National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2014-1818 GDI+ in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP1 and SP2, Live Meeting 2007... read CVE-2014-1818
    Published: June 11, 2014; 12:56:18 AM -04:00

    V2: 9.3 HIGH

  • CVE-2016-0006 The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles reparse points, wh... read CVE-2016-0006
    Published: January 13, 2016; 12:59:04 AM -05:00

  • CVE-2016-0007 The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles reparse points, wh... read CVE-2016-0007
    Published: January 13, 2016; 12:59:05 AM -05:00

  • CVE-2015-6104 The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows remote attackers t... read CVE-2015-6104
    Published: November 11, 2015; 07:59:42 AM -05:00

    V2: 9.3 HIGH

  • CVE-2019-0951 A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0949,... read CVE-2019-0951
    Published: May 16, 2019; 03:29:04 PM -04:00

  • CVE-2019-1818 A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that sho... read CVE-2019-1818
    Published: May 15, 2019; 09:29:00 PM -04:00

  • CVE-2015-6103 The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows remote attackers t... read CVE-2015-6103
    Published: November 11, 2015; 07:59:41 AM -05:00

    V2: 9.3 HIGH

  • CVE-2016-0015 DirectShow in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file,... read CVE-2016-0015
    Published: January 13, 2016; 12:59:12 AM -05:00

    V3: 7.8 HIGH
    V2: 9.3 HIGH

  • CVE-2019-0882 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0758, CVE-2019-0961.
    Published: May 16, 2019; 03:29:01 PM -04:00

  • CVE-2019-0881 An elevation of privilege vulnerability exists when the Windows Kernel improperly handles key enumeration, aka 'Windows Kernel Elevation of Privilege Vulnerability'.
    Published: May 16, 2019; 03:29:01 PM -04:00

    V3: 7.8 HIGH
    V2: 7.2 HIGH

  • CVE-2019-9618 The GraceMedia Media Player plugin 1.0 for WordPress allows Local File Inclusion via the "cfg" parameter.
    Published: May 13, 2019; 06:29:01 PM -04:00

  • CVE-2019-0918 A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0884, CVE-2019-0911.
    Published: May 16, 2019; 03:29:02 PM -04:00

    V3: 7.5 HIGH
    V2: 7.6 HIGH

  • CVE-2019-5932 Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows remote authenticated attackers to inject arbitrary web script or HTML via the application 'Portal'.
    Published: May 17, 2019; 12:29:03 PM -04:00

  • CVE-2019-5940 Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Scheduler'.
    Published: May 17, 2019; 12:29:04 PM -04:00

  • CVE-2019-5938 Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Mail'.
    Published: May 17, 2019; 12:29:04 PM -04:00

  • CVE-2019-5939 Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Portal'.
    Published: May 17, 2019; 12:29:04 PM -04:00

  • CVE-2019-5937 Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the user information.
    Published: May 17, 2019; 12:29:04 PM -04:00

  • CVE-2019-5947 Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the application 'Cabinet'.
    Published: May 17, 2019; 12:29:05 PM -04:00

  • CVE-2019-0945 A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from... read CVE-2019-0945
    Published: May 16, 2019; 03:29:03 PM -04:00

    V3: 7.8 HIGH
    V2: 9.3 HIGH

  • CVE-2019-0946 A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from... read CVE-2019-0946
    Published: May 16, 2019; 03:29:04 PM -04:00

    V3: 7.8 HIGH
    V2: 9.3 HIGH