The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.
For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
Legal Disclaimer:
Here is where you can read the NVD legal disclaimer.
-
CVE-2019-11707 - A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox E... read CVE-2019-11707
Published: July 23, 2019; 10:15:15 AM -0400 -
CVE-2019-1132 - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.
Published: July 15, 2019; 3:15:21 PM -0400 -
CVE-2019-1130 - An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1129.
Published: July 15, 2019; 3:15:21 PM -0400 -
CVE-2019-1129 - An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1130.
Published: July 15, 2019; 3:15:20 PM -0400 -
CVE-2019-0880 - A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege Vulnerability'.
Published: July 15, 2019; 3:15:15 PM -0400V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
-
CVE-2019-1064 - An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'.
Published: June 12, 2019; 10:29:04 AM -0400 -
CVE-2019-0903 - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.
Published: May 16, 2019; 3:29:02 PM -0400 -
CVE-2019-0863 - An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.
Published: May 16, 2019; 3:29:00 PM -0400 -
CVE-2015-2419 - JScript 9 in Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "JScript9 Memory Corruption Vulnerability."
Published: July 14, 2015; 5:59:33 PM -0400 -
CVE-2012-0507 - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availabili... read CVE-2012-0507
Published: June 07, 2012; 6:55:17 PM -0400V2.0: 10.0 HIGH
-
CVE-2025-24813 - Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: fro... read CVE-2025-24813
Published: March 10, 2025; 1:15:35 PM -0400V3.1: 9.8 CRITICAL
-
CVE-2025-21333 - Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
Published: January 14, 2025; 1:15:58 PM -0500V3.1: 7.8 HIGH
-
CVE-2024-20439 - A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a static administrative credential. This vulnerability is due to an undocumented static user credent... read CVE-2024-20439
Published: September 04, 2024; 1:15:13 PM -0400V3.1: 9.8 CRITICAL
-
CVE-2023-20198 - Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that... read CVE-2023-20198
Published: October 16, 2023; 12:15:10 PM -0400V3.1: 10.0 CRITICAL
-
CVE-2022-41082 - Microsoft Exchange Server Remote Code Execution Vulnerability
Published: October 02, 2022; 9:15:08 PM -0400V3.1: 8.0 HIGH
-
CVE-2021-44228 - Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An a... read CVE-2021-44228
Published: December 10, 2021; 5:15:09 AM -0500V3.1: 10.0 CRITICAL
V2.0: 9.3 HIGH
-
CVE-2021-30900 - An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.8.1 and iPadOS 14.8.1, iOS 15.1 and iPadOS 15.1. A malicious application may be able to execute arbitrary code with kernel privileges.
Published: August 24, 2021; 3:15:18 PM -0400 -
CVE-2021-31979 - Windows Kernel Elevation of Privilege Vulnerability
Published: July 14, 2021; 2:15:09 PM -0400V2.0: 7.2 HIGH
-
CVE-2019-1253 - An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privi... read CVE-2019-1253
Published: September 11, 2019; 6:15:16 PM -0400 -
CVE-2019-1215 - An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1253, CVE-2019-1278, CVE-2019-1303.
Published: September 11, 2019; 6:15:14 PM -0400