National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2019-15119 lib/install/install.go in cnlh nps through 0.23.2 uses 0777 permissions for /usr/local/bin/nps and/or /usr/bin/nps, leading to a file overwrite by a local user.
    Published: August 16, 2019; 11:15:11 AM -04:00

  • CVE-2019-11522 OX App Suite 7.10.0 to 7.10.2 allows XSS.
    Published: August 20, 2019; 09:15:11 AM -04:00

  • CVE-2019-15109 The the-events-calendar plugin before 4.8.2 for WordPress has XSS via the tribe_paged URL parameter.
    Published: August 21, 2019; 08:15:11 AM -04:00

  • CVE-2019-15291 An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver.
    Published: August 20, 2019; 10:15:11 AM -04:00

  • CVE-2019-15290 An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the ath6kl_usb_alloc_urb_from_pipe function in the drivers/net/wireless/ath/ath6kl/usb.c driver.
    Published: August 20, 2019; 10:15:11 AM -04:00

  • CVE-2017-18577 The mailchimp-for-wp plugin before 4.1.8 for WordPress has XSS via the return value of add_query_arg.
    Published: August 22, 2019; 10:15:12 AM -04:00

  • CVE-2017-18576 The event-notifier plugin before 1.2.1 for WordPress has XSS via the loading animation.
    Published: August 22, 2019; 10:15:11 AM -04:00

  • CVE-2017-18581 The time-sheets plugin before 1.5.0 for WordPress has XSS via the old timesheet list.
    Published: August 22, 2019; 10:15:12 AM -04:00

  • CVE-2016-10924 The ebook-download plugin before 1.2 for WordPress has directory traversal.
    Published: August 22, 2019; 10:15:11 AM -04:00

  • CVE-2016-10923 The woocommerce-store-toolkit plugin before 1.5.8 for WordPress has privilege escalation.
    Published: August 22, 2019; 10:15:11 AM -04:00

  • CVE-2008-7321 The tubepress plugin before 1.6.5 for WordPress has XSS.
    Published: August 22, 2019; 10:15:11 AM -04:00

  • CVE-2017-18580 The shortcodes-ultimate plugin before 5.0.1 for WordPress has remote code execution via a filter in a meta, post, or user shortcode.
    Published: August 22, 2019; 10:15:12 AM -04:00

  • CVE-2017-18564 The sender plugin before 1.2.1 for WordPress has multiple XSS issues.
    Published: August 21, 2019; 02:15:11 PM -04:00

  • CVE-2017-18563 The rsvp plugin before 2.3.8 for WordPress has persistent XSS via the note field on the attendee-list screen.
    Published: August 21, 2019; 02:15:11 PM -04:00

  • CVE-2015-9327 The flickr-justified-gallery plugin before 3.4.0 for WordPress has XSS.
    Published: August 21, 2019; 02:15:10 PM -04:00

  • CVE-2019-4482 IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disc... read CVE-2019-4482
    Published: August 20, 2019; 04:15:14 PM -04:00

  • CVE-2019-4437 IBM API Connect 2018.1 through 2018.4.1.6 may inadvertently leak sensitive details about internal servers and network via API swagger. IBM X-force ID: 162947.
    Published: August 20, 2019; 04:15:13 PM -04:00

  • CVE-2019-4338 IBM Security Guardium Big Data Intelligence 4.0 (SonarG) does not properly restrict the size or amount of resources that are requested or influenced by an actor. This weakness can be used to consume more resources than intended. IBM X-Force ID: 16141... read CVE-2019-4338
    Published: August 20, 2019; 04:15:13 PM -04:00

  • CVE-2019-4420 IBM Intelligent Operations Center V5.1.0 through V5.2.0 could disclose detailed error messages, revealing sensitive information that could aid in further attacks against the system. IBM X-Force ID: 162738.
    Published: August 20, 2019; 03:15:12 PM -04:00

  • CVE-2019-4167 IBM StoredIQ 7.6.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158700.
    Published: August 20, 2019; 04:15:13 PM -04:00