National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2018-16206 Cross-site scripting vulnerability in WordPress plugin spam-byebye 2.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
    Published: January 12, 2019; 07:29:00 PM -05:00

  • CVE-2018-20682 Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebook_admin_ids parameter (aka "Admin ids" input in the Facebook section).
    Published: January 09, 2019; 06:29:05 PM -05:00

  • CVE-2018-14662 It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.
    Published: January 15, 2019; 04:29:00 PM -05:00

  • CVE-2018-4404 In iOS before 11.4 and macOS High Sierra before 10.13.5, a memory corruption issue exists and was addressed with improved memory handling.
    Published: January 11, 2019; 01:29:03 PM -05:00

    V3: 7.8 HIGH
    V2: 9.3 HIGH

  • CVE-2018-4330 In iOS before 11.4, a memory corruption issue exists and was addressed with improved memory handling.
    Published: January 11, 2019; 01:29:03 PM -05:00

    V3: 7.8 HIGH
    V2: 9.3 HIGH

  • CVE-2018-16182 Untrusted search path vulnerability in the installer of MARKET SPEED Ver.16.4 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
    Published: January 09, 2019; 06:29:03 PM -05:00

  • CVE-2018-19717 Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h... read CVE-2018-19717
    Published: January 18, 2019; 12:29:43 PM -05:00

  • CVE-2018-19709 Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h... read CVE-2018-19709
    Published: January 18, 2019; 12:29:39 PM -05:00

  • CVE-2018-19722 Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
    Published: January 18, 2019; 12:29:45 PM -05:00

  • CVE-2018-16202 Directory traversal vulnerability in cordova-plugin-ionic-webview versions prior to 2.2.0 (not including 2.0.0-beta.0, 2.0.0-beta.1, 2.0.0-beta.2, and 2.1.0-0) allows remote attackers to access arbitrary files via unspecified vectors.
    Published: January 09, 2019; 06:29:04 PM -05:00

  • CVE-2019-6131 svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svg_run_use_symbol, svg_run_element, and svg_run_use, as demonstrated by mutool.
    Published: January 11, 2019; 12:29:01 AM -05:00

  • CVE-2018-18098 Improper file verification in install routine for Intel(R) SGX SDK and Platform Software for Windows before 2.2.100 may allow an escalation of privilege via local access.
    Published: January 10, 2019; 03:29:00 PM -05:00

  • CVE-2019-6502 sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv.
    Published: January 22, 2019; 03:29:00 AM -05:00

  • CVE-2018-18820 A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. If the backend is enabled, then any malicious HTTP client can send a request for that specific resource including a crafted header, leading to denial of s... read CVE-2018-18820
    Published: November 05, 2018; 02:29:00 PM -05:00

  • CVE-2018-14661 It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remot... read CVE-2018-14661
    Published: October 31, 2018; 04:29:00 PM -04:00

  • CVE-2018-17095 An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert.
    Published: September 16, 2018; 05:29:00 PM -04:00

  • CVE-2019-6136 An issue has been found in libIEC61850 v1.3.1. Ethernet_setProtocolFilter in hal/ethernet/linux/ethernet_linux.c has a SEGV, as demonstrated by sv_subscriber_example.c and sv_subscriber.c.
    Published: January 11, 2019; 12:29:00 PM -05:00

  • CVE-2018-20005 An issue has been found in Mini-XML (aka mxml) 2.12. It is a use-after-free in mxmlWalkNext in mxml-search.c, as demonstrated by mxmldoc.
    Published: December 10, 2018; 01:29:00 AM -05:00

  • CVE-2018-18467 An issue was discovered in Daniel Gultsch Conversations 2.3.4. It is possible to spoof a custom message to an existing opened conversation by sending an intent.
    Published: October 23, 2018; 05:30:54 PM -04:00

  • CVE-2018-19716 Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h... read CVE-2018-19716
    Published: January 18, 2019; 12:29:43 PM -05:00