National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2019-6275 Command injection vulnerability in firmware_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code.
    Published: March 21, 2019; 12:01:07 PM -04:00

  • CVE-2017-18254 An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted file.
    Published: March 26, 2018; 11:29:00 PM -04:00

  • CVE-2019-10026 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec in Function.cc for the psOpRoll case.
    Published: March 24, 2019; 08:29:05 PM -04:00

  • CVE-2019-10025 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nBits.
    Published: March 24, 2019; 08:29:05 PM -04:00

  • CVE-2019-10024 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for y Bresenham parameters.
    Published: March 24, 2019; 08:29:05 PM -04:00

  • CVE-2019-10023 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case.
    Published: March 24, 2019; 08:29:05 PM -04:00

  • CVE-2019-10021 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps.
    Published: March 24, 2019; 08:29:05 PM -04:00

  • CVE-2019-10020 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters.
    Published: March 24, 2019; 08:29:05 PM -04:00

  • CVE-2019-10022 An issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::opSetExtGState in Gfx.cc.
    Published: March 24, 2019; 08:29:05 PM -04:00

  • CVE-2019-6491 RISI Gestao de Horarios v3201.09.08 rev.23 allows SQL Injection.
    Published: March 21, 2019; 12:29:04 PM -04:00

  • CVE-2016-4578 sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_t... read CVE-2016-4578
    Published: May 23, 2016; 06:59:09 AM -04:00

  • CVE-2019-7223 InvoicePlane 1.5 has stored XSS via the index.php/invoices/ajax/save invoice_password parameter, aka the "PDF password" field to the "Create Invoice" option. The XSS payload is rendered at an index.php/invoices/view/## URI. NOTE: this is different fr... read CVE-2019-7223
    Published: March 21, 2019; 12:01:11 PM -04:00

  • CVE-2019-9878 There is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in GfxState.cc in Xpdf 4.0.0, as used in pdfalto 0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftops binary. It allows an... read CVE-2019-9878
    Published: March 21, 2019; 12:01:17 PM -04:00

  • CVE-2019-9877 There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01, which can (for example) be triggered by sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Den... read CVE-2019-9877
    Published: March 21, 2019; 12:01:17 PM -04:00

  • CVE-2015-3965 Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger "unanticipated operations" by leveraging "elevated privileges" for an unspecified call to an incorrectly exposed function.
    Published: March 23, 2019; 04:29:00 PM -04:00

    V3: 8.8 HIGH
    V2: 9.0 HIGH

  • CVE-2019-3484 Mitigates a remote code execution issue in ArcSight Logger versions prior to 6.7.
    Published: March 25, 2019; 01:29:01 PM -04:00

    V3: 7.8 HIGH
    V2: 7.2 HIGH

  • CVE-2019-3483 Mitigates a potential information leakage issue in ArcSight Logger versions prior to 6.7.
    Published: March 25, 2019; 01:29:01 PM -04:00

  • CVE-2019-3482 Mitigates a directory traversal issue in ArcSight Logger versions prior to 6.7.
    Published: March 25, 2019; 01:29:00 PM -04:00

  • CVE-2019-3481 Mitigates a XML External Entity Parsing issue in ArcSight Logger versions prior to 6.7.
    Published: March 25, 2019; 01:29:00 PM -04:00

    V3: 7.1 HIGH
    V2: 7.5 HIGH

  • CVE-2019-3479 Mitigates a potential remote code execution issue in ArcSight Logger versions prior to 6.7.
    Published: March 25, 2019; 01:29:00 PM -04:00