National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2019-12298 Leanify 0.4.3 allows remote attackers to trigger an out-of-bounds write (1024 bytes) via a modified input file.
    Published: May 23, 2019; 10:29:07 AM -04:00

  • CVE-2017-11738 In Zoho ManageEngine Application Manager 13.1 Build 13100, the 'haid' parameter of the '/auditLogAction.do' module is vulnerable to a Time-based Blind SQL Injection attack.
    Published: May 23, 2019; 12:29:08 PM -04:00

  • CVE-2017-11740 In Zoho ManageEngine Application Manager 13.1 Build 13100, the administrative user has the ability to upload files/binaries that can be executed upon the occurrence of an alarm. An attacker can abuse this functionality by uploading a malicious script... read CVE-2017-11740
    Published: May 23, 2019; 12:29:08 PM -04:00

  • CVE-2017-11739 In Zoho ManageEngine Application Manager 13.1 Build 13100, an authenticated user, with administrative privileges, has the ability to add a widget on any dashboard. This widget can be a "Utility Widget" with a "Custom HTML or Text" field. Once this wi... read CVE-2017-11739
    Published: May 23, 2019; 12:29:08 PM -04:00

  • CVE-2019-7112 Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code ex... read CVE-2019-7112
    Published: May 23, 2019; 01:29:00 PM -04:00

  • CVE-2017-17060 OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecure Permissions.
    Published: May 23, 2019; 11:29:00 AM -04:00

  • CVE-2017-15029 Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.
    Published: May 23, 2019; 11:29:00 AM -04:00

  • CVE-2018-7803 A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TriStation Emulator V1.2.0, which could cause the emulator to crash when sending a specially crafted packet. The emulator is used infrequently for applica... read CVE-2018-7803
    Published: May 22, 2019; 05:29:00 PM -04:00

  • CVE-2018-7853 A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading invalid physical memory blocks in the controller over Modbus
    Published: May 22, 2019; 05:29:00 PM -04:00

  • CVE-2019-6821 CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon P... read CVE-2019-6821
    Published: May 22, 2019; 04:29:02 PM -04:00

  • CVE-2018-7844 A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading memory blocks from the controller over Modb... read CVE-2018-7844
    Published: May 22, 2019; 05:29:00 PM -04:00

  • CVE-2019-7088 Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code ex... read CVE-2019-7088
    Published: May 23, 2019; 01:29:00 PM -04:00

  • CVE-2019-6513 An issue was discovered in WSO2 API Manager 2.6.0. It is possible for a logged-in user to upload, as API documentation, any type of file by changing the extension to an allowed one.
    Published: May 21, 2019; 06:29:19 PM -04:00

  • CVE-2019-7113 Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code exec... read CVE-2019-7113
    Published: May 23, 2019; 01:29:00 PM -04:00

  • CVE-2019-7125 Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code exec... read CVE-2019-7125
    Published: May 23, 2019; 01:29:00 PM -04:00

    V3: 8.8 HIGH
    V2: 9.3 HIGH

  • CVE-2017-5211 Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing.
    Published: May 23, 2019; 11:29:00 AM -04:00

  • CVE-2017-13668 OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).
    Published: May 23, 2019; 12:29:08 PM -04:00

  • CVE-2017-15030 Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).
    Published: May 23, 2019; 11:29:00 AM -04:00

  • CVE-2017-17061 OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).
    Published: May 23, 2019; 11:29:00 AM -04:00

  • CVE-2017-5210 Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Information Exposure.
    Published: May 23, 2019; 11:29:00 AM -04:00