National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2019-19648 — In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or... read CVE-2019-19648
    Published: December 08, 2019; 08:15:10 PM -05:00

    V3.1: 7.8 HIGH
        V2: 6.8 MEDIUM

  • CVE-2015-1855 — verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multi... read CVE-2015-1855
    Published: November 29, 2019; 04:15:10 PM -05:00

    V3.1: 5.9 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2013-4184 — Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks
    Published: December 10, 2019; 10:15:11 AM -05:00

    V3.1: 5.5 MEDIUM
        V2: 3.6 LOW

  • CVE-2012-1577 — lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0.
    Published: December 10, 2019; 02:15:14 PM -05:00

    V3.1: 9.8 CRITICAL
        V2: 7.5 HIGH

  • CVE-2019-18308 — A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and a low privileged user account could gain root privileges by manipulating specific files in the local file... read CVE-2019-18308
    Published: December 12, 2019; 02:15:17 PM -05:00

    V3.1: 7.8 HIGH
        V2: 7.2 HIGH

  • CVE-2019-18309 — A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and a low privileged user account could gain root privileges by manipulating specific files in the local file... read CVE-2019-18309
    Published: December 12, 2019; 02:15:17 PM -05:00

    V3.1: 7.8 HIGH
        V2: 7.2 HIGH

  • CVE-2019-18310 — A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 7061/tcp. This... read CVE-2019-18310
    Published: December 12, 2019; 02:15:17 PM -05:00

    V3.1: 7.5 HIGH
        V2: 5.0 MEDIUM

  • CVE-2019-10013 — The asn1_signature function in asn1.c in Cameron Hamilton-Rich axTLS through 2.1.5 has a Buffer Overflow that allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted certificate in the TLS certificate handshake... read CVE-2019-10013
    Published: December 03, 2019; 03:15:10 PM -05:00

    V3.1: 7.5 HIGH
        V2: 7.8 HIGH

  • CVE-2019-18311 — A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 7061/tcp. This... read CVE-2019-18311
    Published: December 12, 2019; 02:15:17 PM -05:00

    V3.1: 7.5 HIGH
        V2: 5.0 MEDIUM

  • CVE-2019-18312 — A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to enumerate running RPC services. Please note that an attacker needs to have network access... read CVE-2019-18312
    Published: December 12, 2019; 02:15:17 PM -05:00

    V3.1: 5.3 MEDIUM
        V2: 5.0 MEDIUM

  • CVE-2019-5092 — An exploitable heap out of bounds write vulnerability exists in the UI tag parsing functionality of the DICOM image format of LEADTOOLS 20.0.2019.3.15. A specially crafted DICOM image can cause an offset beyond the bounds of a heap allocation to be w... read CVE-2019-5092
    Published: December 11, 2019; 07:15:11 PM -05:00

    V3.1: 8.8 HIGH
        V2: 6.8 MEDIUM

  • CVE-2019-14890 — A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database at '/api/v2/config' when applying the Ansible Towe... read CVE-2019-14890
    Published: November 26, 2019; 02:15:11 AM -05:00

    V3.1: 8.4 HIGH
        V2: 2.1 LOW

  • CVE-2019-10618 — Driver may access an invalid address while processing IO control due to lack of check of address validation in Snapdragon Connectivity in QCA6390
    Published: December 12, 2019; 04:15:12 AM -05:00

    V3.1: 5.5 MEDIUM
        V2: 2.1 LOW

  • CVE-2019-19463 — The Anhui Huami Mi Fit application before 4.0.11 for Android has an Unencrypted Update Check.
    Published: November 29, 2019; 09:15:10 PM -05:00

    V3.1: 5.3 MEDIUM
        V2: 5.0 MEDIUM

  • CVE-2019-5093 — An exploitable code execution vulnerability exists in the DICOM network response functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. A specially crafted packet can cause an integer overflow, resulting in heap corruption. An attacker can se... read CVE-2019-5093
    Published: December 11, 2019; 07:15:11 PM -05:00

    V3.1: 9.8 CRITICAL
        V2: 7.5 HIGH

  • CVE-2019-5154 — An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20.0.2019.3.15. A specially crafted J2K image file can cause an out of bounds write of a null byte in a heap buffer, potentially resulting in code ex... read CVE-2019-5154
    Published: December 11, 2019; 07:15:11 PM -05:00

    V3.1: 8.8 HIGH
        V2: 6.8 MEDIUM

  • CVE-2015-1853 — chrony before 1.31.1 does not properly protect state variables in authenticated symmetric NTP associations, which allows remote attackers with knowledge of NTP peering to cause a denial of service (inability to synchronize) via random timestamps in c... read CVE-2015-1853
    Published: December 09, 2019; 02:15:14 PM -05:00

    V3.1: 6.5 MEDIUM
        V2: 4.0 MEDIUM

  • CVE-2016-4980 — A password generation weakness exists in xquest through 2016-06-13.
    Published: November 27, 2019; 11:15:11 AM -05:00

    V3.1: 2.5 LOW
        V2: 1.9 LOW

  • CVE-2019-19707 — On Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices (with firmware through 6.0), denial of service can occur via PROFINET DCE-RPC endpoint discovery packets.
    Published: December 10, 2019; 09:15:14 PM -05:00

    V3.1: 7.5 HIGH
        V2: 7.8 HIGH

  • CVE-2019-18333 — A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could gain access to filenames on the server by sending specifically crafted packets to 8090/tcp. Please no... read CVE-2019-18333
    Published: December 12, 2019; 02:15:19 PM -05:00

    V3.1: 5.3 MEDIUM
        V2: 5.0 MEDIUM