National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

JSON 1.1 Vulnerability Feed Released!
JSON 1.1 Vulnerability Feed Released!
CVSS 3.1 Official Support!
CVSS Version 3.1 Official Support!
XML Vulnerability Feeds Retirement
XML Vulnerability Feeds Retirement


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2019-11211 — The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an authenticated user to trigger remote code e... read CVE-2019-11211
    Published: September 18, 2019; 07:15:10 PM -04:00

    V3.1: 9.9 CRITICAL
         V2: 9.0 HIGH

  • CVE-2019-11778 — If an MQTT v5 client connects to Eclipse Mosquitto versions 1.6.0 to 1.6.4 inclusive, sets a last will and testament, sets a will delay interval, sets a session expiry interval, and the will delay interval is set longer than the session expiry interv... read CVE-2019-11778
    Published: September 18, 2019; 07:15:10 PM -04:00

    V3.1: 5.4 MEDIUM
         V2: 5.5 MEDIUM

  • CVE-2019-3738 — RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same pre... read CVE-2019-3738
    Published: September 18, 2019; 07:15:11 PM -04:00

    V3.1: 6.5 MEDIUM
         V2: 4.3 MEDIUM

  • CVE-2019-3739 — RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA key... read CVE-2019-3739
    Published: September 18, 2019; 07:15:11 PM -04:00

    V3.1: 6.5 MEDIUM
         V2: 4.3 MEDIUM

  • CVE-2019-13565 — An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simpl... read CVE-2019-13565
    Published: July 26, 2019; 09:15:12 AM -04:00

    V3.1: 7.5 HIGH
         V2: 5.0 MEDIUM

  • CVE-2019-16398 — On Keeper K5 20.1.0.25 and 20.1.0.63 devices, remote code execution can occur by inserting an SD card containing a file named zskj_script_run.sh that executes a reverse shell.
    Published: September 19, 2019; 11:15:15 AM -04:00

    V3.1: 6.8 MEDIUM
         V2: 7.2 HIGH

  • CVE-2019-15001 — The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8, from 8.1.0 before 8.1.3, from 8.2.0 before 8.2.5, from 8.3.0 before 8.3.4 and from 8.4.0 before 8.4.1 allows remote at... read CVE-2019-15001
    Published: September 19, 2019; 11:15:15 AM -04:00

    V3.1: 7.2 HIGH
         V2: 9.0 HIGH

  • CVE-2019-15000 — The commit diff rest endpoint in Bitbucket Server and Data Center before 5.16.10 (the fixed version for 5.16.x ), from 6.0.0 before 6.0.10 (the fixed version for 6.0.x), from 6.1.0 before 6.1.8 (the fixed version for 6.1.x), from 6.2.0 before 6.2.6 (... read CVE-2019-15000
    Published: September 19, 2019; 11:15:15 AM -04:00

    V3.1: 9.8 CRITICAL
         V2: 6.8 MEDIUM

  • CVE-2019-14994 — The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before version 3.9.16, from version 3.10.0 before version 3.16.8, from version 4.0.0 before version 4.1.3, from version 4.2.0 before version 4.2.5, fr... read CVE-2019-14994
    Published: September 19, 2019; 11:15:15 AM -04:00

    V3.1: 7.5 HIGH
         V2: 4.3 MEDIUM

  • CVE-2019-15032 — Pydio 6.0.8 mishandles error reporting when a directory allows unauthenticated uploads, and the remote-upload option is used with the http://localhost:22 URL. The attacker can obtain sensitive information such as the name of the user who created that... read CVE-2019-15032
    Published: September 19, 2019; 01:15:12 PM -04:00

    V3.1: 5.3 MEDIUM
         V2: 5.0 MEDIUM

  • CVE-2019-6010 — Integer overflow vulnerability in LINE(Android) from 4.4.0 to the version before 9.15.1 allows remote attackers to cause a denial of service (DoS) condition or execute arbitrary code via a specially crafted image.
    Published: September 19, 2019; 10:15:10 AM -04:00

    V3.1: 7.8 HIGH
         V2: 6.8 MEDIUM

  • CVE-2019-16413 — An issue was discovered in the Linux kernel before 5.0.4. The 9p filesystem did not protect i_size_write() properly, which causes an i_size_read() infinite loop and denial of service on SMP systems.
    Published: September 18, 2019; 08:15:10 PM -04:00

    V3.1: 7.5 HIGH
         V2: 5.0 MEDIUM

  • CVE-2019-15943 — vphysics.dll in Counter-Strike: Global Offensive before 1.37.1.1 allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a mem... read CVE-2019-15943
    Published: September 19, 2019; 08:15:10 AM -04:00

    V3.1: 8.8 HIGH
         V2: 6.8 MEDIUM

  • CVE-2019-14458 — VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of service via a crafted HTTP header.
    Published: September 18, 2019; 02:15:10 PM -04:00

    V3.1: 7.5 HIGH
         V2: 7.8 HIGH

  • CVE-2019-6831 — A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause disconnection of active connections when an unusually high number of IEC 60870... read CVE-2019-6831
    Published: September 17, 2019; 04:15:12 PM -04:00

    V3.1: 8.6 HIGH
         V2: 5.0 MEDIUM

  • CVE-2019-11662 — Class and method names in error message in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited in some special cases to allow informati... read CVE-2019-11662
    Published: September 18, 2019; 06:15:10 PM -04:00

    V3.1: 4.3 MEDIUM
         V2: 4.0 MEDIUM

  • CVE-2019-11663 — Clear text credentials are used to access managers app in Tomcat in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensiti... read CVE-2019-11663
    Published: September 18, 2019; 06:15:11 PM -04:00

    V3.1: 6.5 MEDIUM
         V2: 4.0 MEDIUM

  • CVE-2019-11664 — Clear text password in browser in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure.
    Published: September 18, 2019; 06:15:11 PM -04:00

    V3.1: 6.5 MEDIUM
         V2: 4.0 MEDIUM

  • CVE-2019-6830 — A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all versions prior to V2.80, which could cause a possible denial of service when sending an appropriately timed HTTP request to the controller.
    Published: September 17, 2019; 04:15:12 PM -04:00

    V3.1: 5.9 MEDIUM
         V2: 7.1 HIGH

  • CVE-2016-2510 — BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.
    Published: April 07, 2016; 04:59:05 PM -04:00

    V3.1: 8.1 HIGH
         V2: 6.8 MEDIUM