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2, under specialized circumstances, could expose plain text credentials to a local user. IBM X-Force ID: 136149.
    Published: April 23, 2018; 09:29:00 AM -04:00

    V3: 7.0 HIGH
    V2: 1.9 LOW

  • CVE-2017-1701 IBM Team Concert (RTC) 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, and 6.0.5 stores credentials for users using a weak encryption algorithm, which could allow an authenticated user to obtain highly sensitive information. IBM X-Force ID: 13439... read CVE-2017-1701
    Published: April 23, 2018; 09:29:00 AM -04:00

  • CVE-2017-1486 IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading t... read CVE-2017-1486
    Published: April 23, 2018; 09:29:00 AM -04:00

  • CVE-2017-1473 IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6 and 9.0.0 through 9.0.3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 128605.
    Published: April 23, 2018; 09:29:00 AM -04:00

  • CVE-2018-10298 Discuz! DiscuzX through X3.4 has reflected XSS via forum.php?mod=post&action=newthread because data/template/1_diy_portal_view.tpl.php does not restrict the content.
    Published: April 22, 2018; 11:29:00 AM -04:00