National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2019-7953 Adobe Experience Manager version 6.4 and ealier have a Cross-Site Request Forgery vulnerability. Successful exploitation could lead to Sensitive Information disclosure in the context of the current user.
    Published: July 18, 2019; 06:15:12 PM -04:00

  • CVE-2019-7941 Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Information Exposure Through an Error Message vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.
    Published: July 18, 2019; 06:15:12 PM -04:00

  • CVE-2019-7850 Adobe Campaign Classic version 18.10.5-8984 and earlier versions have a Command injection vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.
    Published: July 18, 2019; 06:15:12 PM -04:00

  • CVE-2019-7848 Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Inadequate access control vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.
    Published: July 18, 2019; 06:15:12 PM -04:00

  • CVE-2019-7955 Adobe Experience Manager version 6.4 and ealier have a Reflected Cross-site Scripting vulnerability. Successful exploitation could lead to Sensitive Information disclosure in the context of the current user.
    Published: July 18, 2019; 06:15:12 PM -04:00

  • CVE-2019-7956 Adobe Dreamweaver direct download installer versions 19.0 and below, 18.0 and below have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Privilege Escalation in the context of the current user.
    Published: July 18, 2019; 06:15:12 PM -04:00

  • CVE-2019-12913 Redbrick Shift through 3.4.3 allows an attacker to extract emails of services (such as Gmail, Outlook, etc.) used in the application.
    Published: July 17, 2019; 05:15:11 PM -04:00

  • CVE-2019-12912 Redbrick Shift through 3.4.3 allows an attacker to extract emails of services (such as Gmail, Outlook, etc.) used in the application.
    Published: July 17, 2019; 05:15:11 PM -04:00

  • CVE-2019-1010069 moinejf abcm2ps 8.13.20 is affected by: Incorrect Access Control. The impact is: Allows attackers to cause a denial of service attack via a crafted file. The component is: front.c, function txt_add. The fixed version is: after commit commit 08aef5976... read CVE-2019-1010069
    Published: July 18, 2019; 10:15:11 AM -04:00

  • CVE-2019-1010261 Gitea 1.7.0 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Attacker is able to have victim execute arbitrary JS in browser. The component is: go-get URL generation - PR to fix: https://github.com/go-gitea/gitea/pull/5905. The... read CVE-2019-1010261
    Published: July 18, 2019; 01:15:11 PM -04:00

  • CVE-2019-1010290 Babel: Multilingual site Babel All is affected by: Open Redirection. The impact is: Redirection to any URL, which is supplied to redirect.php in a "newurl" parameter. The component is: redirect.php. The attack vector is: The victim must open a link c... read CVE-2019-1010290
    Published: July 16, 2019; 10:15:11 AM -04:00

  • CVE-2019-1010262 scapy 2.4.0 and earlier is affected by: Denial of Services. The impact is: busy loop forever. The component is: _RADIUSAttrPacketListField class. The attack vector is: a packet sent over the network or in a pcap. The fixed version is: after commit 0d... read CVE-2019-1010262
    Published: July 18, 2019; 01:15:11 PM -04:00

  • CVE-2019-1010259 SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. The impact is: An attacker could escalate privileges on MySQL server deployed by cloud provider. It leads to RCE. The component is: The mysql.user_chpass function from the MySQL module for... read CVE-2019-1010259
    Published: July 18, 2019; 01:15:11 PM -04:00

  • CVE-2019-13959 In Bento4 1.5.1-627, AP4_DataBuffer::SetDataSize does not handle reallocation failures, leading to a memory copy into a NULL pointer. This is different from CVE-2018-20186.
    Published: July 18, 2019; 03:15:11 PM -04:00

  • CVE-2019-13961 A CSRF vulnerability was found in flatCore before 1.5, leading to the upload of arbitrary .php files via acp/core/files.upload-script.php.
    Published: July 18, 2019; 04:15:12 PM -04:00

  • CVE-2019-1575 Information disclosure in PAN-OS 7.1.23 and earlier, PAN-OS 8.0.18 and earlier, PAN-OS 8.1.8-h4 and earlier, and PAN-OS 9.0.2 and earlier may allow for an authenticated user with read-only privileges to extract the API key of the device and/or the us... read CVE-2019-1575
    Published: July 16, 2019; 10:15:12 AM -04:00

  • CVE-2019-13977 index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&idx=create&userid=0&bgrp=y, tg=delegat, tg=site&idx=create, tg=site&item=4, tg=admdir&idx=mdb&id=1, tg=notes&idx=Create, tg=admfaqs&idx=Add, or tg=adm... read CVE-2019-13977
    Published: July 19, 2019; 03:15:11 AM -04:00

  • CVE-2019-13978 Ovidentia 8.4.3 has SQL Injection via the id parameter in an index.php?tg=delegat&idx=mem request.
    Published: July 19, 2019; 03:15:11 AM -04:00

  • CVE-2019-13624 In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within strings that can be used in a shell command.
    Published: July 16, 2019; 11:15:10 PM -04:00

  • CVE-2019-13969 Metinfo 6.x allows SQL Injection via the id parameter in an admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1 request.
    Published: July 19, 2019; 02:15:10 AM -04:00