National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2019-1794 A vulnerability in the search path processing of Cisco Directory Connector could allow an authenticated, local attacker to load a binary of their choosing. The vulnerability is due to uncontrolled search path elements. An attacker could exploit this... read CVE-2019-1794
    Published: April 17, 2019; 09:29:02 PM -04:00

  • CVE-2019-1719 A vulnerability in the web-based guest portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability... read CVE-2019-1719
    Published: April 17, 2019; 09:29:01 PM -04:00

  • CVE-2019-6486 Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.
    Published: January 24, 2019; 12:29:00 AM -05:00

  • CVE-2019-10643 Contao 4.7 allows Use of a Key Past its Expiration Date.
    Published: April 17, 2019; 03:29:00 PM -04:00

  • CVE-2019-3462 Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.
    Published: January 28, 2019; 04:29:00 PM -05:00

    V3: 8.1 HIGH
    V2: 9.3 HIGH

  • CVE-2019-1686 A vulnerability in the TCP flags inspection feature for access control lists (ACLs) on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected... read CVE-2019-1686
    Published: April 17, 2019; 06:29:00 PM -04:00

  • CVE-2019-1654 A vulnerability in the development shell (devshell) authentication for Cisco Aironet Series Access Points (APs) running the Cisco AP-COS operating system could allow an authenticated, local attacker to access the development shell without proper auth... read CVE-2019-1654
    Published: April 17, 2019; 06:29:00 PM -04:00

    V3: 7.8 HIGH
    V2: 7.2 HIGH

  • CVE-2019-1710 A vulnerability in the sysadmin virtual machine (VM) on Cisco ASR 9000 Series Aggregation Services Routers running Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to access internal applications running on the sysadmin VM... read CVE-2019-1710
    Published: April 17, 2019; 06:29:00 PM -04:00

  • CVE-2019-1712 A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the PIM process to restart, resulting in a denial of service condition on an affected device. The vu... read CVE-2019-1712
    Published: April 17, 2019; 06:29:00 PM -04:00

  • CVE-2019-6579 A vulnerability has been identified in Spectrum Power? 4 (with Web Office Portal). An attacker with network access to the web server on port 80/TCP or 443/TCP could execute system commands with administrative privileges. The security vulnerability co... read CVE-2019-6579
    Published: April 17, 2019; 10:29:03 AM -04:00

  • CVE-2017-11430 OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allo... read CVE-2017-11430
    Published: April 17, 2019; 10:29:00 AM -04:00

  • CVE-2017-11429 Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the a... read CVE-2017-11429
    Published: April 17, 2019; 10:29:00 AM -04:00

  • CVE-2019-6575 A vulnerability has been identified in SIMATIC CP443-1 OPC UA (All versions), SIMATIC ET 200 Open Controller CPU 1515SP PC2 (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC NET PC Software (All versions), SIMATIC RF188C (All versions),... read CVE-2019-6575
    Published: April 17, 2019; 10:29:03 AM -04:00

    V3: 7.5 HIGH
    V2: 7.8 HIGH

  • CVE-2019-10880 Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request (OS Command Injection vulnerability in the HTTP interface). Depending upon configuration authent... read CVE-2019-10880
    Published: April 12, 2019; 02:29:01 PM -04:00

  • CVE-2019-1711 A vulnerability in the Event Management Service daemon (emsd) of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling o... read CVE-2019-1711
    Published: April 17, 2019; 06:29:00 PM -04:00

  • CVE-2019-9497 The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password... read CVE-2019-9497
    Published: April 17, 2019; 10:29:03 AM -04:00

  • CVE-2019-9498 The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar... read CVE-2019-9498
    Published: April 17, 2019; 10:29:04 AM -04:00

  • CVE-2019-9499 The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication,... read CVE-2019-9499
    Published: April 17, 2019; 10:29:04 AM -04:00

  • CVE-2019-10947 Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitra... read CVE-2019-10947
    Published: April 17, 2019; 11:29:00 AM -04:00

  • CVE-2019-10949 Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple out-of-bounds read vulnerabilities may be exploited, allowing information disclosure due to a lack of user input validation for processing specially crafted... read CVE-2019-10949
    Published: April 17, 2019; 11:29:00 AM -04:00