National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2008-7320 ** DISPUTED ** GNOME Seahorse through 3.30 allows physically proximate attackers to read plaintext passwords by using the quickAllow dialog at an unattended workstation, if the keyring is unlocked. NOTE: this is disputed by a software maintainer beca... read CVE-2008-7320
    Published: November 18, 2018; 02:29:00 PM -05:00

  • CVE-2018-9539 In the ClearKey CAS descrambler, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: An... read CVE-2018-9539
    Published: November 14, 2018; 01:29:00 PM -05:00

  • CVE-2018-19353 The ansilove_ansi function in loaders/ansi.c in libansilove 1.0.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.
    Published: November 18, 2018; 12:29:00 PM -05:00

  • CVE-2018-19352 Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely.
    Published: November 18, 2018; 12:29:00 PM -05:00

  • CVE-2018-9540 In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is... read CVE-2018-9540
    Published: November 14, 2018; 01:29:00 PM -05:00

  • CVE-2018-19351 Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In... read CVE-2018-19351
    Published: November 18, 2018; 12:29:00 PM -05:00

  • CVE-2018-19349 In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php topic parameter because of mishandling in include/mkhtml.func.php.
    Published: November 17, 2018; 05:29:00 PM -05:00

  • CVE-2018-19350 In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element.
    Published: November 17, 2018; 05:29:00 PM -05:00

  • CVE-2018-9542 In avrc_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for expl... read CVE-2018-9542
    Published: November 14, 2018; 01:29:01 PM -05:00

  • CVE-2018-9543 In trim_device of f2fs_format_utils.c, it is possible that the data partition is not wiped during a factory reset. This could lead to local information disclosure after factory reset with no additional execution privileges needed. User interaction is... read CVE-2018-9543
    Published: November 14, 2018; 01:29:01 PM -05:00

  • CVE-2018-9544 In register_app of btif_hd.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not need... read CVE-2018-9544
    Published: November 14, 2018; 01:29:01 PM -05:00

  • CVE-2018-19329 GreenCMS v2.3.0603 allows remote authenticated administrators to delete arbitrary files by modifying a base64-encoded pathname in an m=admin&c=media&a=delfilehandle&id= call, related to the m=admin&c=media&a=restorefile delete but... read CVE-2018-19329
    Published: November 17, 2018; 10:29:00 AM -05:00

  • CVE-2018-9545 In BTA_HdRegisterApp of bta_hd_api.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitat... read CVE-2018-9545
    Published: November 14, 2018; 01:29:01 PM -05:00

  • CVE-2018-19312 Centreon 3.4.x allows SQL Injection via the searchVM parameter to the main.php?p=20408 URI.
    Published: November 16, 2018; 02:29:00 PM -05:00

  • CVE-2018-19311 Centreon 3.4.x allows XSS via the Service field to the main.php?p=20201 URI, as demonstrated by the "Monitoring > Status Details > Services" screen.
    Published: November 16, 2018; 02:29:00 PM -05:00

  • CVE-2018-19187 The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via an arbitrary parameter name or value that is mishandled in a success.php echo statement.
    Published: November 14, 2018; 04:29:00 AM -05:00

  • CVE-2018-19499 Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Execution because authenticated administrators have a reachable call to unserialize in the Gdn_Format class.
    Published: November 23, 2018; 02:29:00 PM -05:00

  • CVE-2018-19280 Centreon 3.4.x has XSS via the resource name or macro expression of a poller macro.
    Published: November 14, 2018; 03:29:01 PM -05:00

  • CVE-2018-0700 YukiWiki 2.1.3 and earlier does not process a particular request properly that may allow consumption of large amounts of CPU and memory resources and may result in causing a denial of service condition.
    Published: November 15, 2018; 10:29:01 AM -05:00

    V3: 7.5 HIGH
    V2: 7.8 HIGH

  • CVE-2018-0697 Cross-site scripting vulnerability in Metabase version 0.29.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
    Published: November 15, 2018; 10:29:01 AM -05:00