National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2019-1311 — A remote code execution vulnerability exists when the Windows Imaging API improperly handles objects in memory, aka 'Windows Imaging API Remote Code Execution Vulnerability'.
    Published: October 10, 2019; 10:15:15 AM -04:00

    V3.1: 7.8 HIGH
        V2: 9.3 HIGH

  • CVE-2019-1320 — An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1322, CVE-2019-1340.
    Published: October 10, 2019; 10:15:16 AM -04:00

    V3.1: 7.8 HIGH
        V2: 4.6 MEDIUM

  • CVE-2019-17429 — Adhouma CMS through 2019-10-09 has SQL Injection via the post.php p_id parameter.
    Published: October 10, 2019; 08:10:23 AM -04:00

    V3.1: 9.8 CRITICAL
        V2: 7.5 HIGH

  • CVE-2019-1070 — A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.
    Published: October 10, 2019; 10:15:15 AM -04:00

    V3.1: 5.4 MEDIUM
        V2: 3.5 LOW

  • CVE-2019-0608 — A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1357.
    Published: October 10, 2019; 10:15:14 AM -04:00

    V3.1: 4.3 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2019-1357 — A spoofing vulnerability exists when Microsoft Browsers improperly handle browser cookies, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0608.
    Published: October 10, 2019; 10:15:17 AM -04:00

    V3.1: 4.3 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2019-1315 — An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1339, CVE-2019-1342.
    Published: October 10, 2019; 10:15:15 AM -04:00

    V3.1: 7.8 HIGH
        V2: 7.2 HIGH

  • CVE-2019-1316 — An elevation of privilege vulnerability exists in Microsoft Windows Setup when it does not properly handle privileges, aka 'Microsoft Windows Setup Elevation of Privilege Vulnerability'.
    Published: October 10, 2019; 10:15:15 AM -04:00

    V3.1: 7.8 HIGH
        V2: 7.2 HIGH

  • CVE-2019-1318 — A spoofing vulnerability exists when Transport Layer Security (TLS) accesses non- Extended Master Secret (EMS) sessions, aka 'Microsoft Windows Transport Layer Security Spoofing Vulnerability'.
    Published: October 10, 2019; 10:15:15 AM -04:00

    V3.1: 5.9 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2019-1060 — A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'.
    Published: October 10, 2019; 10:15:14 AM -04:00

    V3.1: 8.8 HIGH
        V2: 9.3 HIGH

  • CVE-2019-17431 — An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/index.php/admin/auth/admin/add CSRF vulnerability.
    Published: October 10, 2019; 08:15:09 AM -04:00

    V3.1: 8.8 HIGH
        V2: 6.8 MEDIUM

  • CVE-2019-17128 — Netreo OmniCenter through 12.1.1 allows unauthenticated SQL Injection (Boolean Based Blind) in the redirect parameters and parameter name of the login page through a GET request. The injection allows an attacker to read sensitive information from the... read CVE-2019-17128
    Published: October 09, 2019; 12:15:15 PM -04:00

    V3.1: 7.5 HIGH
        V2: 5.0 MEDIUM

  • CVE-2019-1319 — An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.
    Published: October 10, 2019; 10:15:15 AM -04:00

    V3.1: 7.8 HIGH
        V2: 7.2 HIGH

  • CVE-2019-1331 — A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1327.
    Published: October 10, 2019; 10:15:16 AM -04:00

    V3.1: 8.8 HIGH
        V2: 9.3 HIGH

  • CVE-2019-1238 — A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1239.
    Published: October 10, 2019; 10:15:15 AM -04:00

    V3.1: 6.4 MEDIUM
        V2: 7.1 HIGH

  • CVE-2019-1239 — A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1238.
    Published: October 10, 2019; 10:15:15 AM -04:00

    V3.1: 7.5 HIGH
        V2: 7.6 HIGH

  • CVE-2019-12707 — A vulnerability in the web-based interface of multiple Cisco Unified Communications products could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected soft... read CVE-2019-12707
    Published: October 02, 2019; 03:15:14 PM -04:00

    V3.1: 6.1 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2019-1333 — A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'.
    Published: October 10, 2019; 10:15:16 AM -04:00

    V3.1: 8.8 HIGH
        V2: 9.3 HIGH

  • CVE-2019-17452 — Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorListInspector::Action in Core/Ap4Descriptor.h, related to AP4_IodsAtom::InspectFields in Core/Ap4IodsAtom.cpp, as demonstrated by mp4dump.
    Published: October 10, 2019; 01:15:17 PM -04:00

    V3.1: 6.5 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2019-17070 — The liquid-speech-balloon (aka LIQUID SPEECH BALLOON) plugin 1.0.5 for WordPress allows XSS with Internet Explorer.
    Published: October 10, 2019; 08:10:19 AM -04:00

    V3.1: 6.1 MEDIUM
        V2: 4.3 MEDIUM