National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2018-18887 S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type parameter (aka the $N_type field).
    Published: October 31, 2018; 09:29:00 PM -04:00

  • CVE-2018-18733 An XSS issue was discovered in Catfish CMS 4.8.30, related to "write source code," a similar issue to CVE-2018-13999.
    Published: October 29, 2018; 08:29:08 AM -04:00

  • CVE-2018-18736 An XSS issue was discovered in catfish blog 2.0.33, related to "write source code."
    Published: October 29, 2018; 08:29:08 AM -04:00

  • CVE-2018-19051 MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword abt_type parameter.
    Published: November 06, 2018; 11:29:00 PM -05:00

  • CVE-2018-11824 A stack-based buffer overflow can occur in a firmware routine in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850, SDA660
    Published: October 26, 2018; 09:29:01 AM -04:00

    V3: 7.8 HIGH
    V2: 7.2 HIGH

  • CVE-2018-19060 An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.
    Published: November 07, 2018; 11:29:01 AM -05:00

  • CVE-2018-19059 An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.
    Published: November 07, 2018; 11:29:00 AM -05:00

  • CVE-2018-19058 An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.
    Published: November 07, 2018; 11:29:00 AM -05:00

  • CVE-2018-19050 MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword langset parameter.
    Published: November 06, 2018; 11:29:00 PM -05:00

  • CVE-2018-19835 Metinfo 6.1.3 has reflected XSS via the admin/column/move.php lang_columnerr4 parameter.
    Published: December 03, 2018; 02:29:00 PM -05:00

  • CVE-2015-5159 python-kdcproxy before 0.3.2 allows remote attackers to cause a denial of service via a large POST request.
    Published: October 30, 2018; 02:29:00 PM -04:00

  • CVE-2018-18897 An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.
    Published: November 02, 2018; 03:29:00 AM -04:00

  • CVE-2017-18297 Double memory free while closing TEE SE API Session management in Snapdragon Mobile in version SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820.
    Published: October 23, 2018; 09:29:01 AM -04:00

    V3: 7.8 HIGH
    V2: 7.2 HIGH

  • CVE-2017-18277 When dynamic memory allocation fails, currently the process sleeps for one second and continues with infinite loop without retrying for memory allocation in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM964... read CVE-2017-18277
    Published: October 23, 2018; 09:29:00 AM -04:00

  • CVE-2017-18305 XBL sec mem dump system call allows complete control of EL3 by unlocking all XPUs if enable fuse is not blown in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835.
    Published: October 23, 2018; 09:29:02 AM -04:00

  • CVE-2018-11951 Improper access control in core module lead XBL_LOADER performs the ZI region clear for QTEE instead of XBL_SEC in Snapdragon Mobile in version SD 845, SD 850.
    Published: October 26, 2018; 09:29:01 AM -04:00

  • CVE-2018-11854 Lack of check of valid length of input parameter may cause buffer overwrite in WLAN in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660
    Published: October 26, 2018; 09:29:01 AM -04:00

    V3: 7.8 HIGH
    V2: 7.2 HIGH

  • CVE-2018-11950 Unapproved TrustZone applications can be loaded and executed in Snapdragon Mobile in version SD 845, SD 850
    Published: October 26, 2018; 09:29:01 AM -04:00

    V3: 7.8 HIGH
    V2: 7.2 HIGH

  • CVE-2017-18312 While accessing SafeSwitch services, third party can manipulate a given device and perform unauthorized operation due to lack of checking of same state transitions in Snapdragon Automobile, Snapdragon Mobile in version MSM8996AU, SD 410/12, SD 617, S... read CVE-2017-18312
    Published: October 23, 2018; 09:29:02 AM -04:00

    V3: 7.8 HIGH
    V2: 7.2 HIGH

  • CVE-2018-1851 IBM WebSphere Application Server Liberty OpenID Connect could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization. By sending a specially-crafted request to the RP service, an attacker could exploit thi... read CVE-2018-1851
    Published: October 31, 2018; 09:29:00 AM -04:00