National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2017-8530 Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge does not properly enforce same-origin policies, aka "Microsof... read CVE-2017-8530
    Published: June 14, 2017; 09:29:04 PM -04:00

  • CVE-2017-7948 Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via a crafted PostScript document.
    Published: April 19, 2017; 10:59:00 AM -04:00

  • CVE-2018-1000001 In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
    Published: January 31, 2018; 09:29:00 AM -05:00

    V3: 7.8 HIGH
    V2: 7.2 HIGH

  • CVE-2017-8570 Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0243.
    Published: July 11, 2017; 05:29:01 PM -04:00

    V3: 7.8 HIGH
    V2: 9.3 HIGH

  • CVE-2017-9119 The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations on array data struc... read CVE-2017-9119
    Published: May 21, 2017; 03:29:00 PM -04:00

  • CVE-2017-9815 In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libtiff/tif_dirread.c mishandles a malloc operation, which allows attackers to cause a denial of service (memory leak within the function _TIFFmalloc in tif_unix.c) via a crafted file.
    Published: June 22, 2017; 11:29:00 AM -04:00

  • CVE-2017-8460 Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows information disclosure when a user opens a specially crafted PDF file, aka "Windows PDF Information Disclos... read CVE-2017-8460
    Published: June 14, 2017; 09:29:02 PM -04:00

  • CVE-2017-8524 Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an allow an attacker to execute arbitrary code... read CVE-2017-8524
    Published: June 14, 2017; 09:29:04 PM -04:00

    V3: 7.5 HIGH
    V2: 7.6 HIGH

  • CVE-2017-8532 Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Graphics Unisc... read CVE-2017-8532
    Published: June 14, 2017; 09:29:04 PM -04:00

  • CVE-2017-8461 Windows RPC with Routing and Remote Access enabled in Windows XP and Windows Server 2003 allows an attacker to execute code on a targeted RPC server which has Routing and Remote Access enabled via a specially crafted application, aka "Windows RPC Rem... read CVE-2017-8461
    Published: June 15, 2017; 04:29:00 PM -04:00

  • CVE-2017-8462 The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information... read CVE-2017-8462
    Published: June 14, 2017; 09:29:02 PM -04:00

  • CVE-2017-7981 Tuleap before 9.7 allows command injection via the PhpWiki 1.3.10 SyntaxHighlighter plugin. This occurs in the Project Wiki component because the proc_open PHP function is used within PhpWiki before 1.5.5 with a syntax value in its first argument, an... read CVE-2017-7981
    Published: April 29, 2017; 12:59:00 PM -04:00

    V3: 8.8 HIGH
    V2: 9.0 HIGH

  • CVE-2016-4627 IOAcceleratorFamily in Apple iOS before 9.3.3, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors.
    Published: July 21, 2016; 10:59:47 PM -04:00

    V3: 7.8 HIGH
    V2: 7.2 HIGH

  • CVE-2018-12815 Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current... read CVE-2018-12815
    Published: July 20, 2018; 03:29:02 PM -04:00

  • CVE-2018-2927 Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: HTTP data path subsystems). The supported version that is affected is Prior to 8.7.18. Easily exploitable vulnerability allows low p... read CVE-2018-2927
    Published: July 18, 2018; 09:29:01 AM -04:00

  • CVE-2018-2905 Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Core Services). The supported version that is affected is Prior to 8.7.20. Easily exploitable vulnerability allows unauthenticated a... read CVE-2018-2905
    Published: July 18, 2018; 09:29:01 AM -04:00

  • CVE-2018-2923 Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Core Services). The supported version that is affected is Prior to 8.7.20. Easily exploitable vulnerability allows high privileged a... read CVE-2018-2923
    Published: July 18, 2018; 09:29:01 AM -04:00

    V3: 2.3 LOW
    V2: 2.1 LOW

  • CVE-2017-8636 Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the conte... read CVE-2017-8636
    Published: August 08, 2017; 05:29:00 PM -04:00

    V3: 7.5 HIGH
    V2: 7.6 HIGH

  • CVE-2017-8634 Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine... read CVE-2017-8634
    Published: August 08, 2017; 05:29:00 PM -04:00

    V3: 7.5 HIGH
    V2: 7.6 HIGH

  • CVE-2017-8625 Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to bypass Device Guard User Mode Code Integrity (UMCI) policies due to Internet Explorer failing to validate UMCI policies, aka "Internet Explorer Secu... read CVE-2017-8625
    Published: August 08, 2017; 05:29:00 PM -04:00