The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2019-1622 - A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. The vulnerability is due to improper acces... read CVE-2019-1622
    Published: June 26, 2019; 11:15:09 PM -0400

    V3.1: 5.3 MEDIUM
    V2.0: 5.0 MEDIUM

  • CVE-2019-1621 - A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to gain access to sensitive files on an affected device. The vulnerability is due to incorrect permis... read CVE-2019-1621
    Published: June 26, 2019; 11:15:09 PM -0400

    V3.1: 7.5 HIGH
    V2.0: 5.0 MEDIUM

  • CVE-2019-15289 - Multiple vulnerabilities in the video service of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulne... read CVE-2019-15289
    Published: September 22, 2020; 9:15:12 PM -0400

    V3.1: 7.5 HIGH
    V2.0: 7.8 HIGH

  • CVE-2019-1620 - A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect permission set... read CVE-2019-1620
    Published: June 26, 2019; 11:15:09 PM -0400

    V3.1: 9.8 CRITICAL
    V2.0: 10.0 HIGH

  • CVE-2020-3559 - A vulnerability in Cisco Aironet Access Point (AP) Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper handling of clients that are trying to connect to the AP. An at... read CVE-2020-3559
    Published: September 24, 2020; 2:15:21 PM -0400

    V3.1: 8.6 HIGH
    V2.0: 7.8 HIGH

  • CVE-2020-5930 - In BIG-IP 15.0.0-15.1.0.4, 14.1.0-14.1.2.7, 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2 and BIG-IQ 5.2.0-7.1.0, unauthenticated attackers can cause disruption of service via undisclosed methods.
    Published: September 25, 2020; 10:15:14 AM -0400

    V3.1: 7.5 HIGH
    V2.0: 5.0 MEDIUM

  • CVE-2019-6582 - A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a), Siveillance VMS 2018 R1 (All versions < V12.1a), Siveillance VMS 2018 R2 (All versions < V12.2a), Siveillance VMS 2018 R3 (All versions < V12.3a), Siveillance ... read CVE-2019-6582
    Published: June 12, 2019; 10:29:06 AM -0400

    V3.1: 7.1 HIGH
    V2.0: 5.5 MEDIUM

  • CVE-2019-6567 - A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All Versions < V5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-300 switch family (incl. X408 and SIPLU... read CVE-2019-6567
    Published: June 12, 2019; 10:29:04 AM -0400

    V3.1: 5.5 MEDIUM
    V2.0: 2.1 LOW

  • CVE-2020-22481 - An issue was discovered in HFish 0.5.1. When a payload is inserted where the password is entered, XSS code is triggered when the administrator views the information.
    Published: September 30, 2020; 2:15:24 PM -0400

    V3.1: 6.1 MEDIUM
    V2.0: 4.3 MEDIUM

  • CVE-2020-24562 - A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first ... read CVE-2020-24562
    Published: September 28, 2020; 8:15:12 PM -0400

    V3.1: 7.8 HIGH
    V2.0: 7.2 HIGH

  • CVE-2020-26121 - An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can import a file even when the target page is protected against "page creation" and the attacker should not be able to create it. This occurs because o... read CVE-2020-26121
    Published: September 27, 2020; 5:15:13 PM -0400

    V3.1: 7.5 HIGH
    V2.0: 5.0 MEDIUM

  • CVE-2020-25828 - An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. The non-jqueryMsg version of mw.message().parse() doesn't escape HTML. This affects both message contents (which are generally safe) and the parameters (w... read CVE-2020-25828
    Published: September 27, 2020; 5:15:12 PM -0400

    V3.1: 6.1 MEDIUM
    V2.0: 4.3 MEDIUM

  • CVE-2020-25827 - An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site... read CVE-2020-25827
    Published: September 27, 2020; 5:15:12 PM -0400

    V3.1: 7.5 HIGH
    V2.0: 5.0 MEDIUM

  • CVE-2020-25815 - An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The relevant code should use escaped() instead of text().
    Published: September 27, 2020; 5:15:12 PM -0400

    V3.1: 6.1 MEDIUM
    V2.0: 4.3 MEDIUM

  • CVE-2018-6448 - A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 could allow a remote attacker to perform a denial of service attack on the vulnerable host.
    Published: September 25, 2020; 10:15:13 AM -0400

    V3.1: 7.5 HIGH
    V2.0: 5.0 MEDIUM

  • CVE-2019-11930 - An invalid free in mb_detect_order can cause the application to crash or potentially result in remote code execution. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, a... read CVE-2019-11930
    Published: December 04, 2019; 12:16:43 PM -0500

    V3.1: 9.8 CRITICAL
    V2.0: 7.5 HIGH

  • CVE-2018-6449 - Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0 could allow a remote attacker to exploit this vulnerability by injecting arbitrary HTTP headers
    Published: September 25, 2020; 10:15:13 AM -0400

    V3.1: 6.1 MEDIUM
    V2.0: 4.3 MEDIUM

  • CVE-2019-6532 - Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user triggering incompatible type errors because the resource does not have expected properties. This may lead to remote code exec... read CVE-2019-6532
    Published: June 07, 2019; 10:29:00 AM -0400

    V3.1: 7.8 HIGH
    V2.0: 6.8 MEDIUM

  • CVE-2020-3417 - A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to execute persistent code at boot time and break the chain of trust. This vulnerability is due to incorrect validations by boot scripts when specific ROM monito... read CVE-2020-3417
    Published: September 24, 2020; 2:15:18 PM -0400

    V3.1: 6.7 MEDIUM
    V2.0: 7.2 HIGH

  • CVE-2019-6740 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467). User interaction is required to exploit this vulnerability... read CVE-2019-6740
    Published: June 03, 2019; 3:29:02 PM -0400

    V3.1: 8.8 HIGH
    V2.0: 6.8 MEDIUM