National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2019-19996 — An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. A malformed login request allows remote attackers to cause a denial of service (reboot), as demonstrated by JSON misparsing of the \""} string to v1/system/login.
    Published: December 26, 2019; 01:15:10 PM -05:00

    V3.1: 7.5 HIGH
        V2: 7.8 HIGH

  • CVE-2019-20182 — The FooGallery plugin 1.8.12 for WordPress allow XSS via the post_title parameter.
    Published: January 09, 2020; 05:15:13 PM -05:00

    V3.1: 4.8 MEDIUM
        V2: 3.5 LOW

  • CVE-2019-20181 — The awesome-support plugin 5.8.0 for WordPress allows XSS via the post_title parameter.
    Published: January 09, 2020; 05:15:13 PM -05:00

    V3.1: 4.8 MEDIUM
        V2: 3.5 LOW

  • CVE-2020-0008 — In LowEnergyClient::MtuChangedCallback of low_energy_client.cc, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not ne... read CVE-2020-0008
    Published: January 08, 2020; 02:15:13 PM -05:00

    V3.1: 4.7 MEDIUM
        V2: 1.9 LOW

  • CVE-2020-0001 — In getProcessRecordLocked of ActivityManagerService.java isolated apps are not handled correctly. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Produc... read CVE-2020-0001
    Published: January 08, 2020; 02:15:12 PM -05:00

    V3.1: 7.8 HIGH
        V2: 7.2 HIGH

  • CVE-2020-0007 — In flattenString8 of Sensor.cpp, there is a possible information disclosure of heap memory due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for e... read CVE-2020-0007
    Published: January 08, 2020; 02:15:13 PM -05:00

    V3.1: 5.5 MEDIUM
        V2: 2.1 LOW

  • CVE-2020-0004 — In generateCrop of WallpaperManagerService.java, there is a possible sysui crash due to image exceeding maximum texture size. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed fo... read CVE-2020-0004
    Published: January 08, 2020; 02:15:13 PM -05:00

    V3.1: 5.5 MEDIUM
        V2: 2.1 LOW

  • CVE-2014-10398 — Multiple cross-site scripting (XSS) vulnerabilities in bsi.dll in Bank Soft Systems (BSS) RBS BS-Client. Private Client (aka RBS BS-Client. Retail Client) 2.5, 2.4, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1)... read CVE-2014-10398
    Published: January 03, 2020; 03:15:11 PM -05:00

    V3.1: 6.1 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2014-5140 — The bindReplace function in the query factory in includes/classes/database.php in Loaded Commerce 7 does not properly handle : (colon) characters, which allows remote authenticated users to conduct SQL injection attacks via the First name and Last na... read CVE-2014-5140
    Published: January 03, 2020; 03:15:11 PM -05:00

    V3.1: 8.8 HIGH
        V2: 6.5 MEDIUM

  • CVE-2014-4196 — Cross-site scripting (XSS) vulnerability in bsi.dll in Bank Soft Systems (BSS) RBS BS-Client 3.17.9 allows remote attackers to inject arbitrary web script or HTML via the colorstyle parameter.
    Published: January 03, 2020; 03:15:11 PM -05:00

    V3.1: 6.1 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2019-5990 — Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allow remote attackers to obtain a login password via HTTP referer.
    Published: January 06, 2020; 01:15:11 AM -05:00

    V3.1: 7.5 HIGH
        V2: 5.0 MEDIUM

  • CVE-2019-5988 — Stored cross-site scripting vulnerability in Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allows remote attackers to inject arbitrary web script or HTML via the Management Page.
    Published: January 06, 2020; 01:15:11 AM -05:00

    V3.1: 6.1 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2019-5987 — Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allows remote authenticated attackers to execute arbitrary OS commands via the Management Page.
    Published: January 06, 2020; 01:15:11 AM -05:00

    V3.1: 8.8 HIGH
        V2: 9.0 HIGH

  • CVE-2016-11017 — The application login page in AKIPS Network Monitor 15.37 through 16.5 allows a remote unauthenticated attacker to execute arbitrary OS commands via shell metacharacters in the username parameter (a failed login attempt returns the command-injection... read CVE-2016-11017
    Published: January 06, 2020; 12:15:11 PM -05:00

    V3.1: 9.8 CRITICAL
        V2: 10.0 HIGH

  • CVE-2019-16154 — An improper neutralization of input during web page generation in FortiAuthenticator WEB UI 6.0.0 may allow an unauthenticated user to perform a cross-site scripting attack (XSS) via a parameter of the logon page.
    Published: January 07, 2020; 02:15:10 PM -05:00

    V3.1: 6.1 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2013-4975 — Hikvision DS-2CD7153-E IP Camera has Privilege Escalation
    Published: December 27, 2019; 12:15:15 PM -05:00

    V3.1: 8.8 HIGH
        V2: 9.0 HIGH

  • CVE-2019-18179 — An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents,... read CVE-2019-18179
    Published: January 06, 2020; 03:15:12 PM -05:00

    V3.1: 4.3 MEDIUM
        V2: 4.0 MEDIUM

  • CVE-2012-2226 — Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive information or execute arbitrary code by uploading a malicious file.
    Published: January 09, 2020; 04:15:11 PM -05:00

    V3.1: 9.8 CRITICAL
        V2: 7.5 HIGH

  • CVE-2020-6630 — An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function gf_isom_get_media_data_size() in isomedia/isom_read.c.
    Published: January 08, 2020; 09:15:13 PM -05:00

    V3.1: 5.5 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2020-6631 — An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function gf_m2ts_stream_process_pmt() in media_tools/m2ts_mux.c.
    Published: January 08, 2020; 09:15:13 PM -05:00

    V3.1: 5.5 MEDIUM
        V2: 4.3 MEDIUM