National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2019-12246 — SilverStripe through 4.3.3 allows a Denial of Service on flush and development URL tools.
    Published: February 19, 2020; 12:15:10 PM -05:00

    V3.1: 4.3 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2019-12437 — In SilverStripe through 4.3.3, the previous fix for SS-2018-007 does not completely mitigate the risk of CSRF in GraphQL mutations,
    Published: February 19, 2020; 12:15:11 PM -05:00

    V3.1: 8.8 HIGH
        V2: 6.8 MEDIUM

  • CVE-2012-1932 — A cross-site scripting (XSS) vulnerability in Wolf CMS 0.75 and earlier allows remote attackers to inject arbitrary web script or HTML via the setting[admin_email] parameter to admin/setting.
    Published: February 19, 2020; 10:15:11 AM -05:00

    V3.1: 4.8 MEDIUM
        V2: 3.5 LOW

  • CVE-2020-8981 — A cross-site scripting (XSS) vulnerability was discovered in the Source Integration plugin before 1.6.2 and 2.x before 2.3.1 for MantisBT. The repo_delete.php Delete Repository page allows execution of arbitrary code via a repo name (if CSP settings... read CVE-2020-8981
    Published: February 13, 2020; 12:15:29 PM -05:00

    V3.1: 6.1 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2012-0951 — A Memory Corruption Vulnerability exists in NVIDIA Graphics Drivers 29549 due to an unknown function in the file proc/driver/nvidia/registry.
    Published: February 12, 2020; 12:15:11 PM -05:00

    V3.1: 7.8 HIGH
        V2: 4.6 MEDIUM

  • CVE-2020-9043 — The wpCentral plugin before 1.5.1 for WordPress allows disclosure of the connection key.
    Published: February 17, 2020; 12:15:15 PM -05:00

    V3.1: 8.8 HIGH
        V2: 9.0 HIGH

  • CVE-2020-8611 — In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database... read CVE-2020-8611
    Published: February 14, 2020; 01:15:09 PM -05:00

    V3.1: 8.8 HIGH
        V2: 6.5 MEDIUM

  • CVE-2019-20474 — An issue was discovered in Zoho ManageEngine Remote Access Plus 10.0.447. The service to test the mail-server configuration suffers from an authorization issue allowing a user with the Guest role (read-only access) to use and abuse it. One of the abu... read CVE-2019-20474
    Published: February 17, 2020; 02:15:12 PM -05:00

    V3.1: 4.3 MEDIUM
        V2: 4.0 MEDIUM

  • CVE-2020-6188 — VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated... read CVE-2020-6188
    Published: February 12, 2020; 03:15:14 PM -05:00

    V3.1: 8.8 HIGH
        V2: 6.5 MEDIUM

  • CVE-2019-11215 — In Combodo iTop 2.2.0 through 2.6.0, if the configuration file is writable, then execution of arbitrary code can be accomplished by calling ajax.dataloader with a maliciously crafted payload. Many conditions can place the configuration file into a wr... read CVE-2019-11215
    Published: February 14, 2020; 01:15:09 PM -05:00

    V3.1: 8.1 HIGH
        V2: 6.8 MEDIUM

  • CVE-2020-1811 — GaussDB 200 with version of 6.5.1 have a command injection vulnerability. Due to insufficient input validation, remote attackers with low permissions could exploit this vulnerability by sending crafted commands to the affected device. Successful expl... read CVE-2020-1811
    Published: February 17, 2020; 07:15:11 PM -05:00

    V3.1: 8.8 HIGH
        V2: 6.5 MEDIUM

  • CVE-2020-1853 — GaussDB 200 with version of 6.5.1 have a path traversal vulnerability. Due to insufficient input path validation, an authenticated attacker can traverse directories and download files to a specific directory. Successful exploit may cause information... read CVE-2020-1853
    Published: February 17, 2020; 04:15:13 PM -05:00

    V3.1: 6.5 MEDIUM
        V2: 4.0 MEDIUM

  • CVE-2019-13946 — A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All Versions < V4.5), Development/Evaluation Kits for PR... read CVE-2019-13946
    Published: February 11, 2020; 11:15:15 AM -05:00

    V3.1: 7.5 HIGH
        V2: 7.8 HIGH

  • CVE-2020-8815 — Improper connection handling in the base connection handler in IKTeam BearFTP before v0.3.1 allows a remote attacker to achieve denial of service via a Slowloris approach by sending a large volume of small packets.
    Published: February 12, 2020; 10:15:14 AM -05:00

    V3.1: 7.5 HIGH
        V2: 5.0 MEDIUM

  • CVE-2020-9006 — The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulnerable to SQL injection (in the sgImportPopups function in sg_popup_ajax.php) via PHP Deserialization on attacker-controlled data with the attachmentUrl POST variable. This allows cr... read CVE-2020-9006
    Published: February 17, 2020; 10:15:12 AM -05:00

    V3.1: 9.8 CRITICAL
        V2: 7.5 HIGH

  • CVE-2020-6184 — Under certain conditions, ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), does not sufficiently encode user-controlled inputs, resulting in Reflected Cross-Site Script... read CVE-2020-6184
    Published: February 12, 2020; 03:15:13 PM -05:00

    V3.1: 6.1 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2013-1924 — Commerce Skrill (Formerly Moneybookers) has an Access bypass vulnerability in all versions prior to 7.x-1.2
    Published: February 12, 2020; 11:15:10 AM -05:00

    V3.1: 7.5 HIGH
        V2: 5.0 MEDIUM

  • CVE-2020-6185 — Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), allows an authenticated attacker to store a malicious payload which results in Stored Cross Si... read CVE-2020-6185
    Published: February 12, 2020; 03:15:14 PM -05:00

    V3.1: 5.4 MEDIUM
        V2: 3.5 LOW

  • CVE-2020-6177 — SAP Mobile Platform, version 3.0, does not sufficiently validate an XML document accepted from an untrusted source which could lead to partial denial of service. Since SAP Mobile Platform does not allow External-Entity resolving, there is no issue of... read CVE-2020-6177
    Published: February 12, 2020; 03:15:13 PM -05:00

    V3.1: 4.3 MEDIUM
        V2: 4.0 MEDIUM

  • CVE-2013-3685 — A Privilege Escalation Vulnerability exists in Sprite Software Spritebud 1.3.24 and 1.3.28 and Backup 2.5.4105 and 2.5.4108 on LG Android smartphones due to a race condition in the spritebud daemon, which could let a local malicious user obtain root... read CVE-2013-3685
    Published: February 12, 2020; 11:15:10 AM -05:00

    V3.1: 7.0 HIGH
        V2: 6.9 MEDIUM