National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2019-12964 LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the ticket.php Subject.
    Published: June 25, 2019; 09:15:09 AM -04:00

  • CVE-2019-12962 LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header.
    Published: June 25, 2019; 09:15:09 AM -04:00

  • CVE-2015-3904 Multiple cross-site scripting (XSS) vulnerabilities in roomcloud.php in the Roomcloud plugin before 1.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) pin, (2) start_day, (3) start_month, (4) start_year, (5) e... read CVE-2015-3904
    Published: May 29, 2015; 10:59:00 AM -04:00

  • CVE-2019-12963 LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the chat.php Create Ticket Action.
    Published: June 25, 2019; 09:15:09 AM -04:00

  • CVE-2019-12960 LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in functions.internal.build.inc.php via the parameter p_dt_s_d.
    Published: June 25, 2019; 09:15:09 AM -04:00

  • CVE-2015-5460 Cross-site scripting (XSS) vulnerability in app/views/events/_menu.html.erb in Snorby 2.6.2 allows remote attackers to inject arbitrary web script or HTML via the title (cls.name variable) when creating a classification.
    Published: July 08, 2015; 12:59:03 PM -04:00

  • CVE-2019-12961 LiveZilla Server before 8.0.1.1 is vulnerable to CSV Injection in the Export Function.
    Published: June 25, 2019; 09:15:09 AM -04:00

  • CVE-2018-20843 In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).
    Published: June 24, 2019; 01:15:09 PM -04:00

    V3: 7.5 HIGH
    V2: 7.8 HIGH

  • CVE-2018-16118 A shell escape vulnerability in /webconsole/APIController in the API Configuration component of Sophos XG firewall 17.0.8 MR-8 allows remote attackers to execute arbitrary OS commands via shell metachracters in the "X-Forwarded-for" HTTP header.
    Published: June 20, 2019; 01:15:10 PM -04:00

    V3: 8.1 HIGH
    V2: 9.3 HIGH

  • CVE-2019-1899 A vulnerability in the web interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to acquire the list of devices that are connected to the guest network. The vulnerability is due to improper authorizatio... read CVE-2019-1899
    Published: June 19, 2019; 11:15:12 PM -04:00

  • CVE-2019-10271 An issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It allows unauthorized profile and cover picture modification. It is possible to modify the profile and cover picture of any user once one is connected. One can also modify the... read CVE-2019-10271
    Published: June 24, 2019; 03:15:10 PM -04:00

  • CVE-2019-1898 A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device. The vulnerability is due to improper authorization of a... read CVE-2019-1898
    Published: June 19, 2019; 11:15:12 PM -04:00

  • CVE-2019-1897 A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to disconnect clients that are connected to the guest network on an affected router. The vulnerability i... read CVE-2019-1897
    Published: June 19, 2019; 11:15:12 PM -04:00

  • CVE-2016-2203 The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges.
    Published: April 22, 2016; 02:59:05 PM -04:00

    V3: 7.8 HIGH
    V2: 2.1 LOW

  • CVE-2018-15892 FreePBX 13 and 14 has SQL Injection in the DISA module via the hangup variable on the /admin/config.php?display=disa&view=form page.
    Published: June 20, 2019; 01:15:09 PM -04:00

  • CVE-2019-3737 Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected by an LFI vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially crafted request to the Web Interface application.
    Published: June 19, 2019; 07:15:10 PM -04:00

  • CVE-2019-1624 A vulnerability in the vManage web-based UI (Web UI) in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input valida... read CVE-2019-1624
    Published: June 19, 2019; 11:15:11 PM -04:00

    V3: 8.8 HIGH
    V2: 9.0 HIGH

  • CVE-2017-15694 When an Apache Geode server versions 1.0.0 to 1.8.0 is operating in secure mode, a user with write permissions for specific data regions can modify internal cluster metadata. A malicious user could modify this data in a way that affects the operation... read CVE-2017-15694
    Published: June 21, 2019; 12:15:09 PM -04:00

  • CVE-2018-16117 A shell escape vulnerability in /webconsole/Controller in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary OS commands via shell metacharacters in the "dbName" POST parameter.
    Published: June 20, 2019; 01:15:10 PM -04:00

    V3: 8.8 HIGH
    V2: 9.0 HIGH

  • CVE-2019-11648 An information leakage exists in Micro Focus NetIQ Self Service Password Reset Software all versions prior to version 4.4. The vulnerability could be exploited to expose sensitive information.
    Published: June 24, 2019; 12:15:14 PM -04:00