National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2018-6032 Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted HTML page.
    Published: September 25, 2018; 10:29:00 AM -04:00

  • CVE-2017-14026 In Ice Qube Thermal Management Center versions prior to version 4.13, the web application does not properly authenticate users which may allow an attacker to gain access to sensitive information.
    Published: September 06, 2018; 03:29:00 PM -04:00

  • CVE-2017-16714 In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication.
    Published: September 06, 2018; 03:29:00 PM -04:00

  • CVE-2018-0642 Cross-site scripting vulnerability in FV Flowplayer Video Player 6.1.2 to 6.6.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
    Published: September 07, 2018; 10:29:00 AM -04:00

  • CVE-2018-14771 VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 2 of 2) via eventscript.cgi.
    Published: September 05, 2018; 05:29:00 PM -04:00

    V3: 8.8 HIGH
    V2: 9.0 HIGH

  • CVE-2018-16345 An issue was discovered in EasyCMS 1.5. There is a CSRF vulnerability that can update the admin password via index.php?s=/admin/rbacuser/update/navTabId/listusers/callbackType/closeCurrent.
    Published: September 02, 2018; 02:29:01 PM -04:00

  • CVE-2018-16344 An issue was discovered in zzcms 8.3. It allows remote attackers to delete arbitrary files via directory traversal sequences in the flv parameter. This can be leveraged for database access by deleting install.lock.
    Published: September 02, 2018; 02:29:00 PM -04:00

  • CVE-2018-16375 An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow.
    Published: September 02, 2018; 08:29:01 PM -04:00

  • CVE-2018-16380 An issue was discovered in Ogma CMS 0.4 Beta. There is a CSRF vulnerability in users.php?action=createnew that can add an admin account.
    Published: September 02, 2018; 08:29:01 PM -04:00

  • CVE-2018-0664 A vulnerability in NoMachine App for Android 5.0.63 and earlier allows attackers to alter environment variables via unspecified vectors.
    Published: September 04, 2018; 09:29:04 AM -04:00

  • CVE-2018-6923 In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p2, 11.1-RELEASE-p13, ip fragment reassembly code is vulnerable to a denial of service due to excessive system resource consumption. This issue can allow a remote attacker who is able to send an arbitrary i... read CVE-2018-6923
    Published: September 04, 2018; 02:29:00 PM -04:00

    V3: 7.5 HIGH
    V2: 7.8 HIGH

  • CVE-2018-16144 The test connection functionality in the NetAudit section of Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to command injection due to improper sanitization of the rancid_password parameter.
    Published: September 05, 2018; 05:29:02 PM -04:00

  • CVE-2018-16145 The /etc/init.d/opsview-reporting-module script that runs at boot time in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 invokes a file that can be edited by the nagios user, and would allow attackers to elevate their privileges to root after a... read CVE-2018-16145
    Published: September 05, 2018; 05:29:02 PM -04:00

    V3: 8.1 HIGH
    V2: 9.3 HIGH

  • CVE-2018-16148 The diagnosticsb2ksy parameter of the /rest endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting.
    Published: September 05, 2018; 05:29:03 PM -04:00

  • CVE-2018-16147 The data parameter of the /settings/api/router endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting.
    Published: September 05, 2018; 05:29:02 PM -04:00

  • CVE-2018-16146 The web management console of Opsview Monitor 5.4.x before 5.4.2 provides functionality accessible by an authenticated administrator to test notifications that are triggered under certain configurable events. The value parameter is not properly sanit... read CVE-2018-16146
    Published: September 05, 2018; 05:29:02 PM -04:00

    V3: 7.2 HIGH
    V2: 9.0 HIGH

  • CVE-2018-16549 HScripts PHP File Browser Script v1.0 allows Directory Traversal via the index.php path parameter.
    Published: September 05, 2018; 05:29:03 PM -04:00

  • CVE-2018-17439 An issue was discovered in the HDF HDF5 1.10.3 library. There is a stack-based buffer overflow in the function H5S_extent_get_dims() in H5S.c. Specifically, this issue occurs while converting an HDF5 file to a GIF file.
    Published: September 24, 2018; 10:29:01 AM -04:00

  • CVE-2018-17437 Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.
    Published: September 24, 2018; 10:29:01 AM -04:00

  • CVE-2018-17436 ReadCode() in decompress.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (invalid write access) via a crafted HDF5 file. This issue was triggered while converting a GIF file to an HDF file.
    Published: September 24, 2018; 10:29:00 AM -04:00