National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2016-8204 — A Directory Traversal vulnerability in FileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed.
    Published: January 14, 2017; 02:59:00 PM -05:00

    V3.1: 9.8 CRITICAL
        V2: 10.0 HIGH

  • CVE-2014-2651 — Unify OpenStage/OpenScape Desk Phone IP SIP before V3 R3.11.0 has an authentication bypass in the default mode of the Workpoint Interface
    Published: January 09, 2020; 08:15:10 AM -05:00

    V3.1: 9.8 CRITICAL
        V2: 10.0 HIGH

  • CVE-2019-6332 — A potential security vulnerability has been identified with certain HP InkJet printers. The vulnerability could be exploited to allow cross-site scripting (XSS). Affected products and versions include: HP DeskJet 2600 All-in-One Printer series model... read CVE-2019-6332
    Published: January 09, 2020; 02:15:10 PM -05:00

    V3.1: 4.8 MEDIUM
        V2: 3.5 LOW

  • CVE-2020-2567 — Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Security). The supported version that is affected is 18.0. Easily exploitable vulnerability allows high privileged at... read CVE-2020-2567
    Published: January 15, 2020; 12:15:18 PM -05:00

    V3.1: 4.8 MEDIUM
        V2: 4.9 MEDIUM

  • CVE-2020-1765 — An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.... read CVE-2020-1765
    Published: January 10, 2020; 10:15:11 AM -05:00

    V3.1: 5.3 MEDIUM
        V2: 5.0 MEDIUM

  • CVE-2019-11993 — A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVity OmniStack for Lenovo and Sim... read CVE-2019-11993
    Published: January 03, 2020; 01:15:09 PM -05:00

    V3.1: 7.5 HIGH
        V2: 9.4 HIGH

  • CVE-2020-1766 — Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute malicious javascript from a special crafted SVG file rendered as inline jpg file. This issue affects: ((OTRS)) Comm... read CVE-2020-1766
    Published: January 10, 2020; 10:15:12 AM -05:00

    V3.1: 6.1 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2020-2564 — Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: EAI). Supported versions that are affected are 19.10 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to comprom... read CVE-2020-2564
    Published: January 15, 2020; 12:15:17 PM -05:00

    V3.1: 5.3 MEDIUM
        V2: 5.0 MEDIUM

  • CVE-2020-6836 — grammar-parser.jison in the hot-formula-parser package before 3.0.1 for Node.js is vulnerable to arbitrary code injection. The package fails to sanitize values passed to the parse function and concatenates them in an eval call. If a value of the form... read CVE-2020-6836
    Published: January 10, 2020; 08:15:10 PM -05:00

    V3.1: 9.8 CRITICAL
        V2: 7.5 HIGH

  • CVE-2019-18894 — In Avast Premium Security 19.8.2393, attackers can send a specially crafted request to the local web server run by Avast Antivirus on port 27275 to support Bank Mode functionality. A flaw in the processing of a command allows execution of arbitrary O... read CVE-2019-18894
    Published: January 13, 2020; 12:15:11 PM -05:00

    V3.1: 7.8 HIGH
        V2: 9.3 HIGH

  • CVE-2020-0639 — An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'. This CVE ID is un... read CVE-2020-0639
    Published: January 14, 2020; 06:15:32 PM -05:00

    V3.1: 5.5 MEDIUM
        V2: 2.1 LOW

  • CVE-2014-5092 — Status2k allows Remote Command Execution in admin/options/editpl.php.
    Published: January 10, 2020; 09:15:10 AM -05:00

    V3.1: 8.8 HIGH
        V2: 6.5 MEDIUM

  • CVE-2019-14302 — On Ricoh SP C250DN 1.06 devices, a debug port can be used.
    Published: January 10, 2020; 01:15:11 PM -05:00

    V3.1: 6.8 MEDIUM
        V2: 7.2 HIGH

  • CVE-2020-5505 — Freelancy v1.0.0 allows remote command execution via the "file":"data:application/x-php;base64 substring (in conjunction with "type":"application/x-php"} to the /api/files/ URI.
    Published: January 14, 2020; 02:15:13 PM -05:00

    V3.1: 9.8 CRITICAL
        V2: 7.5 HIGH

  • CVE-2014-3753 — AgileBits 1Password through 1.0.9.340 allows security feature bypass
    Published: January 09, 2020; 09:15:11 AM -05:00

    V3.1: 5.5 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2020-6173 — TUF (aka The Update Framework) 0.7.2 through 0.12.1 allows Uncontrolled Resource Consumption.
    Published: January 14, 2020; 02:15:13 PM -05:00

    V3.1: 5.3 MEDIUM
        V2: 5.0 MEDIUM

  • CVE-2011-2933 — An Arbitrary File Upload vulnerability exists in admin/media/upload.php in WebsiteBaker 2.8.1 and earlier due to a failure to restrict uploaded files with .htaccess, .php4, .php5, and .phtl extensions.
    Published: January 14, 2020; 04:15:15 PM -05:00

    V3.1: 7.2 HIGH
        V2: 6.5 MEDIUM

  • CVE-2016-6592 — A vulnerability was found in Symantec Norton Download Manager versions prior to 5.6. A remote user can create a specially crafted DLL file that, when placed on the target user's system, will cause the Norton Download Manager component to load the rem... read CVE-2016-6592
    Published: January 14, 2020; 04:15:16 PM -05:00

    V3.1: 7.8 HIGH
        V2: 4.6 MEDIUM

  • CVE-2019-15961 — A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to... read CVE-2019-15961
    Published: January 15, 2020; 02:15:13 PM -05:00

    V3.1: 6.5 MEDIUM
        V2: 7.1 HIGH

  • CVE-2020-5509 — PHPGurukul Car Rental Project v1.0 allows Remote Code Execution via an executable file in an upload of a new profile image.
    Published: January 14, 2020; 02:15:13 PM -05:00

    V3.1: 7.2 HIGH
        V2: 6.5 MEDIUM