National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2010-5245 Untrusted search path vulnerability in PDF-XChange Viewer 2.0 Build 54.0 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .pdf file. NOTE: som... read CVE-2010-5245
    Published: September 07, 2012; 06:32:21 AM -04:00

  • CVE-2018-15861 Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom f... read CVE-2018-15861
    Published: August 25, 2018; 05:29:02 PM -04:00

  • CVE-2018-15862 Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers.
    Published: August 25, 2018; 05:29:02 PM -04:00

  • CVE-2018-15863 Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask e... read CVE-2018-15863
    Published: August 25, 2018; 05:29:02 PM -04:00

  • CVE-2018-15864 Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt ca... read CVE-2018-15864
    Published: August 25, 2018; 05:29:02 PM -04:00

  • CVE-2018-15858 Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap in xkbcomp/keycodes.c in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keym... read CVE-2018-15858
    Published: August 25, 2018; 05:29:02 PM -04:00

  • CVE-2018-15859 Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, becaus... read CVE-2018-15859
    Published: August 25, 2018; 05:29:02 PM -04:00

  • CVE-2018-3184 Vulnerability in the Hyperion BI+ component of Oracle Hyperion (subcomponent: IQR - Foundation Services). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTT... read CVE-2018-3184
    Published: October 16, 2018; 09:31:20 PM -04:00

    V3: 2.4 LOW
    V2: 3.5 LOW

  • CVE-2018-3208 Vulnerability in the Hyperion Data Relationship Management component of Oracle Hyperion (subcomponent: Access and Security). The supported version that is affected is 11.1.2.4.345. Easily exploitable vulnerability allows low privileged attacker with... read CVE-2018-3208
    Published: October 16, 2018; 09:31:22 PM -04:00

  • CVE-2018-3204 Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytics Server). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated... read CVE-2018-3204
    Published: October 16, 2018; 09:31:22 PM -04:00

  • CVE-2018-3181 Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: OHC ENOAD). The supported version that is affected is 8.0. Easily exploitable vulnerability allows low pri... read CVE-2018-3181
    Published: October 16, 2018; 09:31:20 PM -04:00

  • CVE-2018-3196 Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: Partner Dashboard). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vuln... read CVE-2018-3196
    Published: October 16, 2018; 09:31:21 PM -04:00

  • CVE-2018-3188 Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Web interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows... read CVE-2018-3188
    Published: October 16, 2018; 09:31:21 PM -04:00

  • CVE-2014-0085 JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local users. Note: this description has been updated; previous text mistakenly identified the so... read CVE-2014-0085
    Published: April 17, 2014; 10:55:06 AM -04:00

    V2: 2.1 LOW

  • CVE-2017-8316 IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml.
    Published: August 03, 2018; 11:29:00 AM -04:00

    V3: 7.5 HIGH
    V2: 7.8 HIGH

  • CVE-2018-3246 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker wit... read CVE-2018-3246
    Published: October 16, 2018; 09:31:26 PM -04:00

  • CVE-2018-3245 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated a... read CVE-2018-3245
    Published: October 16, 2018; 09:31:26 PM -04:00

  • CVE-2018-3201 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). The supported version that is affected is 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network a... read CVE-2018-3201
    Published: October 16, 2018; 09:31:22 PM -04:00

  • CVE-2018-3197 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). The supported version that is affected is 12.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network a... read CVE-2018-3197
    Published: October 16, 2018; 09:31:22 PM -04:00

  • CVE-2018-3191 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated a... read CVE-2018-3191
    Published: October 16, 2018; 09:31:21 PM -04:00